Vendor in latest containers/buildah

This will take a significant size away from the podman-remote executables. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-06-17 15:08:08 +08:00 · 2020-05-23 06:48:18 -04:00
parent e323d3e92d
commit 935a716418
61 changed files with 172 additions and 11304 deletions
--- a/go.mod
+++ b/go.mod
@ -10,7 +10,7 @@ require (
 	github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd // indirect
 	github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921
 	github.com/containernetworking/plugins v0.8.6
-	github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9
+	github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224
 	github.com/containers/common v0.11.4
 	github.com/containers/conmon v2.0.16+incompatible
 	github.com/containers/image/v5 v5.4.4
--- a/go.sum
+++ b/go.sum
@ -8,7 +8,6 @@ github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX
 github.com/Azure/go-autorest v11.1.2+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
 github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
 github.com/Microsoft/go-winio v0.4.15-0.20200113171025-3fe6c5262873 h1:93nQ7k53GjoMQ07HVP8g6Zj1fQZDDj7Xy2VkNNtvX8o=
@ -20,9 +19,7 @@ github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg3
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
 github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
@ -69,9 +66,9 @@ github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921 h1:eUMd8
 github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
 github.com/containernetworking/plugins v0.8.6 h1:npZTLiMa4CRn6m5P9+1Dz4O1j0UeFbm8VYN6dlsw568=
 github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM=
-github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9 h1:EGegltin15wEzCI/5jeHcxBKfwwIHYkBUvsYC3XP060=
-github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9/go.mod h1:+2aNsVcd4pVzmVAbOfWN5X+0Lpz2rtICSGXbTSCzdBU=
-github.com/containers/common v0.10.0/go.mod h1:6A/moCuQITXLqBe5A0WKKTcCfCmEQRbknI05HcPzOL0=
+github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224 h1:EqwBZRqyUYvU7JOmmSSPviSaAoUP1wN0cefXXDZ9ATo=
+github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224/go.mod h1:5ZkWjOuK90yl55L5R+purJNLfUo0VUr8pstJazNtYck=
+github.com/containers/common v0.11.2/go.mod h1:2w3QE6VUmhltGYW4wV00h4okq1Crs7hNI1ZD2I0QRUY=
 github.com/containers/common v0.11.4 h1:M7lmjaVY+29g+YiaWH/UP4YeHjT/pZMxvRgmsWsQn74=
 github.com/containers/common v0.11.4/go.mod h1:AOxw4U5TJJrR/J1QPRvWbjHNdwU13wMy79rjK+7+aJE=
 github.com/containers/conmon v2.0.16+incompatible h1:QFOlb9Id4WoJ24BelCFWwDSPTquwKMp3L3g2iGmRTq4=
@ -86,8 +83,8 @@ github.com/containers/ocicrypt v1.0.2/go.mod h1:nsOhbP19flrX6rE7ieGFvBlr7modwmNj
 github.com/containers/psgo v1.5.0 h1:uofUREsrm0Ls5K4tkEIFPqWSHKyg3Bvoqo/Q2eDmj8g=
 github.com/containers/psgo v1.5.0/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzPUWfawVU=
 github.com/containers/storage v1.18.2/go.mod h1:WTBMf+a9ZZ/LbmEVeLHH2TX4CikWbO1Bt+/m58ZHVPg=
-github.com/containers/storage v1.19.0/go.mod h1:9Xc4rrTubn5hmtBfL+PSJH1XlfTQwR4VAG1NDUIpCts=
 github.com/containers/storage v1.19.1/go.mod h1:KbXjSwKnx17ejOsjFcCXSf78mCgZkQSLPBNTMRc3XrQ=
+github.com/containers/storage v1.19.2/go.mod h1:gYCp3jzgXkvubO0rI14QAjz5Mxm/qKJgLmHFyqayDnw=
 github.com/containers/storage v1.20.1 h1:2XE4eRIqSa6YjhAZjNwIkIKE6+Miy+5WV8l1KzY2ZKk=
 github.com/containers/storage v1.20.1/go.mod h1:RoKzO8KSDogCT6c06rEbanZTcKYxshorB33JikEGc3A=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
@ -111,7 +108,6 @@ github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1S
 github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s=
 github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8=
 github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I=
-github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -142,7 +138,6 @@ github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkg
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/etcd-io/bbolt v1.3.3/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHjkjCrw=
@ -163,16 +158,9 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
-github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
-github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
-github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
 github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
-github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
 github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
-github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
 github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e h1:BWhy2j3IXJhjCbC68FptL43tDKIq8FladmaTs3Xs7Z8=
@ -183,7 +171,6 @@ github.com/gofrs/flock v0.7.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14j
 github.com/gogo/protobuf v0.0.0-20171007142547-342cbe0a0415/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
@ -209,7 +196,6 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
 github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
@ -254,7 +240,6 @@ github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07/go.mod h1:co9pwD
 github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA=
 github.com/jamescun/tuntap v0.0.0-20190712092105-cb1fb277045c/go.mod h1:zzwpsgcYhzzIP5WyF8g9ivCv38cY9uAV9Gu0m3lThhE=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
@ -266,7 +251,6 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.10.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.10.5 h1:7q6vHIqubShURwQz8cQK6yIe/xC3IF0Vm7TGfqjewrc=
 github.com/klauspost/compress v1.10.5/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/pgzip v1.2.3 h1:Ce2to9wvs/cuJ2b86/CKQoTYr9VHfpanYosZ0UBJqdw=
@ -280,14 +264,10 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxv
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o=
 github.com/mattn/go-shellwords v1.0.10 h1:Y7Xqm8piKOO3v10Thp7Z36h4FYFjt5xB//6XvOrs2Gw=
 github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
@ -302,7 +282,6 @@ github.com/moby/vpnkit v0.3.1-0.20200304131818-6bc1679a048d/go.mod h1:KyjUrL9cb6
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
@ -336,7 +315,7 @@ github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuB
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
+github.com/onsi/gomega v1.10.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
 github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
@ -364,8 +343,6 @@ github.com/opencontainers/selinux v1.3.0/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOl
 github.com/opencontainers/selinux v1.4.0/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
 github.com/opencontainers/selinux v1.5.1 h1:jskKwSMFYqyTrHEuJgQoUlTcId0av64S6EWObrIfn5Y=
 github.com/opencontainers/selinux v1.5.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
-github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316 h1:enQG2QUGwug4fR1yM6hL0Fjzx6Km/exZY6RbSPwMu3o=
-github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316/go.mod h1:dv+J0b/HWai0QnMVb37/H0v36klkLBi2TNpPeWDxX10=
 github.com/openshift/imagebuilder v1.1.4 h1:LUg8aTjyXMtlDx6IbtvaqofFGZ6aYqe+VIeATE735LM=
 github.com/openshift/imagebuilder v1.1.4/go.mod h1:9aJRczxCH0mvT6XQ+5STAQaPWz7OsWcU5/mRkt8IWeo=
 github.com/opentracing/opentracing-go v1.1.0 h1:pWlfV3Bxv7k65HYwkikxat0+s3pV4bsqf19k25Ur8rU=
@ -380,7 +357,6 @@ github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pquerna/ffjson v0.0.0-20181028064349-e517b90714f7/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M=
@ -408,15 +384,12 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8=
 github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rootless-containers/rootlesskit v0.9.4 h1:6ogX7l3r3nlS7eTB8ePbLSQ6TZR1aVQzRjTy2SIBOzk=
 github.com/rootless-containers/rootlesskit v0.9.4/go.mod h1:fx5DhInDgnR0Upj+2cOVacKuZJYSNKV5P/bCwGa+quQ=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8 h1:2c1EFnZHIPCW8qKWgHMH/fX2PkSabFc5mrVzfUNdg5U=
 github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
-github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f h1:OtU/w6sBKmXYaw2KEODxjcYi3oPSyyslhgGFgIJVGAI=
-github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f/go.mod h1:f/98/SnvAzhAEFQJ3u836FePXvcbE8BS0YGMQNn4mhA=
 github.com/seccomp/containers-golang v0.4.1 h1:6hsmsP8Y9T6PWKJELqAkRWkc6Te60+zK64avkjInd44=
 github.com/seccomp/containers-golang v0.4.1/go.mod h1:5fP9lgyYyklJ8fg8Geq193G1QLe0ikf34z+hZKIjmnE=
 github.com/seccomp/libseccomp-golang v0.9.1 h1:NJjM5DNFOs0s3kYE1WUOr6G8V97sdt46rlXTMfXGWBo=
@ -428,7 +401,6 @@ github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjM
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.5.0/go.mod h1:+F7Ogzej0PZc/94MaYx/nvG9jOFMD2osvC3s+Squfpo=
 github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
@ -448,8 +420,6 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
-github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@ -509,7 +479,6 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181025213731-e84da0312774/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@ -517,13 +486,9 @@ golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 h1:Q7tZBpemrlsc2I7IyODzhtallWRSm4Q0d09pL6XbQtU=
 golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -539,9 +504,7 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
@ -573,7 +536,6 @@ golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190921190940-14da1ac737cc/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -603,19 +565,12 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm
 golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0=
-gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
-gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c=
@ -670,35 +625,23 @@ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 k8s.io/api v0.0.0-20190620084959-7cf5895f2711/go.mod h1:TBhBqb1AWbBQbW3XRusr7n7E4v2+5ZY8r8sAMnyFC5A=
-k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI=
 k8s.io/api v0.18.3 h1:2AJaUQdgUZLoDZHrun21PW2Nx9+ll6cUzvn3IKhSIn0=
 k8s.io/api v0.18.3/go.mod h1:UOaMwERbqJMfeeeHc8XJKawj4P9TgDRnViIqqBeH2QA=
 k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719/go.mod h1:I4A+glKBHiTgiEjQiCCQfCAIcIMFGt291SmsvcrFzJA=
-k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
 k8s.io/apimachinery v0.18.3 h1:pOGcbVAhxADgUYnjS08EFXs9QMl8qaH5U4fr5LGUrSk=
 k8s.io/apimachinery v0.18.3/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko=
 k8s.io/client-go v0.0.0-20190620085101-78d2af792bab h1:E8Fecph0qbNsAbijJJQryKu4Oi9QTp5cVpjTE+nqg6g=
 k8s.io/client-go v0.0.0-20190620085101-78d2af792bab/go.mod h1:E95RaSlHr79aHaX0aGSwcPNfygDiPKOVXdmivCIZT0k=
-k8s.io/code-generator v0.17.0/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s=
 k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/kube-openapi v0.0.0-20190228160746-b3a7cee44a30/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc=
-k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
 k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E=
 k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
 k8s.io/utils v0.0.0-20190221042446-c2654d5206da h1:ElyM7RPonbKnQqOcw7dG2IK5uvQQn3b/WPHqD5mBvP4=
 k8s.io/utils v0.0.0-20190221042446-c2654d5206da/go.mod h1:8k8uAuAQ0rXslZKaEWd0c3oVhZz7sSzSiPnVZayjIX0=
-modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
-modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
-modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
-modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs=
-modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
-sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e h1:4Z09Hglb792X0kfOBBJUPFEyvVfQWrYT/l8h5EKA6JQ=
-sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0 h1:dOmIZBMfhcHS09XZkMyUgkq5trg3/jRyJYFZUiaOp8E=
 sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw=
--- a/vendor/github.com/containers/buildah/.cirrus.yml
+++ b/vendor/github.com/containers/buildah/.cirrus.yml
@ -27,11 +27,13 @@ env:
    ####
    # GCE project where images live
    IMAGE_PROJECT: "libpod-218412"
-    # TODO: Setting up from base-images is very inefficient, use libpod's cache-images instead?
-    FEDORA_CACHE_IMAGE_NAME: "fedora-cloud-base-30-1-2-1565360543"
-    PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-cloud-base-29-1-2-1565360543"
-    UBUNTU_CACHE_IMAGE_NAME: "ubuntu-1904-disco-v20190724"
-    PRIOR_UBUNTU_CACHE_IMAGE_NAME: "ubuntu-1804-bionic-v20190722a"
+    # See https://github.com/containers/libpod/blob/master/contrib/cirrus/README.md#test_build_cache_images_task-task
+    _BUILT_IMAGE_SUFFIX: "libpod-6224667180531712"
+    FEDORA_CACHE_IMAGE_NAME: "fedora-32-${_BUILT_IMAGE_SUFFIX}"
+    PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-31-${_BUILT_IMAGE_SUFFIX}"
+    UBUNTU_CACHE_IMAGE_NAME: "ubuntu-19-${_BUILT_IMAGE_SUFFIX}"
+    PRIOR_UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-${_BUILT_IMAGE_SUFFIX}"
+

    ####
    #### Command variables to help avoid duplication
@ -153,9 +155,6 @@ gce_instance:
        - 'cirrus-ci/only_prs/gate'
        - 'cirrus-ci/only_prs/vendor'

-    container:
-        image: registry.fedoraproject.org/fedora:30
-
    env:
        matrix:
            CROSS_TARGET: darwin
@ -179,10 +178,8 @@ gce_instance:
    gce_instance:  # Only need to specify differences from defaults (above)
        matrix:  # Duplicate this task for each matrix product.
            image_name: "${FEDORA_CACHE_IMAGE_NAME}"
-            # TODO: Re-enable once prior image is F30 and above is F31
-            # image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
-            # TODO: Re-enable when package repositories functional
-            #image_name: "${UBUNTU_CACHE_IMAGE_NAME}"
+            image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
+            image_name: "${UBUNTU_CACHE_IMAGE_NAME}"
            image_name: "${PRIOR_UBUNTU_CACHE_IMAGE_NAME}"

    # Separate scripts for separate outputs, makes debugging easier.
@ -248,7 +245,7 @@ gce_instance:
        CIRRUS_CLONE_DEPTH: 1  # no code is being used by this task

    container:
-        image: "registry.fedoraproject.org/fedora-minimal:latest"
+        image: "quay.io/libpod/fedora-minimal:latest"
        cpu: 1
        memory: 1

--- a/vendor/github.com/containers/buildah/.golangci.yml
+++ b/vendor/github.com/containers/buildah/.golangci.yml
@ -4,8 +4,8 @@ run:
    - apparmor
    - seccomp
    - selinux
-  concurrency: 6
-  deadline: 5m
+  # Don't exceed number of threads available when running under CI
+  concurrency: 4
 linters:
  disable-all: true
  enable:
@ -17,7 +17,8 @@ linters:
    - gofmt
    - goimports
    - golint
-    - gosimple
+    # Broken? Unpredictably dies w/o any error well before deadline/timeout expires
+    # - gosimple
    - govet
    - ineffassign
    - interfacer
--- a/vendor/github.com/containers/buildah/SECURITY.md
+++ b/vendor/github.com/containers/buildah/SECURITY.md
@ -0,0 +1,3 @@
+## Security and Disclosure Information Policy for the Buildah Project
+
+The Buildah Project follows the [Security and Disclosure Information Policy](https://github.com/containers/common/blob/master/SECURITY.md) for the Containers Projects.
--- a/vendor/github.com/containers/buildah/buildah.go
+++ b/vendor/github.com/containers/buildah/buildah.go
@ -13,6 +13,7 @@ import (

 	"github.com/containers/buildah/docker"
 	"github.com/containers/image/v5/types"
+	encconfig "github.com/containers/ocicrypt/config"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/ioutils"
 	v1 "github.com/opencontainers/image-spec/specs-go/v1"
@ -413,6 +414,9 @@ type BuilderOptions struct {
 	MaxPullRetries int
 	// PullRetryDelay is how long to wait before retrying a pull attempt.
 	PullRetryDelay time.Duration
+	// OciDecryptConfig contains the config that can be used to decrypt an image if it is
+	// encrypted if non-nil. If nil, it does not attempt to decrypt an image.
+	OciDecryptConfig *encconfig.DecryptConfig
 }

 // ImportOptions are used to initialize a Builder from an existing container
--- a/vendor/github.com/containers/buildah/commit.go
+++ b/vendor/github.com/containers/buildah/commit.go
@ -19,11 +19,11 @@ import (
 	is "github.com/containers/image/v5/storage"
 	"github.com/containers/image/v5/transports"
 	"github.com/containers/image/v5/types"
+	encconfig "github.com/containers/ocicrypt/config"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/archive"
 	"github.com/containers/storage/pkg/stringid"
 	digest "github.com/opencontainers/go-digest"
-	configv1 "github.com/openshift/api/config/v1"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@ -88,6 +88,15 @@ type CommitOptions struct {
 	// RetryDelay is how long to wait before retrying a commit attempt to a
 	// registry.
 	RetryDelay time.Duration
+	// OciEncryptConfig when non-nil indicates that an image should be encrypted.
+	// The encryption options is derived from the construction of EncryptConfig object.
+	OciEncryptConfig *encconfig.EncryptConfig
+	// OciEncryptLayers represents the list of layers to encrypt.
+	// If nil, don't encrypt any layers.
+	// If non-nil and len==0, denotes encrypt all layers.
+	// integers in the slice represent 0-indexed layer indices, with support for negative
+	// indexing. i.e. 0 is the first layer, -1 is the last (top-most) layer.
+	OciEncryptLayers *[]int
 }

 // PushOptions can be used to alter how an image is copied somewhere.
@ -132,6 +141,15 @@ type PushOptions struct {
 	MaxRetries int
 	// RetryDelay is how long to wait before retrying a push attempt.
 	RetryDelay time.Duration
+	// OciEncryptConfig when non-nil indicates that an image should be encrypted.
+	// The encryption options is derived from the construction of EncryptConfig object.
+	OciEncryptConfig *encconfig.EncryptConfig
+	// OciEncryptLayers represents the list of layers to encrypt.
+	// If nil, don't encrypt any layers.
+	// If non-nil and len==0, denotes encrypt all layers.
+	// integers in the slice represent 0-indexed layer indices, with support for negative
+	// indexing. i.e. 0 is the first layer, -1 is the last (top-most) layer.
+	OciEncryptLayers *[]int
 }

 var (
@ -162,7 +180,12 @@ func checkRegistrySourcesAllows(forWhat string, dest types.ImageReference) error
 	}

 	if registrySources, ok := os.LookupEnv("BUILD_REGISTRY_SOURCES"); ok && len(registrySources) > 0 {
-		var sources configv1.RegistrySources
+		// Use local struct instead of github.com/openshift/api/config/v1 RegistrySources
+		var sources struct {
+			InsecureRegistries []string `json:"insecureRegistries,omitempty"`
+			BlockedRegistries  []string `json:"blockedRegistries,omitempty"`
+			AllowedRegistries  []string `json:"allowedRegistries,omitempty"`
+		}
 		if err := json.Unmarshal([]byte(registrySources), &sources); err != nil {
 			return errors.Wrapf(err, "error parsing $BUILD_REGISTRY_SOURCES (%q) as JSON", registrySources)
 		}
@ -270,7 +293,9 @@ func (b *Builder) Commit(ctx context.Context, dest types.ImageReference, options
 	// Check if the base image is already in the destination and it's some kind of local
 	// storage.  If so, we can skip recompressing any layers that come from the base image.
 	exportBaseLayers := true
-	if transport, destIsStorage := dest.Transport().(is.StoreTransport); destIsStorage && b.FromImageID != "" {
+	if transport, destIsStorage := dest.Transport().(is.StoreTransport); destIsStorage && options.OciEncryptConfig != nil {
+		return imgID, nil, "", errors.New("unable to use local storage with image encryption")
+	} else if destIsStorage && b.FromImageID != "" {
 		if baseref, err := transport.ParseReference(b.FromImageID); baseref != nil && err == nil {
 			if img, err := transport.GetImage(baseref); img != nil && err == nil {
 				logrus.Debugf("base image %q is already present in local storage, no need to copy its layers", b.FromImageID)
@ -319,7 +344,7 @@ func (b *Builder) Commit(ctx context.Context, dest types.ImageReference, options
 	}

 	var manifestBytes []byte
-	if manifestBytes, err = retryCopyImage(ctx, policyContext, maybeCachedDest, maybeCachedSrc, dest, "push", getCopyOptions(b.store, options.ReportWriter, nil, systemContext, "", false, options.SignBy), options.MaxRetries, options.RetryDelay); err != nil {
+	if manifestBytes, err = retryCopyImage(ctx, policyContext, maybeCachedDest, maybeCachedSrc, dest, "push", getCopyOptions(b.store, options.ReportWriter, nil, systemContext, "", false, options.SignBy, options.OciEncryptLayers, options.OciEncryptConfig, nil), options.MaxRetries, options.RetryDelay); err != nil {
 		return imgID, nil, "", errors.Wrapf(err, "error copying layers and metadata for container %q", b.ContainerID)
 	}
 	// If we've got more names to attach, and we know how to do that for
@ -451,7 +476,7 @@ func Push(ctx context.Context, image string, dest types.ImageReference, options
 		systemContext.DirForceCompress = true
 	}
 	var manifestBytes []byte
-	if manifestBytes, err = retryCopyImage(ctx, policyContext, dest, maybeCachedSrc, dest, "push", getCopyOptions(options.Store, options.ReportWriter, nil, systemContext, options.ManifestType, options.RemoveSignatures, options.SignBy), options.MaxRetries, options.RetryDelay); err != nil {
+	if manifestBytes, err = retryCopyImage(ctx, policyContext, dest, maybeCachedSrc, dest, "push", getCopyOptions(options.Store, options.ReportWriter, nil, systemContext, options.ManifestType, options.RemoveSignatures, options.SignBy, options.OciEncryptLayers, options.OciEncryptConfig, nil), options.MaxRetries, options.RetryDelay); err != nil {
 		return nil, "", errors.Wrapf(err, "error copying layers and metadata from %q to %q", transports.ImageName(maybeCachedSrc), transports.ImageName(dest))
 	}
 	if options.ReportWriter != nil {
--- a/vendor/github.com/containers/buildah/common.go
+++ b/vendor/github.com/containers/buildah/common.go
@ -14,6 +14,7 @@ import (
 	"github.com/containers/image/v5/docker"
 	"github.com/containers/image/v5/signature"
 	"github.com/containers/image/v5/types"
+	encconfig "github.com/containers/ocicrypt/config"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/unshare"
 	"github.com/docker/distribution/registry/api/errcode"
@ -30,7 +31,7 @@ const (
 	DOCKER = "docker"
 )

-func getCopyOptions(store storage.Store, reportWriter io.Writer, sourceSystemContext *types.SystemContext, destinationSystemContext *types.SystemContext, manifestType string, removeSignatures bool, addSigner string) *cp.Options {
+func getCopyOptions(store storage.Store, reportWriter io.Writer, sourceSystemContext *types.SystemContext, destinationSystemContext *types.SystemContext, manifestType string, removeSignatures bool, addSigner string, ociEncryptLayers *[]int, ociEncryptConfig *encconfig.EncryptConfig, ociDecryptConfig *encconfig.DecryptConfig) *cp.Options {
 	sourceCtx := getSystemContext(store, nil, "")
 	if sourceSystemContext != nil {
 		*sourceCtx = *sourceSystemContext
@ -47,6 +48,9 @@ func getCopyOptions(store storage.Store, reportWriter io.Writer, sourceSystemCon
 		ForceManifestMIMEType: manifestType,
 		RemoveSignatures:      removeSignatures,
 		SignBy:                addSigner,
+		OciEncryptConfig:      ociEncryptConfig,
+		OciDecryptConfig:      ociDecryptConfig,
+		OciEncryptLayers:      ociEncryptLayers,
 	}
 }

--- a/vendor/github.com/containers/buildah/go.mod
+++ b/vendor/github.com/containers/buildah/go.mod
@ -4,9 +4,10 @@ go 1.12

 require (
 	github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784
-	github.com/containers/common v0.10.0
-	github.com/containers/image/v5 v5.4.3
-	github.com/containers/storage v1.19.0
+	github.com/containers/common v0.11.2
+	github.com/containers/image/v5 v5.4.4
+	github.com/containers/ocicrypt v1.0.2
+	github.com/containers/storage v1.19.2
 	github.com/cyphar/filepath-securejoin v0.2.2
 	github.com/docker/distribution v2.7.1+incompatible
 	github.com/docker/go-units v0.4.0
@ -17,27 +18,26 @@ require (
 	github.com/hashicorp/go-multierror v1.0.0
 	github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07 // indirect
 	github.com/mattn/go-shellwords v1.0.10
-	github.com/onsi/ginkgo v1.12.0
-	github.com/onsi/gomega v1.9.0
-	github.com/opencontainers/go-digest v1.0.0-rc1
+	github.com/onsi/ginkgo v1.12.1
+	github.com/onsi/gomega v1.10.0
+	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6
 	github.com/opencontainers/runc v1.0.0-rc9
-	github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7
+	github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2
 	github.com/opencontainers/runtime-tools v0.9.0
 	github.com/opencontainers/selinux v1.5.1
-	github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316
 	github.com/openshift/imagebuilder v1.1.4
 	github.com/pkg/errors v0.9.1
-	github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f
+	github.com/seccomp/containers-golang v0.4.1
 	github.com/seccomp/libseccomp-golang v0.9.1
-	github.com/sirupsen/logrus v1.5.0
+	github.com/sirupsen/logrus v1.6.0
 	github.com/spf13/cobra v0.0.7
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.5.1
 	github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2
 	github.com/vishvananda/netlink v1.1.0 // indirect
-	golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59
-	golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775
+	golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5
+	golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f
 )

 replace github.com/sirupsen/logrus => github.com/sirupsen/logrus v1.4.2
--- a/vendor/github.com/containers/buildah/go.sum
+++ b/vendor/github.com/containers/buildah/go.sum
@ -6,18 +6,14 @@ github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7O
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
 github.com/Microsoft/go-winio v0.4.15-0.20200113171025-3fe6c5262873 h1:93nQ7k53GjoMQ07HVP8g6Zj1fQZDDj7Xy2VkNNtvX8o=
 github.com/Microsoft/go-winio v0.4.15-0.20200113171025-3fe6c5262873/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
 github.com/Microsoft/hcsshim v0.8.7 h1:ptnOoufxGSzauVTsdE+wMYnCWA301PdoN4xg5oRdZpg=
 github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
-github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
+github.com/Microsoft/hcsshim v0.8.9 h1:VrfodqvztU8YSOvygU+DN1BGaSGxmrNfqOv5oOuX2Bk=
+github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
 github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
@ -31,6 +27,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/blang/semver v3.1.0+incompatible h1:7hqmJYuaEK3qwVjWubYiht3j93YI0WQBuysxHIfUriU=
 github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
+github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
+github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
@ -41,6 +39,8 @@ github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtM
 github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/containerd v1.3.0 h1:xjvXQWABwS2uiv3TWgQt5Uth60Gu86LTGZXMJkjc7rY=
 github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
+github.com/containerd/containerd v1.3.2 h1:ForxmXkA6tPIvffbrDAcPUIB32QgXkt2XFj+F0UxetA=
+github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
 github.com/containerd/continuity v0.0.0-20200228182428-0f16d7a0959c h1:8ahmSVELW1wghbjerVAyuEYD5+Dio66RYvSS0iGfL1M=
 github.com/containerd/continuity v0.0.0-20200228182428-0f16d7a0959c/go.mod h1:Dq467ZllaHgAtVp4p1xUQWBrFXR9s/wyoTpG8zOJGkY=
@ -50,17 +50,20 @@ github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDG
 github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
 github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784 h1:rqUVLD8I859xRgUx/WMC3v7QAFqbLKZbs+0kqYboRJc=
 github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY=
-github.com/containers/common v0.10.0 h1:Km1foMJJBIxceA1/UCZcIuwf8sCF71sP5DwE6Oh1BEA=
-github.com/containers/common v0.10.0/go.mod h1:6A/moCuQITXLqBe5A0WKKTcCfCmEQRbknI05HcPzOL0=
-github.com/containers/image/v5 v5.4.3 h1:zn2HR7uu4hpvT5QQHgjqonOzKDuM1I1UHUEmzZT5sbs=
+github.com/containers/common v0.11.2 h1:e4477fCE3qSA+Z2vT+uUMUTn8s8CyIM++qNm3PCSl68=
+github.com/containers/common v0.11.2/go.mod h1:2w3QE6VUmhltGYW4wV00h4okq1Crs7hNI1ZD2I0QRUY=
 github.com/containers/image/v5 v5.4.3/go.mod h1:pN0tvp3YbDd7BWavK2aE0mvJUqVd2HmhPjekyWSFm0U=
+github.com/containers/image/v5 v5.4.4 h1:JSanNn3v/BMd3o0MEvO4R4OKNuoJUSzVGQAI1+0FMXE=
+github.com/containers/image/v5 v5.4.4/go.mod h1:g7cxNXitiLi6pEr9/L9n/0wfazRuhDKXU15kV86N8h8=
 github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE=
 github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
 github.com/containers/ocicrypt v1.0.2 h1:Q0/IPs8ohfbXNxEfyJ2pFVmvJu5BhqJUAmc6ES9NKbo=
 github.com/containers/ocicrypt v1.0.2/go.mod h1:nsOhbP19flrX6rE7ieGFvBlr7modwmNjsqWarIUce4M=
 github.com/containers/storage v1.18.2/go.mod h1:WTBMf+a9ZZ/LbmEVeLHH2TX4CikWbO1Bt+/m58ZHVPg=
-github.com/containers/storage v1.19.0 h1:bVIF5EglbT5PQnqcN7sE6VWqoQzlToqzjXdz+eNubQg=
-github.com/containers/storage v1.19.0/go.mod h1:9Xc4rrTubn5hmtBfL+PSJH1XlfTQwR4VAG1NDUIpCts=
+github.com/containers/storage v1.19.1 h1:YKIzOO12iaD5Ra0PKFS6emcygbHLmwmQOCQRU/19YAQ=
+github.com/containers/storage v1.19.1/go.mod h1:KbXjSwKnx17ejOsjFcCXSf78mCgZkQSLPBNTMRc3XrQ=
+github.com/containers/storage v1.19.2 h1:vhcUwEjDZiPJxaLPFsjvyavnEjFw6qQi9HAkVz1amfI=
+github.com/containers/storage v1.19.2/go.mod h1:gYCp3jzgXkvubO0rI14QAjz5Mxm/qKJgLmHFyqayDnw=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@ -69,7 +72,6 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cyphar/filepath-securejoin v0.2.2 h1:jCwT2GTP+PY5nBz3c/YL5PAIbusElVrPujOBSCj8xRg=
 github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4=
-github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -92,53 +94,32 @@ github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316 h1:moehP
 github.com/docker/libnetwork v0.8.0-dev.2.0.20190625141545-5a177b73e316/go.mod h1:93m0aTqz6z+g32wla4l4WxTrdtvBRmVzYRkYvasA5Z8=
 github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4=
 github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
-github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
 github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
-github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/etcd-io/bbolt v1.3.3 h1:gSJmxrs37LgTqR/oyJBWok6k6SvXEUerFTbltIhXkBM=
 github.com/etcd-io/bbolt v1.3.3/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHjkjCrw=
-github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsouza/go-dockerclient v1.6.5 h1:vuFDnPcds3LvTWGYb9h0Rty14FLgkjHZdwLDROCdgsw=
 github.com/fsouza/go-dockerclient v1.6.5/go.mod h1:GOdftxWLWIbIWKbIMDroKFJzPdg6Iw7r+jX1DDZdVsA=
 github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa h1:RDBNVkRviHZtvDvId8XSGPu3rmpmSe+wKRcEWNgsfWU=
 github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=
-github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
-github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
-github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
-github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
-github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
-github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
-github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
-github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
-github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
@ -148,11 +129,8 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
 github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
 github.com/gorilla/mux v1.7.4 h1:VuZ8uybHlWmqV03+zRzdwKL4tUnIp1MAQtp1mIFE1bc=
 github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
@ -177,20 +155,18 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt
 github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07 h1:rw3IAne6CDuVFlZbPOkA7bhxlqawFh7RJJ+CejfMaxE=
 github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07/go.mod h1:co9pwDoBCm1kGxawmb4sPq0cSIOOWNPT4KnHotMP1Zg=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok=
-github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.10.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/klauspost/compress v1.10.4 h1:jFzIFaf586tquEB5EhzQG0HwGNSlgAJpG53G6Ss11wc=
-github.com/klauspost/compress v1.10.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
+github.com/klauspost/compress v1.10.5 h1:7q6vHIqubShURwQz8cQK6yIe/xC3IF0Vm7TGfqjewrc=
+github.com/klauspost/compress v1.10.5/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/pgzip v1.2.3 h1:Ce2to9wvs/cuJ2b86/CKQoTYr9VHfpanYosZ0UBJqdw=
 github.com/klauspost/pgzip v1.2.3/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@ -198,14 +174,9 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
 github.com/mattn/go-shellwords v1.0.10 h1:Y7Xqm8piKOO3v10Thp7Z36h4FYFjt5xB//6XvOrs2Gw=
 github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
@ -217,7 +188,6 @@ github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
@ -225,23 +195,25 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/mtrmac/gpgme v0.1.2 h1:dNOmvYmsrakgW7LcgiprD0yfRuQQe8/C8F6Z+zogO3s=
 github.com/mtrmac/gpgme v0.1.2/go.mod h1:GYYHnGSuS7HK3zVS2n3y73y0okK/BeKzwnn5jgiVFNI=
-github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
+github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
+github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.0 h1:Iw5WCbBcaAAd0fpRb1c9r5YCylv4XDoCSigm1zLevwU=
 github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
-github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
+github.com/onsi/ginkgo v1.12.1 h1:mFwc4LvZ0xpSvDZ3E+k8Yte0hLOMxXUlP+yXtJqkYfQ=
+github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
-github.com/onsi/gomega v1.9.0 h1:R1uwffexN6Pr340GtYRIdZmAiN4J+iw6WG4wog1DUXg=
-github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
+github.com/onsi/gomega v1.10.0 h1:Gwkk+PTu/nfOwNMtUB/mRUv0X7ewW5dO4AERT1ThVKo=
+github.com/onsi/gomega v1.10.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
 github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
 github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
+github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
 github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6 h1:yN8BPXVwMBAm3Cuvh1L5XE8XpvYRMdsVLd82ILprhUU=
 github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
@ -252,14 +224,15 @@ github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rm
 github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7 h1:Dliu5QO+4JYWu/yMshaMU7G3JN2POGpwjJN7gjy10Go=
 github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2 h1:9mv9SC7GWmRWE0J/+oD8w3GsN2KYGKtg6uwLN7hfP5E=
+github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
 github.com/opencontainers/runtime-tools v0.9.0 h1:FYgwVsKRI/H9hU32MJ/4MLOzXWodKK5zsQavY8NPMkU=
 github.com/opencontainers/runtime-tools v0.9.0/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
+github.com/opencontainers/selinux v1.3.0/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs=
 github.com/opencontainers/selinux v1.4.0/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
 github.com/opencontainers/selinux v1.5.1 h1:jskKwSMFYqyTrHEuJgQoUlTcId0av64S6EWObrIfn5Y=
 github.com/opencontainers/selinux v1.5.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
-github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316 h1:enQG2QUGwug4fR1yM6hL0Fjzx6Km/exZY6RbSPwMu3o=
-github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316/go.mod h1:dv+J0b/HWai0QnMVb37/H0v36klkLBi2TNpPeWDxX10=
 github.com/openshift/imagebuilder v1.1.4 h1:LUg8aTjyXMtlDx6IbtvaqofFGZ6aYqe+VIeATE735LM=
 github.com/openshift/imagebuilder v1.1.4/go.mod h1:9aJRczxCH0mvT6XQ+5STAQaPWz7OsWcU5/mRkt8IWeo=
 github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913 h1:TnbXhKzrTOyuvWrjI8W6pcoI9XPbLHFXCdN2dtUw7Rw=
@ -270,7 +243,6 @@ github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pquerna/ffjson v0.0.0-20181028064349-e517b90714f7/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M=
@ -290,6 +262,7 @@ github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.6.0 h1:kRhiuYSXR3+uv2IbVbZhUxK5zVD/2pp3Gd2PpvPkpEo=
 github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
+github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
@ -297,13 +270,14 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8=
 github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f h1:OtU/w6sBKmXYaw2KEODxjcYi3oPSyyslhgGFgIJVGAI=
-github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f/go.mod h1:f/98/SnvAzhAEFQJ3u836FePXvcbE8BS0YGMQNn4mhA=
+github.com/seccomp/containers-golang v0.4.1 h1:6hsmsP8Y9T6PWKJELqAkRWkc6Te60+zK64avkjInd44=
+github.com/seccomp/containers-golang v0.4.1/go.mod h1:5fP9lgyYyklJ8fg8Geq193G1QLe0ikf34z+hZKIjmnE=
 github.com/seccomp/libseccomp-golang v0.9.1 h1:NJjM5DNFOs0s3kYE1WUOr6G8V97sdt46rlXTMfXGWBo=
 github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
+github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
@ -315,7 +289,6 @@ github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKv
 github.com/spf13/cobra v0.0.7 h1:FfTH+vuMXOas8jmfb5/M7dzEYx7LpcLb7a0LPe34uOU=
 github.com/spf13/cobra v0.0.7/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@ -323,8 +296,6 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
 github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
-github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@ -342,8 +313,9 @@ github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oW
 github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/vbatts/tar-split v0.11.1 h1:0Odu65rhcZ3JZaPHxl7tCI3V/C/Q9Zf82UFravl02dE=
 github.com/vbatts/tar-split v0.11.1/go.mod h1:LEuURwDEiWjRjwu46yU3KVGuUdVv/dcnpcEPSzR8z6g=
-github.com/vbauerster/mpb/v5 v5.0.3 h1:Ldt/azOkbThTk2loi6FrBd/3fhxGFQ24MxFAS88PoNY=
 github.com/vbauerster/mpb/v5 v5.0.3/go.mod h1:h3YxU5CSr8rZP4Q3xZPVB3jJLhWPou63lHEdr9ytH4Y=
+github.com/vbauerster/mpb/v5 v5.0.4 h1:w7l/tJfHmtIOKZkU+bhbDZOUxj1kln9jy4DUOp3Tl14=
+github.com/vbauerster/mpb/v5 v5.0.4/go.mod h1:fvzasBUyuo35UyuA6sSOlVhpLoNQsp2nBdHw7OiSUU8=
 github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0=
 github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE=
 github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df h1:OviZH7qLw/7ZovXvuNyL3XQl8UFofeikI1NW1Gypu7k=
@ -368,21 +340,16 @@ go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200311171314-f7b00557c8c4/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 h1:3zb4D3T4G8jdExgVU/95+vQXfpEPiMdCaZgmGVxjNHM=
 golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 h1:Q7tZBpemrlsc2I7IyODzhtallWRSm4Q0d09pL6XbQtU=
+golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -394,9 +361,7 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
@ -408,31 +373,29 @@ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a h1:WXEvlFVvvGxCJLG6REjsT03iWnKLEWinaScsxF2Vm2o=
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190921190940-14da1ac737cc/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191127021746-63cb32ae39b2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775 h1:TC0v2RSO1u2kn1ZugjrFXkRZAEaqMN/RW+OTZkBzmLE=
 golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f h1:gWF768j/LaZugp8dyS4UwsslYCYz9XgFxvlgsn0n9H8=
+golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
@ -441,32 +404,26 @@ golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqG
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0=
-gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
-gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
 google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk=
 google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
@ -479,8 +436,6 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
-gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
-gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.3.1 h1:SK5KegNXmKmqE342YYN2qPHEnUYeoMiXXl1poUlI+o4=
 gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
@ -496,23 +451,4 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.17.0 h1:H9d/lw+VkZKEVIUc8F3wgiQ+FUXTTr21M87jXLU7yqM=
-k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI=
-k8s.io/apimachinery v0.17.0 h1:xRBnuie9rXcPxUkDizUsGvPf1cnlZCFu210op7J7LJo=
-k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg=
-k8s.io/code-generator v0.17.0/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s=
-k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
-k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
-k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
-k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
-k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
 k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
-modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
-modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
-modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
-modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs=
-modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
-sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
-sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
--- a/vendor/github.com/containers/buildah/image.go
+++ b/vendor/github.com/containers/buildah/image.go
@ -586,16 +586,10 @@ func (i *containerImageSource) Reference() types.ImageReference {
 }

 func (i *containerImageSource) GetSignatures(ctx context.Context, instanceDigest *digest.Digest) ([][]byte, error) {
-	if instanceDigest != nil {
-		return nil, errors.Errorf("containerImageSource does not support manifest lists")
-	}
 	return nil, nil
 }

 func (i *containerImageSource) GetManifest(ctx context.Context, instanceDigest *digest.Digest) ([]byte, string, error) {
-	if instanceDigest != nil {
-		return nil, "", errors.Errorf("containerImageSource does not support manifest lists")
-	}
 	return i.manifest, i.manifestType, nil
 }

--- a/vendor/github.com/containers/buildah/imagebuildah/build.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/build.go
@ -3,6 +3,7 @@ package imagebuildah
 import (
 	"bytes"
 	"context"
+	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
@ -16,10 +17,12 @@ import (
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/types"
+	encconfig "github.com/containers/ocicrypt/config"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/archive"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/openshift/imagebuilder"
+	"github.com/openshift/imagebuilder/dockerfile/parser"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@ -171,6 +174,9 @@ type BuildOptions struct {
 	MaxPullPushRetries int
 	// PullPushRetryDelay is how long to wait before retrying a pull or push attempt.
 	PullPushRetryDelay time.Duration
+	// OciDecryptConfig contains the config that can be used to decrypt an image if it is
+	// encrypted if non-nil. If nil, it does not attempt to decrypt an image.
+	OciDecryptConfig *encconfig.DecryptConfig
 }

 // BuildDockerfiles parses a set of one or more Dockerfiles (which may be
@ -249,6 +255,9 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options BuildOpt
 	if err != nil {
 		return "", nil, errors.Wrapf(err, "error parsing main Dockerfile")
 	}
+
+	warnOnUnsetBuildArgs(mainNode, options.Args)
+
 	for _, d := range dockerfiles[1:] {
 		additionalNode, err := imagebuilder.ParseDockerfile(d)
 		if err != nil {
@ -280,6 +289,20 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options BuildOpt
 	return exec.Build(ctx, stages)
 }

+func warnOnUnsetBuildArgs(node *parser.Node, args map[string]string) {
+	for _, child := range node.Children {
+		switch strings.ToUpper(child.Value) {
+		case "ARG":
+			argName := child.Next.Value
+			if _, ok := args[argName]; !strings.Contains(argName, "=") && !ok {
+				logrus.Warnf("missing %q build argument. Try adding %q to the command line", argName, fmt.Sprintf("--build-arg %s=<VALUE>", argName))
+			}
+		default:
+			continue
+		}
+	}
+}
+
 // preprocessDockerfileContents runs CPP(1) in preprocess-only mode on the input
 // dockerfile content and will use ctxDir as the base include path.
 //
--- a/vendor/github.com/containers/buildah/imagebuildah/executor.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/executor.go
@ -20,6 +20,7 @@ import (
 	"github.com/containers/image/v5/transports"
 	"github.com/containers/image/v5/transports/alltransports"
 	"github.com/containers/image/v5/types"
+	encconfig "github.com/containers/ocicrypt/config"
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/archive"
 	v1 "github.com/opencontainers/image-spec/specs-go/v1"
@ -100,6 +101,7 @@ type Executor struct {
 	os                             string
 	maxPullPushRetries             int
 	retryPullPushDelay             time.Duration
+	ociDecryptConfig               *encconfig.DecryptConfig
 }

 // NewExecutor creates a new instance of the imagebuilder.Executor interface.
@ -188,6 +190,7 @@ func NewExecutor(store storage.Store, options BuildOptions, mainNode *parser.Nod
 		os:                             options.OS,
 		maxPullPushRetries:             options.MaxPullPushRetries,
 		retryPullPushDelay:             options.PullPushRetryDelay,
+		ociDecryptConfig:               options.OciDecryptConfig,
 	}
 	if exec.err == nil {
 		exec.err = os.Stderr
@ -233,7 +236,7 @@ func NewExecutor(store storage.Store, options BuildOptions, mainNode *parser.Nod

 // startStage creates a new stage executor that will be referenced whenever a
 // COPY or ADD statement uses a --from=NAME flag.
-func (b *Executor) startStage(stage *imagebuilder.Stage, stages int, from, output string) *StageExecutor {
+func (b *Executor) startStage(stage *imagebuilder.Stage, stages int, output string) *StageExecutor {
 	if b.stages == nil {
 		b.stages = make(map[string]*StageExecutor)
 	}
@ -248,7 +251,6 @@ func (b *Executor) startStage(stage *imagebuilder.Stage, stages int, from, outpu
 		stage:           stage,
 	}
 	b.stages[stage.Name] = stageExec
-	b.stages[from] = stageExec
 	if idx := strconv.Itoa(stage.Position); idx != stage.Name {
 		b.stages[idx] = stageExec
 	}
@ -421,7 +423,7 @@ func (b *Executor) Build(ctx context.Context, stages imagebuilder.Stages) (image
 			output = b.output
 		}

-		stageExecutor := b.startStage(&stage, len(stages), base, output)
+		stageExecutor := b.startStage(&stage, len(stages), output)

 		// If this a single-layer build, or if it's a multi-layered
 		// build and b.forceRmIntermediateCtrs is set, make sure we
--- a/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/stage_executor.go
@ -295,7 +295,7 @@ func (s *StageExecutor) digestSpecifiedContent(node *parser.Node, argValues []st
 			// container.  Update the ID mappings and
 			// all-content-comes-from-below-this-directory value.
 			from := strings.TrimPrefix(flag, "--from=")
-			if other, ok := s.executor.stages[from]; ok {
+			if other, ok := s.executor.stages[from]; ok && other.index < s.index {
 				contextDir = other.mountPoint
 				idMappingOptions = &other.builder.IDMappingOptions
 			} else if builder, ok := s.executor.containerMap[from]; ok {
@ -633,6 +633,7 @@ func (s *StageExecutor) prepare(ctx context.Context, from string, initializeIBCo
 		Devices:               s.executor.devices,
 		MaxPullRetries:        s.executor.maxPullPushRetries,
 		PullRetryDelay:        s.executor.retryPullPushDelay,
+		OciDecryptConfig:      s.executor.ociDecryptConfig,
 	}

 	// Check and see if the image is a pseudonym for the end result of a
@ -868,13 +869,10 @@ func (s *StageExecutor) Execute(ctx context.Context, base string) (imgID string,
 				if len(arr) != 2 {
 					return "", nil, errors.Errorf("%s: invalid --from flag, should be --from=<name|stage>", command)
 				}
-				otherStage, ok := s.executor.stages[arr[1]]
-				if !ok {
-					if mountPoint, err = s.getImageRootfs(ctx, arr[1]); err != nil {
-						return "", nil, errors.Errorf("%s --from=%s: no stage or image found with that name", command, arr[1])
-					}
-				} else {
+				if otherStage, ok := s.executor.stages[arr[1]]; ok && otherStage.index < s.index {
 					mountPoint = otherStage.mountPoint
+				} else if mountPoint, err = s.getImageRootfs(ctx, arr[1]); err != nil {
+					return "", nil, errors.Errorf("%s --from=%s: no stage or image found with that name", command, arr[1])
 				}
 				s.copyFrom = mountPoint
 				break
--- a/vendor/github.com/containers/buildah/new.go
+++ b/vendor/github.com/containers/buildah/new.go
@ -30,12 +30,13 @@ const (

 func pullAndFindImage(ctx context.Context, store storage.Store, srcRef types.ImageReference, options BuilderOptions, sc *types.SystemContext) (*storage.Image, types.ImageReference, error) {
 	pullOptions := PullOptions{
-		ReportWriter:  options.ReportWriter,
-		Store:         store,
-		SystemContext: options.SystemContext,
-		BlobDirectory: options.BlobDirectory,
-		MaxRetries:    options.MaxPullRetries,
-		RetryDelay:    options.PullRetryDelay,
+		ReportWriter:     options.ReportWriter,
+		Store:            store,
+		SystemContext:    options.SystemContext,
+		BlobDirectory:    options.BlobDirectory,
+		MaxRetries:       options.MaxPullRetries,
+		RetryDelay:       options.PullRetryDelay,
+		OciDecryptConfig: options.OciDecryptConfig,
 	}
 	ref, err := pullImage(ctx, store, srcRef, pullOptions, sc)
 	if err != nil {
--- a/vendor/github.com/containers/buildah/pkg/cli/common.go
+++ b/vendor/github.com/containers/buildah/pkg/cli/common.go
@ -57,6 +57,7 @@ type BudResults struct {
 	Creds               string
 	DisableCompression  bool
 	DisableContentTrust bool
+	DecryptionKeys      []string
 	File                []string
 	Format              string
 	Iidfile             string
--- a/vendor/github.com/containers/buildah/pull.go
+++ b/vendor/github.com/containers/buildah/pull.go
@ -19,6 +19,7 @@ import (
 	is "github.com/containers/image/v5/storage"
 	"github.com/containers/image/v5/transports"
 	"github.com/containers/image/v5/types"
+	encconfig "github.com/containers/ocicrypt/config"
 	"github.com/containers/storage"
 	multierror "github.com/hashicorp/go-multierror"
 	"github.com/pkg/errors"
@ -56,6 +57,9 @@ type PullOptions struct {
 	MaxRetries int
 	// RetryDelay is how long to wait before retrying a pull attempt.
 	RetryDelay time.Duration
+	// OciDecryptConfig contains the config that can be used to decrypt an image if it is
+	// encrypted if non-nil. If nil, it does not attempt to decrypt an image.
+	OciDecryptConfig *encconfig.DecryptConfig
 }

 func localImageNameForReference(ctx context.Context, store storage.Store, srcRef types.ImageReference) (string, error) {
@ -164,6 +168,7 @@ func Pull(ctx context.Context, imageName string, options PullOptions) (imageID s
 		ReportWriter:        options.ReportWriter,
 		MaxPullRetries:      options.MaxRetries,
 		PullRetryDelay:      options.RetryDelay,
+		OciDecryptConfig:    options.OciDecryptConfig,
 	}

 	storageRef, transport, img, err := resolveImage(ctx, systemContext, options.Store, boptions)
@ -275,7 +280,7 @@ func pullImage(ctx context.Context, store storage.Store, srcRef types.ImageRefer
 	}()

 	logrus.Debugf("copying %q to %q", transports.ImageName(srcRef), destName)
-	if _, err := retryCopyImage(ctx, policyContext, maybeCachedDestRef, srcRef, srcRef, "pull", getCopyOptions(store, options.ReportWriter, sc, nil, "", options.RemoveSignatures, ""), options.MaxRetries, options.RetryDelay); err != nil {
+	if _, err := retryCopyImage(ctx, policyContext, maybeCachedDestRef, srcRef, srcRef, "pull", getCopyOptions(store, options.ReportWriter, sc, nil, "", options.RemoveSignatures, "", nil, nil, options.OciDecryptConfig), options.MaxRetries, options.RetryDelay); err != nil {
 		logrus.Debugf("error copying src image [%q] to dest image [%q] err: %v", transports.ImageName(srcRef), destName, err)
 		return nil, err
 	}
--- a/vendor/github.com/containers/buildah/util/util.go
+++ b/vendor/github.com/containers/buildah/util/util.go
@ -74,7 +74,7 @@ func ResolveName(name string, firstRegistry string, sc *types.SystemContext, sto
 		return []string{strings.TrimPrefix(name, DefaultTransport)}, DefaultTransport, false, nil
 	}
 	split := strings.SplitN(name, ":", 2)
-	if len(split) == 2 {
+	if StartsWithValidTransport(name) && len(split) == 2 {
 		if trans := transports.Get(split[0]); trans != nil {
 			return []string{split[1]}, trans.Name(), false, nil
 		}
@ -148,6 +148,12 @@ func ResolveName(name string, firstRegistry string, sc *types.SystemContext, sto
 	return candidates, DefaultTransport, searchRegistriesAreEmpty, nil
 }

+// StartsWithValidTransport validates the name starts with Buildah supported transport
+// to avoid the corner case image name same as the transport name
+func StartsWithValidTransport(name string) bool {
+	return strings.HasPrefix(name, "dir:") || strings.HasPrefix(name, "docker://") || strings.HasPrefix(name, "docker-archive:") || strings.HasPrefix(name, "docker-daemon:") || strings.HasPrefix(name, "oci:") || strings.HasPrefix(name, "oci-archive:")
+}
+
 // ExpandNames takes unqualified names, parses them as image names, and returns
 // the fully expanded result, including a tag.  Names which don't include a registry
 // name will be marked for the most-preferred registry (i.e., the first one in our
--- a/vendor/github.com/openshift/api/LICENSE
+++ b/vendor/github.com/openshift/api/LICENSE
@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "{}"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright {yyyy} {name of copyright owner}
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
--- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml
@ -1,164 +0,0 @@
-kind: CustomResourceDefinition
-apiVersion: apiextensions.k8s.io/v1beta1
-metadata:
-  name: clusteroperators.config.openshift.io
-spec:
-  additionalPrinterColumns:
-  - JSONPath: .status.versions[?(@.name=="operator")].version
-    description: The version the operator is at.
-    name: Version
-    type: string
-  - JSONPath: .status.conditions[?(@.type=="Available")].status
-    description: Whether the operator is running and stable.
-    name: Available
-    type: string
-  - JSONPath: .status.conditions[?(@.type=="Progressing")].status
-    description: Whether the operator is processing changes.
-    name: Progressing
-    type: string
-  - JSONPath: .status.conditions[?(@.type=="Degraded")].status
-    description: Whether the operator is degraded.
-    name: Degraded
-    type: string
-  - JSONPath: .status.conditions[?(@.type=="Available")].lastTransitionTime
-    description: The time the operator's Available status last changed.
-    name: Since
-    type: date
-  group: config.openshift.io
-  names:
-    kind: ClusterOperator
-    listKind: ClusterOperatorList
-    plural: clusteroperators
-    singular: clusteroperator
-    shortNames:
-    - co
-  preserveUnknownFields: false
-  scope: Cluster
-  subresources:
-    status: {}
-  version: v1
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  validation:
-    openAPIV3Schema:
-      description: ClusterOperator is the Custom Resource object which holds the current
-        state of an operator. This object is used by operators to convey their state
-        to the rest of the cluster.
-      type: object
-      required:
-      - spec
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: spec holds configuration that could apply to any operator.
-          type: object
-        status:
-          description: status holds the information about the state of an operator.  It
-            is consistent with status information across the Kubernetes ecosystem.
-          type: object
-          properties:
-            conditions:
-              description: conditions describes the state of the operator's managed
-                and monitored components.
-              type: array
-              items:
-                description: ClusterOperatorStatusCondition represents the state of
-                  the operator's managed and monitored components.
-                type: object
-                required:
-                - lastTransitionTime
-                - status
-                - type
-                properties:
-                  lastTransitionTime:
-                    description: lastTransitionTime is the time of the last update
-                      to the current status property.
-                    type: string
-                    format: date-time
-                  message:
-                    description: message provides additional information about the
-                      current condition. This is only to be consumed by humans.
-                    type: string
-                  reason:
-                    description: reason is the CamelCase reason for the condition's
-                      current status.
-                    type: string
-                  status:
-                    description: status of the condition, one of True, False, Unknown.
-                    type: string
-                  type:
-                    description: type specifies the aspect reported by this condition.
-                    type: string
-            extension:
-              description: extension contains any additional status information specific
-                to the operator which owns this status object.
-              type: object
-              nullable: true
-              x-kubernetes-preserve-unknown-fields: true
-            relatedObjects:
-              description: 'relatedObjects is a list of objects that are "interesting"
-                or related to this operator.  Common uses are: 1. the detailed resource
-                driving the operator 2. operator namespaces 3. operand namespaces'
-              type: array
-              items:
-                description: ObjectReference contains enough information to let you
-                  inspect or modify the referred object.
-                type: object
-                required:
-                - group
-                - name
-                - resource
-                properties:
-                  group:
-                    description: group of the referent.
-                    type: string
-                  name:
-                    description: name of the referent.
-                    type: string
-                  namespace:
-                    description: namespace of the referent.
-                    type: string
-                  resource:
-                    description: resource of the referent.
-                    type: string
-            versions:
-              description: versions is a slice of operator and operand version tuples.  Operators
-                which manage multiple operands will have multiple operand entries
-                in the array.  Available operators must report the version of the
-                operator itself with the name "operator". An operator reports a new
-                "operator" version when it has rolled out the new version to all of
-                its operands.
-              type: array
-              items:
-                type: object
-                required:
-                - name
-                - version
-                properties:
-                  name:
-                    description: name is the name of the particular operand this version
-                      is for.  It usually matches container images, not operators.
-                    type: string
-                  version:
-                    description: version indicates which version of a particular operand
-                      is currently being managed.  It must always match the Available
-                      operand.  If 1.0.0 is Available, then this must indicate 1.0.0
-                      even if the operator is trying to rollout 1.1.0
-                    type: string
-  versions:
-  - name: v1
-    served: true
-    storage: true
--- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml
@ -1,328 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: clusterversions.config.openshift.io
-spec:
-  group: config.openshift.io
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  scope: Cluster
-  subresources:
-    status: {}
-  names:
-    plural: clusterversions
-    singular: clusterversion
-    kind: ClusterVersion
-  preserveUnknownFields: false
-  additionalPrinterColumns:
-  - name: Version
-    type: string
-    JSONPath: .status.history[?(@.state=="Completed")].version
-  - name: Available
-    type: string
-    JSONPath: .status.conditions[?(@.type=="Available")].status
-  - name: Progressing
-    type: string
-    JSONPath: .status.conditions[?(@.type=="Progressing")].status
-  - name: Since
-    type: date
-    JSONPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime
-  - name: Status
-    type: string
-    JSONPath: .status.conditions[?(@.type=="Progressing")].message
-  validation:
-    openAPIV3Schema:
-      description: ClusterVersion is the configuration for the ClusterVersionOperator.
-        This is where parameters related to automatic updates can be set.
-      type: object
-      required:
-      - spec
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: spec is the desired state of the cluster version - the operator
-            will work to ensure that the desired version is applied to the cluster.
-          type: object
-          required:
-          - clusterID
-          properties:
-            channel:
-              description: channel is an identifier for explicitly requesting that
-                a non-default set of updates be applied to this cluster. The default
-                channel will be contain stable updates that are appropriate for production
-                clusters.
-              type: string
-            clusterID:
-              description: clusterID uniquely identifies this cluster. This is expected
-                to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
-                in hexadecimal values). This is a required field.
-              type: string
-            desiredUpdate:
-              description: "desiredUpdate is an optional field that indicates the
-                desired value of the cluster version. Setting this value will trigger
-                an upgrade (if the current version does not match the desired version).
-                The set of recommended update values is listed as part of available
-                updates in status, and setting values outside that range may cause
-                the upgrade to fail. You may specify the version field without setting
-                image if an update exists with that version in the availableUpdates
-                or history. \n If an upgrade fails the operator will halt and report
-                status about the failing component. Setting the desired update value
-                back to the previous version will cause a rollback to be attempted.
-                Not all rollbacks will succeed."
-              type: object
-              properties:
-                force:
-                  description: "force allows an administrator to update to an image
-                    that has failed verification, does not appear in the availableUpdates
-                    list, or otherwise would be blocked by normal protections on update.
-                    This option should only be used when the authenticity of the provided
-                    image has been verified out of band because the provided image
-                    will run with full administrative access to the cluster. Do not
-                    use this flag with images that comes from unknown or potentially
-                    malicious sources. \n This flag does not override other forms
-                    of consistency checking that are required before a new update
-                    is deployed."
-                  type: boolean
-                image:
-                  description: image is a container image location that contains the
-                    update. When this field is part of spec, image is optional if
-                    version is specified and the availableUpdates field contains a
-                    matching version.
-                  type: string
-                version:
-                  description: version is a semantic versioning identifying the update
-                    version. When this field is part of spec, version is optional
-                    if image is specified.
-                  type: string
-            overrides:
-              description: overrides is list of overides for components that are managed
-                by cluster version operator. Marking a component unmanaged will prevent
-                the operator from creating or updating the object.
-              type: array
-              items:
-                description: ComponentOverride allows overriding cluster version operator's
-                  behavior for a component.
-                type: object
-                required:
-                - group
-                - kind
-                - name
-                - namespace
-                - unmanaged
-                properties:
-                  group:
-                    description: group identifies the API group that the kind is in.
-                    type: string
-                  kind:
-                    description: kind indentifies which object to override.
-                    type: string
-                  name:
-                    description: name is the component's name.
-                    type: string
-                  namespace:
-                    description: namespace is the component's namespace. If the resource
-                      is cluster scoped, the namespace should be empty.
-                    type: string
-                  unmanaged:
-                    description: 'unmanaged controls if cluster version operator should
-                      stop managing the resources in this cluster. Default: false'
-                    type: boolean
-            upstream:
-              description: upstream may be used to specify the preferred update server.
-                By default it will use the appropriate update server for the cluster
-                and region.
-              type: string
-        status:
-          description: status contains information about the available updates and
-            any in-progress updates.
-          type: object
-          required:
-          - availableUpdates
-          - desired
-          - observedGeneration
-          - versionHash
-          properties:
-            availableUpdates:
-              description: availableUpdates contains the list of updates that are
-                appropriate for this cluster. This list may be empty if no updates
-                are recommended, if the update service is unavailable, or if an invalid
-                channel has been specified.
-              type: array
-              items:
-                description: Update represents a release of the ClusterVersionOperator,
-                  referenced by the Image member.
-                type: object
-                properties:
-                  force:
-                    description: "force allows an administrator to update to an image
-                      that has failed verification, does not appear in the availableUpdates
-                      list, or otherwise would be blocked by normal protections on
-                      update. This option should only be used when the authenticity
-                      of the provided image has been verified out of band because
-                      the provided image will run with full administrative access
-                      to the cluster. Do not use this flag with images that comes
-                      from unknown or potentially malicious sources. \n This flag
-                      does not override other forms of consistency checking that are
-                      required before a new update is deployed."
-                    type: boolean
-                  image:
-                    description: image is a container image location that contains
-                      the update. When this field is part of spec, image is optional
-                      if version is specified and the availableUpdates field contains
-                      a matching version.
-                    type: string
-                  version:
-                    description: version is a semantic versioning identifying the
-                      update version. When this field is part of spec, version is
-                      optional if image is specified.
-                    type: string
-              nullable: true
-            conditions:
-              description: conditions provides information about the cluster version.
-                The condition "Available" is set to true if the desiredUpdate has
-                been reached. The condition "Progressing" is set to true if an update
-                is being applied. The condition "Degraded" is set to true if an update
-                is currently blocked by a temporary or permanent error. Conditions
-                are only valid for the current desiredUpdate when metadata.generation
-                is equal to status.generation.
-              type: array
-              items:
-                description: ClusterOperatorStatusCondition represents the state of
-                  the operator's managed and monitored components.
-                type: object
-                required:
-                - lastTransitionTime
-                - status
-                - type
-                properties:
-                  lastTransitionTime:
-                    description: lastTransitionTime is the time of the last update
-                      to the current status property.
-                    type: string
-                    format: date-time
-                  message:
-                    description: message provides additional information about the
-                      current condition. This is only to be consumed by humans.
-                    type: string
-                  reason:
-                    description: reason is the CamelCase reason for the condition's
-                      current status.
-                    type: string
-                  status:
-                    description: status of the condition, one of True, False, Unknown.
-                    type: string
-                  type:
-                    description: type specifies the aspect reported by this condition.
-                    type: string
-            desired:
-              description: desired is the version that the cluster is reconciling
-                towards. If the cluster is not yet fully initialized desired will
-                be set with the information available, which may be an image or a
-                tag.
-              type: object
-              properties:
-                force:
-                  description: "force allows an administrator to update to an image
-                    that has failed verification, does not appear in the availableUpdates
-                    list, or otherwise would be blocked by normal protections on update.
-                    This option should only be used when the authenticity of the provided
-                    image has been verified out of band because the provided image
-                    will run with full administrative access to the cluster. Do not
-                    use this flag with images that comes from unknown or potentially
-                    malicious sources. \n This flag does not override other forms
-                    of consistency checking that are required before a new update
-                    is deployed."
-                  type: boolean
-                image:
-                  description: image is a container image location that contains the
-                    update. When this field is part of spec, image is optional if
-                    version is specified and the availableUpdates field contains a
-                    matching version.
-                  type: string
-                version:
-                  description: version is a semantic versioning identifying the update
-                    version. When this field is part of spec, version is optional
-                    if image is specified.
-                  type: string
-            history:
-              description: history contains a list of the most recent versions applied
-                to the cluster. This value may be empty during cluster startup, and
-                then will be updated when a new update is being applied. The newest
-                update is first in the list and it is ordered by recency. Updates
-                in the history have state Completed if the rollout completed - if
-                an update was failing or halfway applied the state will be Partial.
-                Only a limited amount of update history is preserved.
-              type: array
-              items:
-                description: UpdateHistory is a single attempted update to the cluster.
-                type: object
-                required:
-                - completionTime
-                - image
-                - startedTime
-                - state
-                - verified
-                properties:
-                  completionTime:
-                    description: completionTime, if set, is when the update was fully
-                      applied. The update that is currently being applied will have
-                      a null completion time. Completion time will always be set for
-                      entries that are not the current update (usually to the started
-                      time of the next update).
-                    type: string
-                    format: date-time
-                    nullable: true
-                  image:
-                    description: image is a container image location that contains
-                      the update. This value is always populated.
-                    type: string
-                  startedTime:
-                    description: startedTime is the time at which the update was started.
-                    type: string
-                    format: date-time
-                  state:
-                    description: state reflects whether the update was fully applied.
-                      The Partial state indicates the update is not fully applied,
-                      while the Completed state indicates the update was successfully
-                      rolled out at least once (all parts of the update successfully
-                      applied).
-                    type: string
-                  verified:
-                    description: verified indicates whether the provided update was
-                      properly verified before it was installed. If this is false
-                      the cluster may not be trusted.
-                    type: boolean
-                  version:
-                    description: version is a semantic versioning identifying the
-                      update version. If the requested image does not define a version,
-                      or if a failure occurs retrieving the image, this value may
-                      be empty.
-                    type: string
-            observedGeneration:
-              description: observedGeneration reports which version of the spec is
-                being synced. If this value is not equal to metadata.generation, then
-                the desired and conditions fields may represent a previous version.
-              type: integer
-              format: int64
-            versionHash:
-              description: versionHash is a fingerprint of the content that the cluster
-                will be updated with. It is used by the operator to avoid unnecessary
-                work and is for internal use only.
-              type: string
-  versions:
-  - name: v1
-    served: true
-    storage: true
--- a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml
@ -1,101 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: operatorhubs.config.openshift.io
-spec:
-  group: config.openshift.io
-  names:
-    kind: OperatorHub
-    listKind: OperatorHubList
-    plural: operatorhubs
-    singular: operatorhub
-  scope: Cluster
-  preserveUnknownFields: false
-  subresources:
-    status: {}
-  version: v1
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  "validation":
-    "openAPIV3Schema":
-      description: OperatorHub is the Schema for the operatorhubs API. It can be used
-        to change the state of the default hub sources for OperatorHub on the cluster
-        from enabled to disabled and vice versa.
-      type: object
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: OperatorHubSpec defines the desired state of OperatorHub
-          type: object
-          properties:
-            disableAllDefaultSources:
-              description: disableAllDefaultSources allows you to disable all the
-                default hub sources. If this is true, a specific entry in sources
-                can be used to enable a default source. If this is false, a specific
-                entry in sources can be used to disable or enable a default source.
-              type: boolean
-            sources:
-              description: sources is the list of default hub sources and their configuration.
-                If the list is empty, it implies that the default hub sources are
-                enabled on the cluster unless disableAllDefaultSources is true. If
-                disableAllDefaultSources is true and sources is not empty, the configuration
-                present in sources will take precedence. The list of default hub sources
-                and their current state will always be reflected in the status block.
-              type: array
-              items:
-                description: HubSource is used to specify the hub source and its configuration
-                type: object
-                properties:
-                  disabled:
-                    description: disabled is used to disable a default hub source
-                      on cluster
-                    type: boolean
-                  name:
-                    description: name is the name of one of the default hub sources
-                    type: string
-                    maxLength: 253
-                    minLength: 1
-        status:
-          description: OperatorHubStatus defines the observed state of OperatorHub.
-            The current state of the default hub sources will always be reflected
-            here.
-          type: object
-          properties:
-            sources:
-              description: sources encapsulates the result of applying the configuration
-                for each hub source
-              type: array
-              items:
-                description: HubSourceStatus is used to reflect the current state
-                  of applying the configuration to a default source
-                type: object
-                properties:
-                  disabled:
-                    description: disabled is used to disable a default hub source
-                      on cluster
-                    type: boolean
-                  message:
-                    description: message provides more information regarding failures
-                    type: string
-                  name:
-                    description: name is the name of one of the default hub sources
-                    type: string
-                    maxLength: 253
-                    minLength: 1
-                  status:
-                    description: status indicates success or failure in applying the
-                      configuration
-                    type: string
--- a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml
@ -1,98 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: proxies.config.openshift.io
-spec:
-  group: config.openshift.io
-  scope: Cluster
-  preserveUnknownFields: false
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  names:
-    kind: Proxy
-    listKind: ProxyList
-    plural: proxies
-    singular: proxy
-  subresources:
-    status: {}
-  "validation":
-    "openAPIV3Schema":
-      description: Proxy holds cluster-wide information on how to configure default
-        proxies for the cluster. The canonical name is `cluster`
-      type: object
-      required:
-      - spec
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: Spec holds user-settable values for the proxy configuration
-          type: object
-          properties:
-            httpProxy:
-              description: httpProxy is the URL of the proxy for HTTP requests.  Empty
-                means unset and will not result in an env var.
-              type: string
-            httpsProxy:
-              description: httpsProxy is the URL of the proxy for HTTPS requests.  Empty
-                means unset and will not result in an env var.
-              type: string
-            noProxy:
-              description: noProxy is a comma-separated list of hostnames and/or CIDRs
-                for which the proxy should not be used. Empty means unset and will
-                not result in an env var.
-              type: string
-            readinessEndpoints:
-              description: readinessEndpoints is a list of endpoints used to verify
-                readiness of the proxy.
-              type: array
-              items:
-                type: string
-            trustedCA:
-              description: "trustedCA is a reference to a ConfigMap containing a CA
-                certificate bundle used for client egress HTTPS connections. The certificate
-                bundle must be from the CA that signed the proxy's certificate and
-                be signed for everything. The trustedCA field should only be consumed
-                by a proxy validator. The validator is responsible for reading the
-                certificate bundle from required key \"ca-bundle.crt\" and copying
-                it to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\"
-                namespace. The namespace for the ConfigMap referenced by trustedCA
-                is \"openshift-config\". Here is an example ConfigMap (in yaml): \n
-                apiVersion: v1 kind: ConfigMap metadata:  name: user-ca-bundle  namespace:
-                openshift-config  data:    ca-bundle.crt: |      -----BEGIN CERTIFICATE-----
-                \     Custom CA certificate bundle.      -----END CERTIFICATE-----"
-              type: object
-              required:
-              - name
-              properties:
-                name:
-                  description: name is the metadata.name of the referenced config
-                    map
-                  type: string
-        status:
-          description: status holds observed values from the cluster. They may not
-            be overridden.
-          type: object
-          properties:
-            httpProxy:
-              description: httpProxy is the URL of the proxy for HTTP requests.
-              type: string
-            httpsProxy:
-              description: httpsProxy is the URL of the proxy for HTTPS requests.
-              type: string
-            noProxy:
-              description: noProxy is a comma-separated list of hostnames and/or CIDRs
-                for which the proxy should not be used.
-              type: string
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml
@ -1,219 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: apiservers.config.openshift.io
-spec:
-  group: config.openshift.io
-  scope: Cluster
-  preserveUnknownFields: false
-  names:
-    kind: APIServer
-    singular: apiserver
-    plural: apiservers
-    listKind: APIServerList
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  subresources:
-    status: {}
-  "validation":
-    "openAPIV3Schema":
-      description: APIServer holds configuration (like serving certificates, client
-        CA and CORS domains) shared by all API servers in the system, among them especially
-        kube-apiserver and openshift-apiserver. The canonical name of an instance
-        is 'cluster'.
-      type: object
-      required:
-      - spec
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          type: object
-          properties:
-            additionalCORSAllowedOrigins:
-              description: additionalCORSAllowedOrigins lists additional, user-defined
-                regular expressions describing hosts for which the API server allows
-                access using the CORS headers. This may be needed to access the API
-                and the integrated OAuth server from JavaScript applications. The
-                values are regular expressions that correspond to the Golang regular
-                expression language.
-              type: array
-              items:
-                type: string
-            clientCA:
-              description: 'clientCA references a ConfigMap containing a certificate
-                bundle for the signers that will be recognized for incoming client
-                certificates in addition to the operator managed signers. If this
-                is empty, then only operator managed signers are valid. You usually
-                only have to set this if you have your own PKI you wish to honor client
-                certificates from. The ConfigMap must exist in the openshift-config
-                namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"]
-                - CA bundle.'
-              type: object
-              required:
-              - name
-              properties:
-                name:
-                  description: name is the metadata.name of the referenced config
-                    map
-                  type: string
-            encryption:
-              description: encryption allows the configuration of encryption of resources
-                at the datastore layer.
-              type: object
-              properties:
-                type:
-                  description: "type defines what encryption type should be used to
-                    encrypt resources at the datastore layer. When this field is unset
-                    (i.e. when it is set to the empty string), identity is implied.
-                    The behavior of unset can and will change over time.  Even if
-                    encryption is enabled by default, the meaning of unset may change
-                    to a different encryption type based on changes in best practices.
-                    \n When encryption is enabled, all sensitive resources shipped
-                    with the platform are encrypted. This list of sensitive resources
-                    can and will change over time.  The current authoritative list
-                    is: \n   1. secrets   2. configmaps   3. routes.route.openshift.io
-                    \  4. oauthaccesstokens.oauth.openshift.io   5. oauthauthorizetokens.oauth.openshift.io"
-                  type: string
-                  enum:
-                  - ""
-                  - identity
-                  - aescbc
-            servingCerts:
-              description: servingCert is the TLS cert info for serving secure traffic.
-                If not specified, operator managed certificates will be used for serving
-                secure traffic.
-              type: object
-              properties:
-                namedCertificates:
-                  description: namedCertificates references secrets containing the
-                    TLS cert info for serving secure traffic to specific hostnames.
-                    If no named certificates are provided, or no named certificates
-                    match the server name as understood by a client, the defaultServingCertificate
-                    will be used.
-                  type: array
-                  items:
-                    description: APIServerNamedServingCert maps a server DNS name,
-                      as understood by a client, to a certificate.
-                    type: object
-                    properties:
-                      names:
-                        description: names is a optional list of explicit DNS names
-                          (leading wildcards allowed) that should use this certificate
-                          to serve secure traffic. If no names are provided, the implicit
-                          names will be extracted from the certificates. Exact names
-                          trump over wildcard names. Explicit names defined here trump
-                          over extracted implicit names.
-                        type: array
-                        items:
-                          type: string
-                      servingCertificate:
-                        description: 'servingCertificate references a kubernetes.io/tls
-                          type secret containing the TLS cert info for serving secure
-                          traffic. The secret must exist in the openshift-config namespace
-                          and contain the following required fields: - Secret.Data["tls.key"]
-                          - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.'
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              secret
-                            type: string
-            tlsSecurityProfile:
-              description: "tlsSecurityProfile specifies settings for TLS connections
-                for externally exposed servers. \n If unset, a default (which may
-                change between releases) is chosen. Note that only Old and Intermediate
-                profiles are currently supported, and the maximum available MinTLSVersions
-                is VersionTLS12."
-              type: object
-              properties:
-                custom:
-                  description: "custom is a user-defined TLS security profile. Be
-                    extremely careful using a custom profile as invalid configurations
-                    can be catastrophic. An example custom profile looks like this:
-                    \n   ciphers:     - ECDHE-ECDSA-CHACHA20-POLY1305     - ECDHE-RSA-CHACHA20-POLY1305
-                    \    - ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256
-                    \  minTLSVersion: TLSv1.1"
-                  type: object
-                  properties:
-                    ciphers:
-                      description: "ciphers is used to specify the cipher algorithms
-                        that are negotiated during the TLS handshake.  Operators may
-                        remove entries their operands do not support.  For example,
-                        to use DES-CBC3-SHA  (yaml): \n   ciphers:     - DES-CBC3-SHA"
-                      type: array
-                      items:
-                        type: string
-                    minTLSVersion:
-                      description: "minTLSVersion is used to specify the minimal version
-                        of the TLS protocol that is negotiated during the TLS handshake.
-                        For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):
-                        \n   minTLSVersion: TLSv1.1 \n NOTE: currently the highest
-                        minTLSVersion allowed is VersionTLS12"
-                      type: string
-                  nullable: true
-                intermediate:
-                  description: "intermediate is a TLS security profile based on: \n
-                    https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
-                    \n and looks like this (yaml): \n   ciphers:     - TLS_AES_128_GCM_SHA256
-                    \    - TLS_AES_256_GCM_SHA384     - TLS_CHACHA20_POLY1305_SHA256
-                    \    - ECDHE-ECDSA-AES128-GCM-SHA256     - ECDHE-RSA-AES128-GCM-SHA256
-                    \    - ECDHE-ECDSA-AES256-GCM-SHA384     - ECDHE-RSA-AES256-GCM-SHA384
-                    \    - ECDHE-ECDSA-CHACHA20-POLY1305     - ECDHE-RSA-CHACHA20-POLY1305
-                    \    - DHE-RSA-AES128-GCM-SHA256     - DHE-RSA-AES256-GCM-SHA384
-                    \  minTLSVersion: TLSv1.2"
-                  type: object
-                  nullable: true
-                modern:
-                  description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
-                    \n and looks like this (yaml): \n   ciphers:     - TLS_AES_128_GCM_SHA256
-                    \    - TLS_AES_256_GCM_SHA384     - TLS_CHACHA20_POLY1305_SHA256
-                    \  minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported."
-                  type: object
-                  nullable: true
-                old:
-                  description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
-                    \n and looks like this (yaml): \n   ciphers:     - TLS_AES_128_GCM_SHA256
-                    \    - TLS_AES_256_GCM_SHA384     - TLS_CHACHA20_POLY1305_SHA256
-                    \    - ECDHE-ECDSA-AES128-GCM-SHA256     - ECDHE-RSA-AES128-GCM-SHA256
-                    \    - ECDHE-ECDSA-AES256-GCM-SHA384     - ECDHE-RSA-AES256-GCM-SHA384
-                    \    - ECDHE-ECDSA-CHACHA20-POLY1305     - ECDHE-RSA-CHACHA20-POLY1305
-                    \    - DHE-RSA-AES128-GCM-SHA256     - DHE-RSA-AES256-GCM-SHA384
-                    \    - DHE-RSA-CHACHA20-POLY1305     - ECDHE-ECDSA-AES128-SHA256
-                    \    - ECDHE-RSA-AES128-SHA256     - ECDHE-ECDSA-AES128-SHA     -
-                    ECDHE-RSA-AES128-SHA     - ECDHE-ECDSA-AES256-SHA384     - ECDHE-RSA-AES256-SHA384
-                    \    - ECDHE-ECDSA-AES256-SHA     - ECDHE-RSA-AES256-SHA     -
-                    DHE-RSA-AES128-SHA256     - DHE-RSA-AES256-SHA256     - AES128-GCM-SHA256
-                    \    - AES256-GCM-SHA384     - AES128-SHA256     - AES256-SHA256
-                    \    - AES128-SHA     - AES256-SHA     - DES-CBC3-SHA   minTLSVersion:
-                    TLSv1.0"
-                  type: object
-                  nullable: true
-                type:
-                  description: "type is one of Old, Intermediate, Modern or Custom.
-                    Custom provides the ability to specify individual TLS security
-                    profile parameters. Old, Intermediate and Modern are TLS security
-                    profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
-                    \n The profiles are intent based, so they may change over time
-                    as new ciphers are developed and existing ciphers are found to
-                    be insecure.  Depending on precisely which ciphers are available
-                    to a process, the list may be reduced. \n Note that the Modern
-                    profile is currently not supported because it is not yet well
-                    adopted by common software libraries."
-                  type: string
-        status:
-          type: object
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml
@ -1,123 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: authentications.config.openshift.io
-spec:
-  group: config.openshift.io
-  names:
-    kind: Authentication
-    listKind: AuthenticationList
-    plural: authentications
-    singular: authentication
-  scope: Cluster
-  preserveUnknownFields: false
-  subresources:
-    status: {}
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  "validation":
-    "openAPIV3Schema":
-      description: Authentication specifies cluster-wide settings for authentication
-        (like OAuth and webhook token authenticators). The canonical name of an instance
-        is `cluster`.
-      type: object
-      required:
-      - spec
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: spec holds user settable values for configuration
-          type: object
-          properties:
-            oauthMetadata:
-              description: 'oauthMetadata contains the discovery endpoint data for
-                OAuth 2.0 Authorization Server Metadata for an external OAuth server.
-                This discovery document can be viewed from its served location: oc
-                get --raw ''/.well-known/oauth-authorization-server'' For further
-                details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
-                If oauthMetadata.name is non-empty, this value has precedence over
-                any metadata reference stored in status. The key "oauthMetadata" is
-                used to locate the data. If specified and the config map or expected
-                key is not found, no metadata is served. If the specified metadata
-                is not valid, no metadata is served. The namespace for this config
-                map is openshift-config.'
-              type: object
-              required:
-              - name
-              properties:
-                name:
-                  description: name is the metadata.name of the referenced config
-                    map
-                  type: string
-            type:
-              description: type identifies the cluster managed, user facing authentication
-                mode in use. Specifically, it manages the component that responds
-                to login attempts. The default is IntegratedOAuth.
-              type: string
-            webhookTokenAuthenticators:
-              description: webhookTokenAuthenticators configures remote token reviewers.
-                These remote authentication webhooks can be used to verify bearer
-                tokens via the tokenreviews.authentication.k8s.io REST API.  This
-                is required to honor bearer tokens that are provisioned by an external
-                authentication service. The namespace for these secrets is openshift-config.
-              type: array
-              items:
-                description: webhookTokenAuthenticator holds the necessary configuration
-                  options for a remote token authenticator
-                type: object
-                properties:
-                  kubeConfig:
-                    description: 'kubeConfig contains kube config file data which
-                      describes how to access the remote webhook service. For further
-                      details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
-                      The key "kubeConfig" is used to locate the data. If the secret
-                      or expected key is not found, the webhook is not honored. If
-                      the specified kube config data is not valid, the webhook is
-                      not honored. The namespace for this secret is determined by
-                      the point of use.'
-                    type: object
-                    required:
-                    - name
-                    properties:
-                      name:
-                        description: name is the metadata.name of the referenced secret
-                        type: string
-        status:
-          description: status holds observed values from the cluster. They may not
-            be overridden.
-          type: object
-          properties:
-            integratedOAuthMetadata:
-              description: 'integratedOAuthMetadata contains the discovery endpoint
-                data for OAuth 2.0 Authorization Server Metadata for the in-cluster
-                integrated OAuth server. This discovery document can be viewed from
-                its served location: oc get --raw ''/.well-known/oauth-authorization-server''
-                For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
-                This contains the observed value based on cluster state. An explicitly
-                set value in spec.oauthMetadata has precedence over this field. This
-                field has no meaning if authentication spec.type is not set to IntegratedOAuth.
-                The key "oauthMetadata" is used to locate the data. If the config
-                map or expected key is not found, no metadata is served. If the specified
-                metadata is not valid, no metadata is served. The namespace for this
-                config map is openshift-config-managed.'
-              type: object
-              required:
-              - name
-              properties:
-                name:
-                  description: name is the metadata.name of the referenced config
-                    map
-                  type: string
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml
@ -1,366 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: builds.config.openshift.io
-spec:
-  group: config.openshift.io
-  scope: Cluster
-  preserveUnknownFields: false
-  names:
-    kind: Build
-    singular: build
-    plural: builds
-    listKind: BuildList
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  subresources:
-    status: {}
-  "validation":
-    "openAPIV3Schema":
-      description: "Build configures the behavior of OpenShift builds for the entire
-        cluster. This includes default settings that can be overridden in BuildConfig
-        objects, and overrides which are applied to all builds. \n The canonical name
-        is \"cluster\""
-      type: object
-      required:
-      - spec
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: Spec holds user-settable values for the build controller configuration
-          type: object
-          properties:
-            additionalTrustedCA:
-              description: "AdditionalTrustedCA is a reference to a ConfigMap containing
-                additional CAs that should be trusted for image pushes and pulls during
-                builds. The namespace for this config map is openshift-config. \n
-                DEPRECATED: Additional CAs for image pull and push should be set on
-                image.config.openshift.io/cluster instead."
-              type: object
-              required:
-              - name
-              properties:
-                name:
-                  description: name is the metadata.name of the referenced config
-                    map
-                  type: string
-            buildDefaults:
-              description: BuildDefaults controls the default information for Builds
-              type: object
-              properties:
-                defaultProxy:
-                  description: "DefaultProxy contains the default proxy settings for
-                    all build operations, including image pull/push and source download.
-                    \n Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`,
-                    and `NO_PROXY` environment variables in the build config's strategy."
-                  type: object
-                  properties:
-                    httpProxy:
-                      description: httpProxy is the URL of the proxy for HTTP requests.  Empty
-                        means unset and will not result in an env var.
-                      type: string
-                    httpsProxy:
-                      description: httpsProxy is the URL of the proxy for HTTPS requests.  Empty
-                        means unset and will not result in an env var.
-                      type: string
-                    noProxy:
-                      description: noProxy is a comma-separated list of hostnames
-                        and/or CIDRs for which the proxy should not be used. Empty
-                        means unset and will not result in an env var.
-                      type: string
-                    readinessEndpoints:
-                      description: readinessEndpoints is a list of endpoints used
-                        to verify readiness of the proxy.
-                      type: array
-                      items:
-                        type: string
-                    trustedCA:
-                      description: "trustedCA is a reference to a ConfigMap containing
-                        a CA certificate bundle used for client egress HTTPS connections.
-                        The certificate bundle must be from the CA that signed the
-                        proxy's certificate and be signed for everything. The trustedCA
-                        field should only be consumed by a proxy validator. The validator
-                        is responsible for reading the certificate bundle from required
-                        key \"ca-bundle.crt\" and copying it to a ConfigMap named
-                        \"trusted-ca-bundle\" in the \"openshift-config-managed\"
-                        namespace. The namespace for the ConfigMap referenced by trustedCA
-                        is \"openshift-config\". Here is an example ConfigMap (in
-                        yaml): \n apiVersion: v1 kind: ConfigMap metadata:  name:
-                        user-ca-bundle  namespace: openshift-config  data:    ca-bundle.crt:
-                        |      -----BEGIN CERTIFICATE-----      Custom CA certificate
-                        bundle.      -----END CERTIFICATE-----"
-                      type: object
-                      required:
-                      - name
-                      properties:
-                        name:
-                          description: name is the metadata.name of the referenced
-                            config map
-                          type: string
-                env:
-                  description: Env is a set of default environment variables that
-                    will be applied to the build if the specified variables do not
-                    exist on the build
-                  type: array
-                  items:
-                    description: EnvVar represents an environment variable present
-                      in a Container.
-                    type: object
-                    required:
-                    - name
-                    properties:
-                      name:
-                        description: Name of the environment variable. Must be a C_IDENTIFIER.
-                        type: string
-                      value:
-                        description: 'Variable references $(VAR_NAME) are expanded
-                          using the previous defined environment variables in the
-                          container and any service environment variables. If a variable
-                          cannot be resolved, the reference in the input string will
-                          be unchanged. The $(VAR_NAME) syntax can be escaped with
-                          a double $$, ie: $$(VAR_NAME). Escaped references will never
-                          be expanded, regardless of whether the variable exists or
-                          not. Defaults to "".'
-                        type: string
-                      valueFrom:
-                        description: Source for the environment variable's value.
-                          Cannot be used if value is not empty.
-                        type: object
-                        properties:
-                          configMapKeyRef:
-                            description: Selects a key of a ConfigMap.
-                            type: object
-                            required:
-                            - key
-                            properties:
-                              key:
-                                description: The key to select.
-                                type: string
-                              name:
-                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                  TODO: Add other useful fields. apiVersion, kind,
-                                  uid?'
-                                type: string
-                              optional:
-                                description: Specify whether the ConfigMap or its
-                                  key must be defined
-                                type: boolean
-                          fieldRef:
-                            description: 'Selects a field of the pod: supports metadata.name,
-                              metadata.namespace, metadata.labels, metadata.annotations,
-                              spec.nodeName, spec.serviceAccountName, status.hostIP,
-                              status.podIP, status.podIPs.'
-                            type: object
-                            required:
-                            - fieldPath
-                            properties:
-                              apiVersion:
-                                description: Version of the schema the FieldPath is
-                                  written in terms of, defaults to "v1".
-                                type: string
-                              fieldPath:
-                                description: Path of the field to select in the specified
-                                  API version.
-                                type: string
-                          resourceFieldRef:
-                            description: 'Selects a resource of the container: only
-                              resources limits and requests (limits.cpu, limits.memory,
-                              limits.ephemeral-storage, requests.cpu, requests.memory
-                              and requests.ephemeral-storage) are currently supported.'
-                            type: object
-                            required:
-                            - resource
-                            properties:
-                              containerName:
-                                description: 'Container name: required for volumes,
-                                  optional for env vars'
-                                type: string
-                              divisor:
-                                description: Specifies the output format of the exposed
-                                  resources, defaults to "1"
-                                type: string
-                              resource:
-                                description: 'Required: resource to select'
-                                type: string
-                          secretKeyRef:
-                            description: Selects a key of a secret in the pod's namespace
-                            type: object
-                            required:
-                            - key
-                            properties:
-                              key:
-                                description: The key of the secret to select from.  Must
-                                  be a valid secret key.
-                                type: string
-                              name:
-                                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                                  TODO: Add other useful fields. apiVersion, kind,
-                                  uid?'
-                                type: string
-                              optional:
-                                description: Specify whether the Secret or its key
-                                  must be defined
-                                type: boolean
-                gitProxy:
-                  description: "GitProxy contains the proxy settings for git operations
-                    only. If set, this will override any Proxy settings for all git
-                    commands, such as git clone. \n Values that are not set here will
-                    be inherited from DefaultProxy."
-                  type: object
-                  properties:
-                    httpProxy:
-                      description: httpProxy is the URL of the proxy for HTTP requests.  Empty
-                        means unset and will not result in an env var.
-                      type: string
-                    httpsProxy:
-                      description: httpsProxy is the URL of the proxy for HTTPS requests.  Empty
-                        means unset and will not result in an env var.
-                      type: string
-                    noProxy:
-                      description: noProxy is a comma-separated list of hostnames
-                        and/or CIDRs for which the proxy should not be used. Empty
-                        means unset and will not result in an env var.
-                      type: string
-                    readinessEndpoints:
-                      description: readinessEndpoints is a list of endpoints used
-                        to verify readiness of the proxy.
-                      type: array
-                      items:
-                        type: string
-                    trustedCA:
-                      description: "trustedCA is a reference to a ConfigMap containing
-                        a CA certificate bundle used for client egress HTTPS connections.
-                        The certificate bundle must be from the CA that signed the
-                        proxy's certificate and be signed for everything. The trustedCA
-                        field should only be consumed by a proxy validator. The validator
-                        is responsible for reading the certificate bundle from required
-                        key \"ca-bundle.crt\" and copying it to a ConfigMap named
-                        \"trusted-ca-bundle\" in the \"openshift-config-managed\"
-                        namespace. The namespace for the ConfigMap referenced by trustedCA
-                        is \"openshift-config\". Here is an example ConfigMap (in
-                        yaml): \n apiVersion: v1 kind: ConfigMap metadata:  name:
-                        user-ca-bundle  namespace: openshift-config  data:    ca-bundle.crt:
-                        |      -----BEGIN CERTIFICATE-----      Custom CA certificate
-                        bundle.      -----END CERTIFICATE-----"
-                      type: object
-                      required:
-                      - name
-                      properties:
-                        name:
-                          description: name is the metadata.name of the referenced
-                            config map
-                          type: string
-                imageLabels:
-                  description: ImageLabels is a list of docker labels that are applied
-                    to the resulting image. User can override a default label by providing
-                    a label with the same name in their Build/BuildConfig.
-                  type: array
-                  items:
-                    type: object
-                    properties:
-                      name:
-                        description: Name defines the name of the label. It must have
-                          non-zero length.
-                        type: string
-                      value:
-                        description: Value defines the literal value of the label.
-                        type: string
-                resources:
-                  description: Resources defines resource requirements to execute
-                    the build.
-                  type: object
-                  properties:
-                    limits:
-                      description: 'Limits describes the maximum amount of compute
-                        resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
-                      type: object
-                      additionalProperties:
-                        type: string
-                    requests:
-                      description: 'Requests describes the minimum amount of compute
-                        resources required. If Requests is omitted for a container,
-                        it defaults to Limits if that is explicitly specified, otherwise
-                        to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
-                      type: object
-                      additionalProperties:
-                        type: string
-            buildOverrides:
-              description: BuildOverrides controls override settings for builds
-              type: object
-              properties:
-                imageLabels:
-                  description: ImageLabels is a list of docker labels that are applied
-                    to the resulting image. If user provided a label in their Build/BuildConfig
-                    with the same name as one in this list, the user's label will
-                    be overwritten.
-                  type: array
-                  items:
-                    type: object
-                    properties:
-                      name:
-                        description: Name defines the name of the label. It must have
-                          non-zero length.
-                        type: string
-                      value:
-                        description: Value defines the literal value of the label.
-                        type: string
-                nodeSelector:
-                  description: NodeSelector is a selector which must be true for the
-                    build pod to fit on a node
-                  type: object
-                  additionalProperties:
-                    type: string
-                tolerations:
-                  description: Tolerations is a list of Tolerations that will override
-                    any existing tolerations set on a build pod.
-                  type: array
-                  items:
-                    description: The pod this Toleration is attached to tolerates
-                      any taint that matches the triple <key,value,effect> using the
-                      matching operator <operator>.
-                    type: object
-                    properties:
-                      effect:
-                        description: Effect indicates the taint effect to match. Empty
-                          means match all taint effects. When specified, allowed values
-                          are NoSchedule, PreferNoSchedule and NoExecute.
-                        type: string
-                      key:
-                        description: Key is the taint key that the toleration applies
-                          to. Empty means match all taint keys. If the key is empty,
-                          operator must be Exists; this combination means to match
-                          all values and all keys.
-                        type: string
-                      operator:
-                        description: Operator represents a key's relationship to the
-                          value. Valid operators are Exists and Equal. Defaults to
-                          Equal. Exists is equivalent to wildcard for value, so that
-                          a pod can tolerate all taints of a particular category.
-                        type: string
-                      tolerationSeconds:
-                        description: TolerationSeconds represents the period of time
-                          the toleration (which must be of effect NoExecute, otherwise
-                          this field is ignored) tolerates the taint. By default,
-                          it is not set, which means tolerate the taint forever (do
-                          not evict). Zero and negative values will be treated as
-                          0 (evict immediately) by the system.
-                        type: integer
-                        format: int64
-                      value:
-                        description: Value is the taint value the toleration matches
-                          to. If the operator is Exists, the value should be empty,
-                          otherwise just a regular string.
-                        type: string
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml
@ -1,70 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: consoles.config.openshift.io
-spec:
-  scope: Cluster
-  preserveUnknownFields: false
-  group: config.openshift.io
-  names:
-    kind: Console
-    listKind: ConsoleList
-    plural: consoles
-    singular: console
-  subresources:
-    status: {}
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  "validation":
-    "openAPIV3Schema":
-      description: Console holds cluster-wide configuration for the web console, including
-        the logout URL, and reports the public URL of the console. The canonical name
-        is `cluster`.
-      type: object
-      required:
-      - spec
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: spec holds user settable values for configuration
-          type: object
-          properties:
-            authentication:
-              description: ConsoleAuthentication defines a list of optional configuration
-                for console authentication.
-              type: object
-              properties:
-                logoutRedirect:
-                  description: 'An optional, absolute URL to redirect web browsers
-                    to after logging out of the console. If not specified, it will
-                    redirect to the default login page. This is required when using
-                    an identity provider that supports single sign-on (SSO) such as:
-                    - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML)
-                    - OAuth (GitHub, GitLab, Google) Logging out of the console will
-                    destroy the user''s token. The logoutRedirect provides the user
-                    the option to perform single logout (SLO) through the identity
-                    provider to destroy their single sign-on session.'
-                  type: string
-                  pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$
-        status:
-          description: status holds observed values from the cluster. They may not
-            be overridden.
-          type: object
-          properties:
-            consoleURL:
-              description: The URL for the console. This will be derived from the
-                host for the route that is created for the console.
-              type: string
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml
@ -1,100 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: dnses.config.openshift.io
-spec:
-  group: config.openshift.io
-  names:
-    kind: DNS
-    listKind: DNSList
-    plural: dnses
-    singular: dns
-  scope: Cluster
-  preserveUnknownFields: false
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  subresources:
-    status: {}
-  "validation":
-    "openAPIV3Schema":
-      description: DNS holds cluster-wide information about DNS. The canonical name
-        is `cluster`
-      type: object
-      required:
-      - spec
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: spec holds user settable values for configuration
-          type: object
-          properties:
-            baseDomain:
-              description: "baseDomain is the base domain of the cluster. All managed
-                DNS records will be sub-domains of this base. \n For example, given
-                the base domain `openshift.example.com`, an API server DNS record
-                may be created for `cluster-api.openshift.example.com`. \n Once set,
-                this field cannot be changed."
-              type: string
-            privateZone:
-              description: "privateZone is the location where all the DNS records
-                that are only available internally to the cluster exist. \n If this
-                field is nil, no private records should be created. \n Once set, this
-                field cannot be changed."
-              type: object
-              properties:
-                id:
-                  description: "id is the identifier that can be used to find the
-                    DNS hosted zone. \n on AWS zone can be fetched using `ID` as id
-                    in [1] on Azure zone can be fetched using `ID` as a pre-determined
-                    name in [2], on GCP zone can be fetched using `ID` as a pre-determined
-                    name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options
-                    [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show
-                    [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get"
-                  type: string
-                tags:
-                  description: "tags can be used to query the DNS hosted zone. \n
-                    on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone
-                    using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options"
-                  type: object
-                  additionalProperties:
-                    type: string
-            publicZone:
-              description: "publicZone is the location where all the DNS records that
-                are publicly accessible to the internet exist. \n If this field is
-                nil, no public records should be created. \n Once set, this field
-                cannot be changed."
-              type: object
-              properties:
-                id:
-                  description: "id is the identifier that can be used to find the
-                    DNS hosted zone. \n on AWS zone can be fetched using `ID` as id
-                    in [1] on Azure zone can be fetched using `ID` as a pre-determined
-                    name in [2], on GCP zone can be fetched using `ID` as a pre-determined
-                    name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options
-                    [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show
-                    [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get"
-                  type: string
-                tags:
-                  description: "tags can be used to query the DNS hosted zone. \n
-                    on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone
-                    using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options"
-                  type: object
-                  additionalProperties:
-                    type: string
-        status:
-          description: status holds observed values from the cluster. They may not
-            be overridden.
-          type: object
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml
@ -1,76 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: featuregates.config.openshift.io
-spec:
-  group: config.openshift.io
-  version: v1
-  scope: Cluster
-  preserveUnknownFields: false
-  names:
-    kind: FeatureGate
-    singular: featuregate
-    plural: featuregates
-    listKind: FeatureGateList
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  subresources:
-    status: {}
-  "validation":
-    "openAPIV3Schema":
-      description: Feature holds cluster-wide information about feature gates.  The
-        canonical name is `cluster`
-      type: object
-      required:
-      - spec
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: spec holds user settable values for configuration
-          type: object
-          properties:
-            customNoUpgrade:
-              description: customNoUpgrade allows the enabling or disabling of any
-                feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE,
-                and PREVENTS UPGRADES. Because of its nature, this setting cannot
-                be validated.  If you have any typos or accidentally apply invalid
-                combinations your cluster may fail in an unrecoverable way.  featureSet
-                must equal "CustomNoUpgrade" must be set to use this field.
-              type: object
-              properties:
-                disabled:
-                  description: disabled is a list of all feature gates that you want
-                    to force off
-                  type: array
-                  items:
-                    type: string
-                enabled:
-                  description: enabled is a list of all feature gates that you want
-                    to force on
-                  type: array
-                  items:
-                    type: string
-              nullable: true
-            featureSet:
-              description: featureSet changes the list of features in the cluster.  The
-                default is empty.  Be very careful adjusting this setting. Turning
-                on or off features may cause irreversible changes in your cluster
-                which cannot be undone.
-              type: string
-        status:
-          description: status holds observed values from the cluster. They may not
-            be overridden.
-          type: object
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml
@ -1,144 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: images.config.openshift.io
-spec:
-  group: config.openshift.io
-  scope: Cluster
-  preserveUnknownFields: false
-  names:
-    kind: Image
-    singular: image
-    plural: images
-    listKind: ImageList
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  subresources:
-    status: {}
-  "validation":
-    "openAPIV3Schema":
-      description: Image governs policies related to imagestream imports and runtime
-        configuration for external registries. It allows cluster admins to configure
-        which registries OpenShift is allowed to import images from, extra CA trust
-        bundles for external registries, and policies to blacklist/whitelist registry
-        hostnames. When exposing OpenShift's image registry to the public, this also
-        lets cluster admins specify the external hostname.
-      type: object
-      required:
-      - spec
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: spec holds user settable values for configuration
-          type: object
-          properties:
-            additionalTrustedCA:
-              description: additionalTrustedCA is a reference to a ConfigMap containing
-                additional CAs that should be trusted during imagestream import, pod
-                image pull, build image pull, and imageregistry pullthrough. The namespace
-                for this config map is openshift-config.
-              type: object
-              required:
-              - name
-              properties:
-                name:
-                  description: name is the metadata.name of the referenced config
-                    map
-                  type: string
-            allowedRegistriesForImport:
-              description: allowedRegistriesForImport limits the container image registries
-                that normal users may import images from. Set this list to the registries
-                that you trust to contain valid Docker images and that you want applications
-                to be able to import from. Users with permission to create Images
-                or ImageStreamMappings via the API are not affected by this policy
-                - typically only administrators or system integrations will have those
-                permissions.
-              type: array
-              items:
-                description: RegistryLocation contains a location of the registry
-                  specified by the registry domain name. The domain name might include
-                  wildcards, like '*' or '??'.
-                type: object
-                properties:
-                  domainName:
-                    description: domainName specifies a domain name for the registry
-                      In case the registry use non-standard (80 or 443) port, the
-                      port should be included in the domain name as well.
-                    type: string
-                  insecure:
-                    description: insecure indicates whether the registry is secure
-                      (https) or insecure (http) By default (if not specified) the
-                      registry is assumed as secure.
-                    type: boolean
-            externalRegistryHostnames:
-              description: externalRegistryHostnames provides the hostnames for the
-                default external image registry. The external hostname should be set
-                only when the image registry is exposed externally. The first value
-                is used in 'publicDockerImageRepository' field in ImageStreams. The
-                value must be in "hostname[:port]" format.
-              type: array
-              items:
-                type: string
-            registrySources:
-              description: registrySources contains configuration that determines
-                how the container runtime should treat individual registries when
-                accessing images for builds+pods. (e.g. whether or not to allow insecure
-                access).  It does not contain configuration for the internal cluster
-                registry.
-              type: object
-              properties:
-                allowedRegistries:
-                  description: "allowedRegistries are whitelisted for image pull/push.
-                    All other registries are blocked. \n Only one of BlockedRegistries
-                    or AllowedRegistries may be set."
-                  type: array
-                  items:
-                    type: string
-                blockedRegistries:
-                  description: "blockedRegistries are blacklisted from image pull/push.
-                    All other registries are allowed. \n Only one of BlockedRegistries
-                    or AllowedRegistries may be set."
-                  type: array
-                  items:
-                    type: string
-                insecureRegistries:
-                  description: insecureRegistries are registries which do not have
-                    a valid TLS certificates or only support HTTP connections.
-                  type: array
-                  items:
-                    type: string
-        status:
-          description: status holds observed values from the cluster. They may not
-            be overridden.
-          type: object
-          properties:
-            externalRegistryHostnames:
-              description: externalRegistryHostnames provides the hostnames for the
-                default external image registry. The external hostname should be set
-                only when the image registry is exposed externally. The first value
-                is used in 'publicDockerImageRepository' field in ImageStreams. The
-                value must be in "hostname[:port]" format.
-              type: array
-              items:
-                type: string
-            internalRegistryHostname:
-              description: internalRegistryHostname sets the hostname for the default
-                internal image registry. The value must be in "hostname[:port]" format.
-                This value is set by the image registry operator which controls the
-                internal registry hostname. For backward compatibility, users can
-                still use OPENSHIFT_DEFAULT_REGISTRY environment variable but this
-                setting overrides the environment variable.
-              type: string
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml
@ -1,221 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: infrastructures.config.openshift.io
-spec:
-  group: config.openshift.io
-  names:
-    kind: Infrastructure
-    listKind: InfrastructureList
-    plural: infrastructures
-    singular: infrastructure
-  scope: Cluster
-  preserveUnknownFields: false
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  "validation":
-    "openAPIV3Schema":
-      description: Infrastructure holds cluster-wide information about Infrastructure.  The
-        canonical name is `cluster`
-      type: object
-      required:
-      - spec
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: spec holds user settable values for configuration
-          type: object
-          properties:
-            cloudConfig:
-              description: cloudConfig is a reference to a ConfigMap containing the
-                cloud provider configuration file. This configuration file is used
-                to configure the Kubernetes cloud provider integration when using
-                the built-in cloud provider integration or the external cloud controller
-                manager. The namespace for this config map is openshift-config.
-              type: object
-              properties:
-                key:
-                  description: Key allows pointing to a specific key/value inside
-                    of the configmap.  This is useful for logical file references.
-                  type: string
-                name:
-                  type: string
-        status:
-          description: status holds observed values from the cluster. They may not
-            be overridden.
-          type: object
-          properties:
-            apiServerInternalURI:
-              description: apiServerInternalURL is a valid URI with scheme(http/https),
-                address and port.  apiServerInternalURL can be used by components
-                like kubelets, to contact the Kubernetes API server using the infrastructure
-                provider rather than Kubernetes networking.
-              type: string
-            apiServerURL:
-              description: apiServerURL is a valid URI with scheme(http/https), address
-                and port.  apiServerURL can be used by components like the web console
-                to tell users where to find the Kubernetes API.
-              type: string
-            etcdDiscoveryDomain:
-              description: 'etcdDiscoveryDomain is the domain used to fetch the SRV
-                records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery'
-              type: string
-            infrastructureName:
-              description: infrastructureName uniquely identifies a cluster with a
-                human friendly name. Once set it should not be changed. Must be of
-                max length 27 and must have only alphanumeric or hyphen characters.
-              type: string
-            platform:
-              description: "platform is the underlying infrastructure provider for
-                the cluster. \n Deprecated: Use platformStatus.type instead."
-              type: string
-            platformStatus:
-              description: platformStatus holds status information specific to the
-                underlying infrastructure provider.
-              type: object
-              properties:
-                aws:
-                  description: AWS contains settings specific to the Amazon Web Services
-                    infrastructure provider.
-                  type: object
-                  properties:
-                    region:
-                      description: region holds the default AWS region for new AWS
-                        resources created by the cluster.
-                      type: string
-                azure:
-                  description: Azure contains settings specific to the Azure infrastructure
-                    provider.
-                  type: object
-                  properties:
-                    networkResourceGroupName:
-                      description: networkResourceGroupName is the Resource Group
-                        for network resources like the Virtual Network and Subnets
-                        used by the cluster. If empty, the value is same as ResourceGroupName.
-                      type: string
-                    resourceGroupName:
-                      description: resourceGroupName is the Resource Group for new
-                        Azure resources created for the cluster.
-                      type: string
-                baremetal:
-                  description: BareMetal contains settings specific to the BareMetal
-                    platform.
-                  type: object
-                  properties:
-                    apiServerInternalIP:
-                      description: apiServerInternalIP is an IP address to contact
-                        the Kubernetes API server that can be used by components inside
-                        the cluster, like kubelets using the infrastructure rather
-                        than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
-                        points to. It is the IP for a self-hosted load balancer in
-                        front of the API servers.
-                      type: string
-                    ingressIP:
-                      description: ingressIP is an external IP which routes to the
-                        default ingress controller. The IP is a suitable target of
-                        a wildcard DNS record used to resolve default route host names.
-                      type: string
-                    nodeDNSIP:
-                      description: nodeDNSIP is the IP address for the internal DNS
-                        used by the nodes. Unlike the one managed by the DNS operator,
-                        `NodeDNSIP` provides name resolution for the nodes themselves.
-                        There is no DNS-as-a-service for BareMetal deployments. In
-                        order to minimize necessary changes to the datacenter DNS,
-                        a DNS service is hosted as a static pod to serve those hostnames
-                        to the nodes in the cluster.
-                      type: string
-                gcp:
-                  description: GCP contains settings specific to the Google Cloud
-                    Platform infrastructure provider.
-                  type: object
-                  properties:
-                    projectID:
-                      description: resourceGroupName is the Project ID for new GCP
-                        resources created for the cluster.
-                      type: string
-                    region:
-                      description: region holds the region for new GCP resources created
-                        for the cluster.
-                      type: string
-                openstack:
-                  description: OpenStack contains settings specific to the OpenStack
-                    infrastructure provider.
-                  type: object
-                  properties:
-                    apiServerInternalIP:
-                      description: apiServerInternalIP is an IP address to contact
-                        the Kubernetes API server that can be used by components inside
-                        the cluster, like kubelets using the infrastructure rather
-                        than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
-                        points to. It is the IP for a self-hosted load balancer in
-                        front of the API servers.
-                      type: string
-                    cloudName:
-                      description: cloudName is the name of the desired OpenStack
-                        cloud in the client configuration file (`clouds.yaml`).
-                      type: string
-                    ingressIP:
-                      description: ingressIP is an external IP which routes to the
-                        default ingress controller. The IP is a suitable target of
-                        a wildcard DNS record used to resolve default route host names.
-                      type: string
-                    nodeDNSIP:
-                      description: nodeDNSIP is the IP address for the internal DNS
-                        used by the nodes. Unlike the one managed by the DNS operator,
-                        `NodeDNSIP` provides name resolution for the nodes themselves.
-                        There is no DNS-as-a-service for OpenStack deployments. In
-                        order to minimize necessary changes to the datacenter DNS,
-                        a DNS service is hosted as a static pod to serve those hostnames
-                        to the nodes in the cluster.
-                      type: string
-                ovirt:
-                  description: Ovirt contains settings specific to the oVirt infrastructure
-                    provider.
-                  type: object
-                  properties:
-                    apiServerInternalIP:
-                      description: apiServerInternalIP is an IP address to contact
-                        the Kubernetes API server that can be used by components inside
-                        the cluster, like kubelets using the infrastructure rather
-                        than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
-                        points to. It is the IP for a self-hosted load balancer in
-                        front of the API servers.
-                      type: string
-                    ingressIP:
-                      description: ingressIP is an external IP which routes to the
-                        default ingress controller. The IP is a suitable target of
-                        a wildcard DNS record used to resolve default route host names.
-                      type: string
-                    nodeDNSIP:
-                      description: nodeDNSIP is the IP address for the internal DNS
-                        used by the nodes. Unlike the one managed by the DNS operator,
-                        `NodeDNSIP` provides name resolution for the nodes themselves.
-                        There is no DNS-as-a-service for oVirt deployments. In order
-                        to minimize necessary changes to the datacenter DNS, a DNS
-                        service is hosted as a static pod to serve those hostnames
-                        to the nodes in the cluster.
-                      type: string
-                type:
-                  description: type is the underlying infrastructure provider for
-                    the cluster. This value controls whether infrastructure automation
-                    such as service load balancers, dynamic volume provisioning, machine
-                    creation and deletion, and other integrations are enabled. If
-                    None, no infrastructure automation is enabled. Allowed values
-                    are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack",
-                    "VSphere", "oVirt", and "None". Individual components may not
-                    support all platforms, and must handle unrecognized platforms
-                    as None if they do not support that platform.
-                  type: string
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml
@ -1,55 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: ingresses.config.openshift.io
-spec:
-  group: config.openshift.io
-  names:
-    kind: Ingress
-    listKind: IngressList
-    plural: ingresses
-    singular: ingress
-  scope: Cluster
-  preserveUnknownFields: false
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  subresources:
-    status: {}
-  "validation":
-    "openAPIV3Schema":
-      description: Ingress holds cluster-wide information about ingress, including
-        the default ingress domain used for routes. The canonical name is `cluster`.
-      type: object
-      required:
-      - spec
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: spec holds user settable values for configuration
-          type: object
-          properties:
-            domain:
-              description: "domain is used to generate a default host name for a route
-                when the route's host name is empty. The generated host name will
-                follow this pattern: \"<route-name>.<route-namespace>.<domain>\".
-                \n It is also used as the default wildcard domain suffix for ingress.
-                The default ingresscontroller domain will follow this pattern: \"*.<domain>\".
-                \n Once set, changing domain is not currently supported."
-              type: string
-        status:
-          description: status holds observed values from the cluster. They may not
-            be overridden.
-          type: object
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml
@ -1,141 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: networks.config.openshift.io
-spec:
-  group: config.openshift.io
-  names:
-    kind: Network
-    listKind: NetworkList
-    plural: networks
-    singular: network
-  scope: Cluster
-  preserveUnknownFields: false
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  "validation":
-    "openAPIV3Schema":
-      description: 'Network holds cluster-wide information about Network. The canonical
-        name is `cluster`. It is used to configure the desired network configuration,
-        such as: IP address pools for services/pod IPs, network plugin, etc. Please
-        view network.spec for an explanation on what applies when configuring this
-        resource.'
-      type: object
-      required:
-      - spec
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: spec holds user settable values for configuration. As a general
-            rule, this SHOULD NOT be read directly. Instead, you should consume the
-            NetworkStatus, as it indicates the currently deployed configuration. Currently,
-            most spec fields are immutable after installation. Please view the individual
-            ones for further details on each.
-          type: object
-          properties:
-            clusterNetwork:
-              description: IP address pool to use for pod IPs. This field is immutable
-                after installation.
-              type: array
-              items:
-                description: ClusterNetworkEntry is a contiguous block of IP addresses
-                  from which pod IPs are allocated.
-                type: object
-                properties:
-                  cidr:
-                    description: The complete block for pod IPs.
-                    type: string
-                  hostPrefix:
-                    description: The size (prefix) of block to allocate to each node.
-                    type: integer
-                    format: int32
-                    minimum: 0
-            externalIP:
-              description: externalIP defines configuration for controllers that affect
-                Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.
-              type: object
-              properties:
-                autoAssignCIDRs:
-                  description: autoAssignCIDRs is a list of CIDRs from which to automatically
-                    assign Service.ExternalIP. These are assigned when the service
-                    is of type LoadBalancer. In general, this is only useful for bare-metal
-                    clusters. In Openshift 3.x, this was misleadingly called "IngressIPs".
-                    Automatically assigned External IPs are not affected by any ExternalIPPolicy
-                    rules. Currently, only one entry may be provided.
-                  type: array
-                  items:
-                    type: string
-                policy:
-                  description: policy is a set of restrictions applied to the ExternalIP
-                    field. If nil or empty, then ExternalIP is not allowed to be set.
-                  type: object
-                  properties:
-                    allowedCIDRs:
-                      description: allowedCIDRs is the list of allowed CIDRs.
-                      type: array
-                      items:
-                        type: string
-                    rejectedCIDRs:
-                      description: rejectedCIDRs is the list of disallowed CIDRs.
-                        These take precedence over allowedCIDRs.
-                      type: array
-                      items:
-                        type: string
-            networkType:
-              description: 'NetworkType is the plugin that is to be deployed (e.g.
-                OpenShiftSDN). This should match a value that the cluster-network-operator
-                understands, or else no networking will be installed. Currently supported
-                values are: - OpenShiftSDN This field is immutable after installation.'
-              type: string
-            serviceNetwork:
-              description: IP address pool for services. Currently, we only support
-                a single entry here. This field is immutable after installation.
-              type: array
-              items:
-                type: string
-        status:
-          description: status holds observed values from the cluster. They may not
-            be overridden.
-          type: object
-          properties:
-            clusterNetwork:
-              description: IP address pool to use for pod IPs.
-              type: array
-              items:
-                description: ClusterNetworkEntry is a contiguous block of IP addresses
-                  from which pod IPs are allocated.
-                type: object
-                properties:
-                  cidr:
-                    description: The complete block for pod IPs.
-                    type: string
-                  hostPrefix:
-                    description: The size (prefix) of block to allocate to each node.
-                    type: integer
-                    format: int32
-                    minimum: 0
-            clusterNetworkMTU:
-              description: ClusterNetworkMTU is the MTU for inter-pod networking.
-              type: integer
-            networkType:
-              description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN).
-              type: string
-            serviceNetwork:
-              description: IP address pool for services. Currently, we only support
-                a single entry here.
-              type: array
-              items:
-                type: string
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml
@ -1,661 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: oauths.config.openshift.io
-spec:
-  group: config.openshift.io
-  names:
-    kind: OAuth
-    listKind: OAuthList
-    plural: oauths
-    singular: oauth
-  scope: Cluster
-  preserveUnknownFields: false
-  subresources:
-    status: {}
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  "validation":
-    "openAPIV3Schema":
-      description: OAuth holds cluster-wide information about OAuth.  The canonical
-        name is `cluster`. It is used to configure the integrated OAuth server. This
-        configuration is only honored when the top level Authentication config has
-        type set to IntegratedOAuth.
-      type: object
-      required:
-      - spec
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: OAuthSpec contains desired cluster auth configuration
-          type: object
-          properties:
-            identityProviders:
-              description: identityProviders is an ordered list of ways for a user
-                to identify themselves. When this list is empty, no identities are
-                provisioned for users.
-              type: array
-              items:
-                description: IdentityProvider provides identities for users authenticating
-                  using credentials
-                type: object
-                properties:
-                  basicAuth:
-                    description: basicAuth contains configuration options for the
-                      BasicAuth IdP
-                    type: object
-                    properties:
-                      ca:
-                        description: ca is an optional reference to a config map by
-                          name containing the PEM-encoded CA bundle. It is used as
-                          a trust anchor to validate the TLS certificate presented
-                          by the remote server. The key "ca.crt" is used to locate
-                          the data. If specified and the config map or expected key
-                          is not found, the identity provider is not honored. If the
-                          specified ca data is not valid, the identity provider is
-                          not honored. If empty, the default system roots are used.
-                          The namespace for this config map is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              config map
-                            type: string
-                      tlsClientCert:
-                        description: tlsClientCert is an optional reference to a secret
-                          by name that contains the PEM-encoded TLS client certificate
-                          to present when connecting to the server. The key "tls.crt"
-                          is used to locate the data. If specified and the secret
-                          or expected key is not found, the identity provider is not
-                          honored. If the specified certificate data is not valid,
-                          the identity provider is not honored. The namespace for
-                          this secret is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              secret
-                            type: string
-                      tlsClientKey:
-                        description: tlsClientKey is an optional reference to a secret
-                          by name that contains the PEM-encoded TLS private key for
-                          the client certificate referenced in tlsClientCert. The
-                          key "tls.key" is used to locate the data. If specified and
-                          the secret or expected key is not found, the identity provider
-                          is not honored. If the specified certificate data is not
-                          valid, the identity provider is not honored. The namespace
-                          for this secret is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              secret
-                            type: string
-                      url:
-                        description: url is the remote URL to connect to
-                        type: string
-                  github:
-                    description: github enables user authentication using GitHub credentials
-                    type: object
-                    properties:
-                      ca:
-                        description: ca is an optional reference to a config map by
-                          name containing the PEM-encoded CA bundle. It is used as
-                          a trust anchor to validate the TLS certificate presented
-                          by the remote server. The key "ca.crt" is used to locate
-                          the data. If specified and the config map or expected key
-                          is not found, the identity provider is not honored. If the
-                          specified ca data is not valid, the identity provider is
-                          not honored. If empty, the default system roots are used.
-                          This can only be configured when hostname is set to a non-empty
-                          value. The namespace for this config map is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              config map
-                            type: string
-                      clientID:
-                        description: clientID is the oauth client ID
-                        type: string
-                      clientSecret:
-                        description: clientSecret is a required reference to the secret
-                          by name containing the oauth client secret. The key "clientSecret"
-                          is used to locate the data. If the secret or expected key
-                          is not found, the identity provider is not honored. The
-                          namespace for this secret is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              secret
-                            type: string
-                      hostname:
-                        description: hostname is the optional domain (e.g. "mycompany.com")
-                          for use with a hosted instance of GitHub Enterprise. It
-                          must match the GitHub Enterprise settings value configured
-                          at /setup/settings#hostname.
-                        type: string
-                      organizations:
-                        description: organizations optionally restricts which organizations
-                          are allowed to log in
-                        type: array
-                        items:
-                          type: string
-                      teams:
-                        description: teams optionally restricts which teams are allowed
-                          to log in. Format is <org>/<team>.
-                        type: array
-                        items:
-                          type: string
-                  gitlab:
-                    description: gitlab enables user authentication using GitLab credentials
-                    type: object
-                    properties:
-                      ca:
-                        description: ca is an optional reference to a config map by
-                          name containing the PEM-encoded CA bundle. It is used as
-                          a trust anchor to validate the TLS certificate presented
-                          by the remote server. The key "ca.crt" is used to locate
-                          the data. If specified and the config map or expected key
-                          is not found, the identity provider is not honored. If the
-                          specified ca data is not valid, the identity provider is
-                          not honored. If empty, the default system roots are used.
-                          The namespace for this config map is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              config map
-                            type: string
-                      clientID:
-                        description: clientID is the oauth client ID
-                        type: string
-                      clientSecret:
-                        description: clientSecret is a required reference to the secret
-                          by name containing the oauth client secret. The key "clientSecret"
-                          is used to locate the data. If the secret or expected key
-                          is not found, the identity provider is not honored. The
-                          namespace for this secret is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              secret
-                            type: string
-                      url:
-                        description: url is the oauth server base URL
-                        type: string
-                  google:
-                    description: google enables user authentication using Google credentials
-                    type: object
-                    properties:
-                      clientID:
-                        description: clientID is the oauth client ID
-                        type: string
-                      clientSecret:
-                        description: clientSecret is a required reference to the secret
-                          by name containing the oauth client secret. The key "clientSecret"
-                          is used to locate the data. If the secret or expected key
-                          is not found, the identity provider is not honored. The
-                          namespace for this secret is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              secret
-                            type: string
-                      hostedDomain:
-                        description: hostedDomain is the optional Google App domain
-                          (e.g. "mycompany.com") to restrict logins to
-                        type: string
-                  htpasswd:
-                    description: htpasswd enables user authentication using an HTPasswd
-                      file to validate credentials
-                    type: object
-                    properties:
-                      fileData:
-                        description: fileData is a required reference to a secret
-                          by name containing the data to use as the htpasswd file.
-                          The key "htpasswd" is used to locate the data. If the secret
-                          or expected key is not found, the identity provider is not
-                          honored. If the specified htpasswd data is not valid, the
-                          identity provider is not honored. The namespace for this
-                          secret is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              secret
-                            type: string
-                  keystone:
-                    description: keystone enables user authentication using keystone
-                      password credentials
-                    type: object
-                    properties:
-                      ca:
-                        description: ca is an optional reference to a config map by
-                          name containing the PEM-encoded CA bundle. It is used as
-                          a trust anchor to validate the TLS certificate presented
-                          by the remote server. The key "ca.crt" is used to locate
-                          the data. If specified and the config map or expected key
-                          is not found, the identity provider is not honored. If the
-                          specified ca data is not valid, the identity provider is
-                          not honored. If empty, the default system roots are used.
-                          The namespace for this config map is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              config map
-                            type: string
-                      domainName:
-                        description: domainName is required for keystone v3
-                        type: string
-                      tlsClientCert:
-                        description: tlsClientCert is an optional reference to a secret
-                          by name that contains the PEM-encoded TLS client certificate
-                          to present when connecting to the server. The key "tls.crt"
-                          is used to locate the data. If specified and the secret
-                          or expected key is not found, the identity provider is not
-                          honored. If the specified certificate data is not valid,
-                          the identity provider is not honored. The namespace for
-                          this secret is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              secret
-                            type: string
-                      tlsClientKey:
-                        description: tlsClientKey is an optional reference to a secret
-                          by name that contains the PEM-encoded TLS private key for
-                          the client certificate referenced in tlsClientCert. The
-                          key "tls.key" is used to locate the data. If specified and
-                          the secret or expected key is not found, the identity provider
-                          is not honored. If the specified certificate data is not
-                          valid, the identity provider is not honored. The namespace
-                          for this secret is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              secret
-                            type: string
-                      url:
-                        description: url is the remote URL to connect to
-                        type: string
-                  ldap:
-                    description: ldap enables user authentication using LDAP credentials
-                    type: object
-                    properties:
-                      attributes:
-                        description: attributes maps LDAP attributes to identities
-                        type: object
-                        properties:
-                          email:
-                            description: email is the list of attributes whose values
-                              should be used as the email address. Optional. If unspecified,
-                              no email is set for the identity
-                            type: array
-                            items:
-                              type: string
-                          id:
-                            description: id is the list of attributes whose values
-                              should be used as the user ID. Required. First non-empty
-                              attribute is used. At least one attribute is required.
-                              If none of the listed attribute have a value, authentication
-                              fails. LDAP standard identity attribute is "dn"
-                            type: array
-                            items:
-                              type: string
-                          name:
-                            description: name is the list of attributes whose values
-                              should be used as the display name. Optional. If unspecified,
-                              no display name is set for the identity LDAP standard
-                              display name attribute is "cn"
-                            type: array
-                            items:
-                              type: string
-                          preferredUsername:
-                            description: preferredUsername is the list of attributes
-                              whose values should be used as the preferred username.
-                              LDAP standard login attribute is "uid"
-                            type: array
-                            items:
-                              type: string
-                      bindDN:
-                        description: bindDN is an optional DN to bind with during
-                          the search phase.
-                        type: string
-                      bindPassword:
-                        description: bindPassword is an optional reference to a secret
-                          by name containing a password to bind with during the search
-                          phase. The key "bindPassword" is used to locate the data.
-                          If specified and the secret or expected key is not found,
-                          the identity provider is not honored. The namespace for
-                          this secret is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              secret
-                            type: string
-                      ca:
-                        description: ca is an optional reference to a config map by
-                          name containing the PEM-encoded CA bundle. It is used as
-                          a trust anchor to validate the TLS certificate presented
-                          by the remote server. The key "ca.crt" is used to locate
-                          the data. If specified and the config map or expected key
-                          is not found, the identity provider is not honored. If the
-                          specified ca data is not valid, the identity provider is
-                          not honored. If empty, the default system roots are used.
-                          The namespace for this config map is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              config map
-                            type: string
-                      insecure:
-                        description: 'insecure, if true, indicates the connection
-                          should not use TLS WARNING: Should not be set to `true`
-                          with the URL scheme "ldaps://" as "ldaps://" URLs always          attempt
-                          to connect using TLS, even when `insecure` is set to `true`
-                          When `true`, "ldap://" URLS connect insecurely. When `false`,
-                          "ldap://" URLs are upgraded to a TLS connection using StartTLS
-                          as specified in https://tools.ietf.org/html/rfc2830.'
-                        type: boolean
-                      url:
-                        description: 'url is an RFC 2255 URL which specifies the LDAP
-                          search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter'
-                        type: string
-                  mappingMethod:
-                    description: mappingMethod determines how identities from this
-                      provider are mapped to users Defaults to "claim"
-                    type: string
-                  name:
-                    description: 'name is used to qualify the identities returned
-                      by this provider. - It MUST be unique and not shared by any
-                      other identity provider used - It MUST be a valid path segment:
-                      name cannot equal "." or ".." or contain "/" or "%" or ":"   Ref:
-                      https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName'
-                    type: string
-                  openID:
-                    description: openID enables user authentication using OpenID credentials
-                    type: object
-                    properties:
-                      ca:
-                        description: ca is an optional reference to a config map by
-                          name containing the PEM-encoded CA bundle. It is used as
-                          a trust anchor to validate the TLS certificate presented
-                          by the remote server. The key "ca.crt" is used to locate
-                          the data. If specified and the config map or expected key
-                          is not found, the identity provider is not honored. If the
-                          specified ca data is not valid, the identity provider is
-                          not honored. If empty, the default system roots are used.
-                          The namespace for this config map is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              config map
-                            type: string
-                      claims:
-                        description: claims mappings
-                        type: object
-                        properties:
-                          email:
-                            description: email is the list of claims whose values
-                              should be used as the email address. Optional. If unspecified,
-                              no email is set for the identity
-                            type: array
-                            items:
-                              type: string
-                          name:
-                            description: name is the list of claims whose values should
-                              be used as the display name. Optional. If unspecified,
-                              no display name is set for the identity
-                            type: array
-                            items:
-                              type: string
-                          preferredUsername:
-                            description: preferredUsername is the list of claims whose
-                              values should be used as the preferred username. If
-                              unspecified, the preferred username is determined from
-                              the value of the sub claim
-                            type: array
-                            items:
-                              type: string
-                      clientID:
-                        description: clientID is the oauth client ID
-                        type: string
-                      clientSecret:
-                        description: clientSecret is a required reference to the secret
-                          by name containing the oauth client secret. The key "clientSecret"
-                          is used to locate the data. If the secret or expected key
-                          is not found, the identity provider is not honored. The
-                          namespace for this secret is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              secret
-                            type: string
-                      extraAuthorizeParameters:
-                        description: extraAuthorizeParameters are any custom parameters
-                          to add to the authorize request.
-                        type: object
-                        additionalProperties:
-                          type: string
-                      extraScopes:
-                        description: extraScopes are any scopes to request in addition
-                          to the standard "openid" scope.
-                        type: array
-                        items:
-                          type: string
-                      issuer:
-                        description: issuer is the URL that the OpenID Provider asserts
-                          as its Issuer Identifier. It must use the https scheme with
-                          no query or fragment component.
-                        type: string
-                  requestHeader:
-                    description: requestHeader enables user authentication using request
-                      header credentials
-                    type: object
-                    properties:
-                      ca:
-                        description: ca is a required reference to a config map by
-                          name containing the PEM-encoded CA bundle. It is used as
-                          a trust anchor to validate the TLS certificate presented
-                          by the remote server. Specifically, it allows verification
-                          of incoming requests to prevent header spoofing. The key
-                          "ca.crt" is used to locate the data. If the config map or
-                          expected key is not found, the identity provider is not
-                          honored. If the specified ca data is not valid, the identity
-                          provider is not honored. The namespace for this config map
-                          is openshift-config.
-                        type: object
-                        required:
-                        - name
-                        properties:
-                          name:
-                            description: name is the metadata.name of the referenced
-                              config map
-                            type: string
-                      challengeURL:
-                        description: challengeURL is a URL to redirect unauthenticated
-                          /authorize requests to Unauthenticated requests from OAuth
-                          clients which expect WWW-Authenticate challenges will be
-                          redirected here. ${url} is replaced with the current URL,
-                          escaped to be safe in a query parameter   https://www.example.com/sso-login?then=${url}
-                          ${query} is replaced with the current query string   https://www.example.com/auth-proxy/oauth/authorize?${query}
-                          Required when challenge is set to true.
-                        type: string
-                      clientCommonNames:
-                        description: clientCommonNames is an optional list of common
-                          names to require a match from. If empty, any client certificate
-                          validated against the clientCA bundle is considered authoritative.
-                        type: array
-                        items:
-                          type: string
-                      emailHeaders:
-                        description: emailHeaders is the set of headers to check for
-                          the email address
-                        type: array
-                        items:
-                          type: string
-                      headers:
-                        description: headers is the set of headers to check for identity
-                          information
-                        type: array
-                        items:
-                          type: string
-                      loginURL:
-                        description: loginURL is a URL to redirect unauthenticated
-                          /authorize requests to Unauthenticated requests from OAuth
-                          clients which expect interactive logins will be redirected
-                          here ${url} is replaced with the current URL, escaped to
-                          be safe in a query parameter   https://www.example.com/sso-login?then=${url}
-                          ${query} is replaced with the current query string   https://www.example.com/auth-proxy/oauth/authorize?${query}
-                          Required when login is set to true.
-                        type: string
-                      nameHeaders:
-                        description: nameHeaders is the set of headers to check for
-                          the display name
-                        type: array
-                        items:
-                          type: string
-                      preferredUsernameHeaders:
-                        description: preferredUsernameHeaders is the set of headers
-                          to check for the preferred username
-                        type: array
-                        items:
-                          type: string
-                  type:
-                    description: type identifies the identity provider type for this
-                      entry.
-                    type: string
-            templates:
-              description: templates allow you to customize pages like the login page.
-              type: object
-              properties:
-                error:
-                  description: error is the name of a secret that specifies a go template
-                    to use to render error pages during the authentication or grant
-                    flow. The key "errors.html" is used to locate the template data.
-                    If specified and the secret or expected key is not found, the
-                    default error page is used. If the specified template is not valid,
-                    the default error page is used. If unspecified, the default error
-                    page is used. The namespace for this secret is openshift-config.
-                  type: object
-                  required:
-                  - name
-                  properties:
-                    name:
-                      description: name is the metadata.name of the referenced secret
-                      type: string
-                login:
-                  description: login is the name of a secret that specifies a go template
-                    to use to render the login page. The key "login.html" is used
-                    to locate the template data. If specified and the secret or expected
-                    key is not found, the default login page is used. If the specified
-                    template is not valid, the default login page is used. If unspecified,
-                    the default login page is used. The namespace for this secret
-                    is openshift-config.
-                  type: object
-                  required:
-                  - name
-                  properties:
-                    name:
-                      description: name is the metadata.name of the referenced secret
-                      type: string
-                providerSelection:
-                  description: providerSelection is the name of a secret that specifies
-                    a go template to use to render the provider selection page. The
-                    key "providers.html" is used to locate the template data. If specified
-                    and the secret or expected key is not found, the default provider
-                    selection page is used. If the specified template is not valid,
-                    the default provider selection page is used. If unspecified, the
-                    default provider selection page is used. The namespace for this
-                    secret is openshift-config.
-                  type: object
-                  required:
-                  - name
-                  properties:
-                    name:
-                      description: name is the metadata.name of the referenced secret
-                      type: string
-            tokenConfig:
-              description: tokenConfig contains options for authorization and access
-                tokens
-              type: object
-              properties:
-                accessTokenInactivityTimeoutSeconds:
-                  description: 'accessTokenInactivityTimeoutSeconds defines the default
-                    token inactivity timeout for tokens granted by any client. The
-                    value represents the maximum amount of time that can occur between
-                    consecutive uses of the token. Tokens become invalid if they are
-                    not used within this temporal window. The user will need to acquire
-                    a new token to regain access once a token times out. Valid values
-                    are integer values:   x < 0  Tokens time out is enabled but tokens
-                    never timeout unless configured per client (e.g. `-1`)   x = 0  Tokens
-                    time out is disabled (default)   x > 0  Tokens time out if there
-                    is no activity for x seconds The current minimum allowed value
-                    for X is 300 (5 minutes)'
-                  type: integer
-                  format: int32
-                accessTokenMaxAgeSeconds:
-                  description: accessTokenMaxAgeSeconds defines the maximum age of
-                    access tokens
-                  type: integer
-                  format: int32
-        status:
-          description: OAuthStatus shows current known state of OAuth server in the
-            cluster
-          type: object
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml
@ -1,63 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: projects.config.openshift.io
-spec:
-  group: config.openshift.io
-  scope: Cluster
-  preserveUnknownFields: false
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  names:
-    kind: Project
-    listKind: ProjectList
-    plural: projects
-    singular: project
-  subresources:
-    status: {}
-  "validation":
-    "openAPIV3Schema":
-      description: Project holds cluster-wide information about Project.  The canonical
-        name is `cluster`
-      type: object
-      required:
-      - spec
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: spec holds user settable values for configuration
-          type: object
-          properties:
-            projectRequestMessage:
-              description: projectRequestMessage is the string presented to a user
-                if they are unable to request a project via the projectrequest api
-                endpoint
-              type: string
-            projectRequestTemplate:
-              description: projectRequestTemplate is the template to use for creating
-                projects in response to projectrequest. This must point to a template
-                in 'openshift-config' namespace. It is optional. If it is not specified,
-                a default template is used.
-              type: object
-              properties:
-                name:
-                  description: name is the metadata.name of the referenced project
-                    request template
-                  type: string
-        status:
-          description: status holds observed values from the cluster. They may not
-            be overridden.
-          type: object
--- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml
+++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml
@ -1,88 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: schedulers.config.openshift.io
-spec:
-  group: config.openshift.io
-  scope: Cluster
-  preserveUnknownFields: false
-  names:
-    kind: Scheduler
-    singular: scheduler
-    plural: schedulers
-    listKind: SchedulerList
-  versions:
-  - name: v1
-    served: true
-    storage: true
-  subresources:
-    status: {}
-  "validation":
-    "openAPIV3Schema":
-      description: Scheduler holds cluster-wide config information to run the Kubernetes
-        Scheduler and influence its placement decisions. The canonical name for this
-        config is `cluster`.
-      type: object
-      required:
-      - spec
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: spec holds user settable values for configuration
-          type: object
-          properties:
-            defaultNodeSelector:
-              description: 'defaultNodeSelector helps set the cluster-wide default
-                node selector to restrict pod placement to specific nodes. This is
-                applied to the pods created in all namespaces without a specified
-                nodeSelector value. For example, defaultNodeSelector: "type=user-node,region=east"
-                would set nodeSelector field in pod spec to "type=user-node,region=east"
-                to all pods created in all namespaces. Namespaces having project-wide
-                node selectors won''t be impacted even if this field is set. This
-                adds an annotation section to the namespace. For example, if a new
-                namespace is created with node-selector=''type=user-node,region=east'',
-                the annotation openshift.io/node-selector: type=user-node,region=east
-                gets added to the project. When the openshift.io/node-selector annotation
-                is set on the project the value is used in preference to the value
-                we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector:
-                "type=user-node,region=west" means that the default of "type=user-node,region=east"
-                set in defaultNodeSelector would not be applied.'
-              type: string
-            mastersSchedulable:
-              description: 'MastersSchedulable allows masters nodes to be schedulable.
-                When this flag is turned on, all the master nodes in the cluster will
-                be made schedulable, so that workload pods can run on them. The default
-                value for this field is false, meaning none of the master nodes are
-                schedulable. Important Note: Once the workload pods start running
-                on the master nodes, extreme care must be taken to ensure that cluster-critical
-                control plane components are not impacted. Please turn on this field
-                after doing due diligence.'
-              type: boolean
-            policy:
-              description: policy is a reference to a ConfigMap containing scheduler
-                policy which has user specified predicates and priorities. If this
-                ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider.
-                The namespace for this configmap is openshift-config.
-              type: object
-              required:
-              - name
-              properties:
-                name:
-                  description: name is the metadata.name of the referenced config
-                    map
-                  type: string
-        status:
-          description: status holds observed values from the cluster. They may not
-            be overridden.
-          type: object
--- a/vendor/github.com/openshift/api/config/v1/doc.go
+++ b/vendor/github.com/openshift/api/config/v1/doc.go
@ -1,8 +0,0 @@
-// +k8s:deepcopy-gen=package,register
-// +k8s:defaulter-gen=TypeMeta
-// +k8s:openapi-gen=true
-
-// +kubebuilder:validation:Optional
-// +groupName=config.openshift.io
-// Package v1 is the v1 version of the API.
-package v1
--- a/vendor/github.com/openshift/api/config/v1/register.go
+++ b/vendor/github.com/openshift/api/config/v1/register.go
@ -1,70 +0,0 @@
-package v1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-)
-
-var (
-	GroupName     = "config.openshift.io"
-	GroupVersion  = schema.GroupVersion{Group: GroupName, Version: "v1"}
-	schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
-	// Install is a function which adds this version to a scheme
-	Install = schemeBuilder.AddToScheme
-
-	// SchemeGroupVersion generated code relies on this name
-	// Deprecated
-	SchemeGroupVersion = GroupVersion
-	// AddToScheme exists solely to keep the old generators creating valid code
-	// DEPRECATED
-	AddToScheme = schemeBuilder.AddToScheme
-)
-
-// Resource generated code relies on this being here, but it logically belongs to the group
-// DEPRECATED
-func Resource(resource string) schema.GroupResource {
-	return schema.GroupResource{Group: GroupName, Resource: resource}
-}
-
-// Adds the list of known types to api.Scheme.
-func addKnownTypes(scheme *runtime.Scheme) error {
-	scheme.AddKnownTypes(GroupVersion,
-		&APIServer{},
-		&APIServerList{},
-		&Authentication{},
-		&AuthenticationList{},
-		&Build{},
-		&BuildList{},
-		&ClusterOperator{},
-		&ClusterOperatorList{},
-		&ClusterVersion{},
-		&ClusterVersionList{},
-		&Console{},
-		&ConsoleList{},
-		&DNS{},
-		&DNSList{},
-		&FeatureGate{},
-		&FeatureGateList{},
-		&Image{},
-		&ImageList{},
-		&Infrastructure{},
-		&InfrastructureList{},
-		&Ingress{},
-		&IngressList{},
-		&Network{},
-		&NetworkList{},
-		&OAuth{},
-		&OAuthList{},
-		&OperatorHub{},
-		&OperatorHubList{},
-		&Project{},
-		&ProjectList{},
-		&Proxy{},
-		&ProxyList{},
-		&Scheduler{},
-		&SchedulerList{},
-	)
-	metav1.AddToGroupVersion(scheme, GroupVersion)
-	return nil
-}
--- a/vendor/github.com/openshift/api/config/v1/stringsource.go
+++ b/vendor/github.com/openshift/api/config/v1/stringsource.go
@ -1,31 +0,0 @@
-package v1
-
-import "encoding/json"
-
-// UnmarshalJSON implements the json.Unmarshaller interface.
-// If the value is a string, it sets the Value field of the StringSource.
-// Otherwise, it is unmarshaled into the StringSourceSpec struct
-func (s *StringSource) UnmarshalJSON(value []byte) error {
-	// If we can unmarshal to a simple string, just set the value
-	var simpleValue string
-	if err := json.Unmarshal(value, &simpleValue); err == nil {
-		s.Value = simpleValue
-		return nil
-	}
-
-	// Otherwise do the full struct unmarshal
-	return json.Unmarshal(value, &s.StringSourceSpec)
-}
-
-// MarshalJSON implements the json.Marshaller interface.
-// If the StringSource contains only a string Value (or is empty), it is marshaled as a JSON string.
-// Otherwise, the StringSourceSpec struct is marshaled as a JSON object.
-func (s *StringSource) MarshalJSON() ([]byte, error) {
-	// If we have only a cleartext value set, do a simple string marshal
-	if s.StringSourceSpec == (StringSourceSpec{Value: s.Value}) {
-		return json.Marshal(s.Value)
-	}
-
-	// Otherwise do the full struct marshal of the externalized bits
-	return json.Marshal(s.StringSourceSpec)
-}
--- a/vendor/github.com/openshift/api/config/v1/types.go
+++ b/vendor/github.com/openshift/api/config/v1/types.go
@ -1,312 +0,0 @@
-package v1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-)
-
-// ConfigMapFileReference references a config map in a specific namespace.
-// The namespace must be specified at the point of use.
-type ConfigMapFileReference struct {
-	Name string `json:"name"`
-	// Key allows pointing to a specific key/value inside of the configmap.  This is useful for logical file references.
-	Key string `json:"key,omitempty"`
-}
-
-// ConfigMapNameReference references a config map in a specific namespace.
-// The namespace must be specified at the point of use.
-type ConfigMapNameReference struct {
-	// name is the metadata.name of the referenced config map
-	// +kubebuilder:validation:Required
-	// +required
-	Name string `json:"name"`
-}
-
-// SecretNameReference references a secret in a specific namespace.
-// The namespace must be specified at the point of use.
-type SecretNameReference struct {
-	// name is the metadata.name of the referenced secret
-	// +kubebuilder:validation:Required
-	// +required
-	Name string `json:"name"`
-}
-
-// HTTPServingInfo holds configuration for serving HTTP
-type HTTPServingInfo struct {
-	// ServingInfo is the HTTP serving information
-	ServingInfo `json:",inline"`
-	// MaxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.
-	MaxRequestsInFlight int64 `json:"maxRequestsInFlight"`
-	// RequestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if
-	// -1 there is no limit on requests.
-	RequestTimeoutSeconds int64 `json:"requestTimeoutSeconds"`
-}
-
-// ServingInfo holds information about serving web pages
-type ServingInfo struct {
-	// BindAddress is the ip:port to serve on
-	BindAddress string `json:"bindAddress"`
-	// BindNetwork is the type of network to bind to - defaults to "tcp4", accepts "tcp",
-	// "tcp4", and "tcp6"
-	BindNetwork string `json:"bindNetwork"`
-	// CertInfo is the TLS cert info for serving secure traffic.
-	// this is anonymous so that we can inline it for serialization
-	CertInfo `json:",inline"`
-	// ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates
-	// +optional
-	ClientCA string `json:"clientCA,omitempty"`
-	// NamedCertificates is a list of certificates to use to secure requests to specific hostnames
-	NamedCertificates []NamedCertificate `json:"namedCertificates,omitempty"`
-	// MinTLSVersion is the minimum TLS version supported.
-	// Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants
-	MinTLSVersion string `json:"minTLSVersion,omitempty"`
-	// CipherSuites contains an overridden list of ciphers for the server to support.
-	// Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants
-	CipherSuites []string `json:"cipherSuites,omitempty"`
-}
-
-// CertInfo relates a certificate with a private key
-type CertInfo struct {
-	// CertFile is a file containing a PEM-encoded certificate
-	CertFile string `json:"certFile"`
-	// KeyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile
-	KeyFile string `json:"keyFile"`
-}
-
-// NamedCertificate specifies a certificate/key, and the names it should be served for
-type NamedCertificate struct {
-	// Names is a list of DNS names this certificate should be used to secure
-	// A name can be a normal DNS name, or can contain leading wildcard segments.
-	Names []string `json:"names,omitempty"`
-	// CertInfo is the TLS cert info for serving secure traffic
-	CertInfo `json:",inline"`
-}
-
-// LeaderElection provides information to elect a leader
-type LeaderElection struct {
-	// disable allows leader election to be suspended while allowing a fully defaulted "normal" startup case.
-	Disable bool `json:"disable,omitempty"`
-	// namespace indicates which namespace the resource is in
-	Namespace string `json:"namespace,omitempty"`
-	// name indicates what name to use for the resource
-	Name string `json:"name,omitempty"`
-
-	// leaseDuration is the duration that non-leader candidates will wait
-	// after observing a leadership renewal until attempting to acquire
-	// leadership of a led but unrenewed leader slot. This is effectively the
-	// maximum duration that a leader can be stopped before it is replaced
-	// by another candidate. This is only applicable if leader election is
-	// enabled.
-	// +nullable
-	LeaseDuration metav1.Duration `json:"leaseDuration"`
-	// renewDeadline is the interval between attempts by the acting master to
-	// renew a leadership slot before it stops leading. This must be less
-	// than or equal to the lease duration. This is only applicable if leader
-	// election is enabled.
-	// +nullable
-	RenewDeadline metav1.Duration `json:"renewDeadline"`
-	// retryPeriod is the duration the clients should wait between attempting
-	// acquisition and renewal of a leadership. This is only applicable if
-	// leader election is enabled.
-	// +nullable
-	RetryPeriod metav1.Duration `json:"retryPeriod"`
-}
-
-// StringSource allows specifying a string inline, or externally via env var or file.
-// When it contains only a string value, it marshals to a simple JSON string.
-type StringSource struct {
-	// StringSourceSpec specifies the string value, or external location
-	StringSourceSpec `json:",inline"`
-}
-
-// StringSourceSpec specifies a string value, or external location
-type StringSourceSpec struct {
-	// Value specifies the cleartext value, or an encrypted value if keyFile is specified.
-	Value string `json:"value"`
-
-	// Env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.
-	Env string `json:"env"`
-
-	// File references a file containing the cleartext value, or an encrypted value if a keyFile is specified.
-	File string `json:"file"`
-
-	// KeyFile references a file containing the key to use to decrypt the value.
-	KeyFile string `json:"keyFile"`
-}
-
-// RemoteConnectionInfo holds information necessary for establishing a remote connection
-type RemoteConnectionInfo struct {
-	// URL is the remote URL to connect to
-	URL string `json:"url"`
-	// CA is the CA for verifying TLS connections
-	CA string `json:"ca"`
-	// CertInfo is the TLS client cert information to present
-	// this is anonymous so that we can inline it for serialization
-	CertInfo `json:",inline"`
-}
-
-type AdmissionConfig struct {
-	PluginConfig map[string]AdmissionPluginConfig `json:"pluginConfig,omitempty"`
-
-	// enabledPlugins is a list of admission plugins that must be on in addition to the default list.
-	// Some admission plugins are disabled by default, but certain configurations require them.  This is fairly uncommon
-	// and can result in performance penalties and unexpected behavior.
-	EnabledAdmissionPlugins []string `json:"enabledPlugins,omitempty"`
-
-	// disabledPlugins is a list of admission plugins that must be off.  Putting something in this list
-	// is almost always a mistake and likely to result in cluster instability.
-	DisabledAdmissionPlugins []string `json:"disabledPlugins,omitempty"`
-}
-
-// AdmissionPluginConfig holds the necessary configuration options for admission plugins
-type AdmissionPluginConfig struct {
-	// Location is the path to a configuration file that contains the plugin's
-	// configuration
-	Location string `json:"location"`
-
-	// Configuration is an embedded configuration object to be used as the plugin's
-	// configuration. If present, it will be used instead of the path to the configuration file.
-	// +nullable
-	// +kubebuilder:pruning:PreserveUnknownFields
-	Configuration runtime.RawExtension `json:"configuration"`
-}
-
-type LogFormatType string
-
-type WebHookModeType string
-
-const (
-	// LogFormatLegacy saves event in 1-line text format.
-	LogFormatLegacy LogFormatType = "legacy"
-	// LogFormatJson saves event in structured json format.
-	LogFormatJson LogFormatType = "json"
-
-	// WebHookModeBatch indicates that the webhook should buffer audit events
-	// internally, sending batch updates either once a certain number of
-	// events have been received or a certain amount of time has passed.
-	WebHookModeBatch WebHookModeType = "batch"
-	// WebHookModeBlocking causes the webhook to block on every attempt to process
-	// a set of events. This causes requests to the API server to wait for a
-	// round trip to the external audit service before sending a response.
-	WebHookModeBlocking WebHookModeType = "blocking"
-)
-
-// AuditConfig holds configuration for the audit capabilities
-type AuditConfig struct {
-	// If this flag is set, audit log will be printed in the logs.
-	// The logs contains, method, user and a requested URL.
-	Enabled bool `json:"enabled"`
-	// All requests coming to the apiserver will be logged to this file.
-	AuditFilePath string `json:"auditFilePath"`
-	// Maximum number of days to retain old log files based on the timestamp encoded in their filename.
-	MaximumFileRetentionDays int32 `json:"maximumFileRetentionDays"`
-	// Maximum number of old log files to retain.
-	MaximumRetainedFiles int32 `json:"maximumRetainedFiles"`
-	// Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.
-	MaximumFileSizeMegabytes int32 `json:"maximumFileSizeMegabytes"`
-
-	// PolicyFile is a path to the file that defines the audit policy configuration.
-	PolicyFile string `json:"policyFile"`
-	// PolicyConfiguration is an embedded policy configuration object to be used
-	// as the audit policy configuration. If present, it will be used instead of
-	// the path to the policy file.
-	// +nullable
-	// +kubebuilder:pruning:PreserveUnknownFields
-	PolicyConfiguration runtime.RawExtension `json:"policyConfiguration"`
-
-	// Format of saved audits (legacy or json).
-	LogFormat LogFormatType `json:"logFormat"`
-
-	// Path to a .kubeconfig formatted file that defines the audit webhook configuration.
-	WebHookKubeConfig string `json:"webHookKubeConfig"`
-	// Strategy for sending audit events (block or batch).
-	WebHookMode WebHookModeType `json:"webHookMode"`
-}
-
-// EtcdConnectionInfo holds information necessary for connecting to an etcd server
-type EtcdConnectionInfo struct {
-	// URLs are the URLs for etcd
-	URLs []string `json:"urls,omitempty"`
-	// CA is a file containing trusted roots for the etcd server certificates
-	CA string `json:"ca"`
-	// CertInfo is the TLS client cert information for securing communication to etcd
-	// this is anonymous so that we can inline it for serialization
-	CertInfo `json:",inline"`
-}
-
-type EtcdStorageConfig struct {
-	EtcdConnectionInfo `json:",inline"`
-
-	// StoragePrefix is the path within etcd that the OpenShift resources will
-	// be rooted under. This value, if changed, will mean existing objects in etcd will
-	// no longer be located.
-	StoragePrefix string `json:"storagePrefix"`
-}
-
-// GenericAPIServerConfig is an inline-able struct for aggregated apiservers that need to store data in etcd
-type GenericAPIServerConfig struct {
-	// servingInfo describes how to start serving
-	ServingInfo HTTPServingInfo `json:"servingInfo"`
-
-	// corsAllowedOrigins
-	CORSAllowedOrigins []string `json:"corsAllowedOrigins"`
-
-	// auditConfig describes how to configure audit information
-	AuditConfig AuditConfig `json:"auditConfig"`
-
-	// storageConfig contains information about how to use
-	StorageConfig EtcdStorageConfig `json:"storageConfig"`
-
-	// admissionConfig holds information about how to configure admission.
-	AdmissionConfig AdmissionConfig `json:"admission"`
-
-	KubeClientConfig KubeClientConfig `json:"kubeClientConfig"`
-}
-
-type KubeClientConfig struct {
-	// kubeConfig is a .kubeconfig filename for going to the owning kube-apiserver.  Empty uses an in-cluster-config
-	KubeConfig string `json:"kubeConfig"`
-
-	// connectionOverrides specifies client overrides for system components to loop back to this master.
-	ConnectionOverrides ClientConnectionOverrides `json:"connectionOverrides"`
-}
-
-type ClientConnectionOverrides struct {
-	// acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the
-	// default value of 'application/json'. This field will control all connections to the server used by a particular
-	// client.
-	AcceptContentTypes string `json:"acceptContentTypes"`
-	// contentType is the content type used when sending data to the server from this client.
-	ContentType string `json:"contentType"`
-
-	// qps controls the number of queries per second allowed for this connection.
-	QPS float32 `json:"qps"`
-	// burst allows extra queries to accumulate when a client is exceeding its rate.
-	Burst int32 `json:"burst"`
-}
-
-// GenericControllerConfig provides information to configure a controller
-type GenericControllerConfig struct {
-	// ServingInfo is the HTTP serving information for the controller's endpoints
-	ServingInfo HTTPServingInfo `json:"servingInfo"`
-
-	// leaderElection provides information to elect a leader. Only override this if you have a specific need
-	LeaderElection LeaderElection `json:"leaderElection"`
-
-	// authentication allows configuration of authentication for the endpoints
-	Authentication DelegatedAuthentication `json:"authentication"`
-	// authorization allows configuration of authentication for the endpoints
-	Authorization DelegatedAuthorization `json:"authorization"`
-}
-
-// DelegatedAuthentication allows authentication to be disabled.
-type DelegatedAuthentication struct {
-	// disabled indicates that authentication should be disabled.  By default it will use delegated authentication.
-	Disabled bool `json:"disabled,omitempty"`
-}
-
-// DelegatedAuthorization allows authorization to be disabled.
-type DelegatedAuthorization struct {
-	// disabled indicates that authorization should be disabled.  By default it will use delegated authorization.
-	Disabled bool `json:"disabled,omitempty"`
-}
--- a/vendor/github.com/openshift/api/config/v1/types_apiserver.go
+++ b/vendor/github.com/openshift/api/config/v1/types_apiserver.go
@ -1,118 +0,0 @@
-package v1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// APIServer holds configuration (like serving certificates, client CA and CORS domains)
-// shared by all API servers in the system, among them especially kube-apiserver
-// and openshift-apiserver. The canonical name of an instance is 'cluster'.
-type APIServer struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-	// +kubebuilder:validation:Required
-	// +required
-	Spec APIServerSpec `json:"spec"`
-	// +optional
-	Status APIServerStatus `json:"status"`
-}
-
-type APIServerSpec struct {
-	// servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates
-	// will be used for serving secure traffic.
-	// +optional
-	ServingCerts APIServerServingCerts `json:"servingCerts"`
-	// clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for
-	// incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid.
-	// You usually only have to set this if you have your own PKI you wish to honor client certificates from.
-	// The ConfigMap must exist in the openshift-config namespace and contain the following required fields:
-	// - ConfigMap.Data["ca-bundle.crt"] - CA bundle.
-	// +optional
-	ClientCA ConfigMapNameReference `json:"clientCA"`
-	// additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the
-	// API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth
-	// server from JavaScript applications.
-	// The values are regular expressions that correspond to the Golang regular expression language.
-	// +optional
-	AdditionalCORSAllowedOrigins []string `json:"additionalCORSAllowedOrigins,omitempty"`
-	// encryption allows the configuration of encryption of resources at the datastore layer.
-	// +optional
-	Encryption APIServerEncryption `json:"encryption"`
-	// tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.
-	//
-	// If unset, a default (which may change between releases) is chosen. Note that only Old and
-	// Intermediate profiles are currently supported, and the maximum available MinTLSVersions
-	// is VersionTLS12.
-	// +optional
-	TLSSecurityProfile *TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"`
-}
-
-type APIServerServingCerts struct {
-	// namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames.
-	// If no named certificates are provided, or no named certificates match the server name as understood by a client,
-	// the defaultServingCertificate will be used.
-	// +optional
-	NamedCertificates []APIServerNamedServingCert `json:"namedCertificates,omitempty"`
-}
-
-// APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.
-type APIServerNamedServingCert struct {
-	// names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to
-	// serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates.
-	// Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.
-	// +optional
-	Names []string `json:"names,omitempty"`
-	// servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic.
-	// The secret must exist in the openshift-config namespace and contain the following required fields:
-	// - Secret.Data["tls.key"] - TLS private key.
-	// - Secret.Data["tls.crt"] - TLS certificate.
-	ServingCertificate SecretNameReference `json:"servingCertificate"`
-}
-
-type APIServerEncryption struct {
-	// type defines what encryption type should be used to encrypt resources at the datastore layer.
-	// When this field is unset (i.e. when it is set to the empty string), identity is implied.
-	// The behavior of unset can and will change over time.  Even if encryption is enabled by default,
-	// the meaning of unset may change to a different encryption type based on changes in best practices.
-	//
-	// When encryption is enabled, all sensitive resources shipped with the platform are encrypted.
-	// This list of sensitive resources can and will change over time.  The current authoritative list is:
-	//
-	//   1. secrets
-	//   2. configmaps
-	//   3. routes.route.openshift.io
-	//   4. oauthaccesstokens.oauth.openshift.io
-	//   5. oauthauthorizetokens.oauth.openshift.io
-	//
-	// +unionDiscriminator
-	// +optional
-	Type EncryptionType `json:"type,omitempty"`
-}
-
-// +kubebuilder:validation:Enum="";identity;aescbc
-type EncryptionType string
-
-const (
-	// identity refers to a type where no encryption is performed at the datastore layer.
-	// Resources are written as-is without encryption.
-	EncryptionTypeIdentity EncryptionType = "identity"
-
-	// aescbc refers to a type where AES-CBC with PKCS#7 padding and a 32-byte key
-	// is used to perform encryption at the datastore layer.
-	EncryptionTypeAESCBC EncryptionType = "aescbc"
-)
-
-type APIServerStatus struct {
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-type APIServerList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-	Items           []APIServer `json:"items"`
-}
--- a/vendor/github.com/openshift/api/config/v1/types_authentication.go
+++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go
@ -1,118 +0,0 @@
-package v1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// Authentication specifies cluster-wide settings for authentication (like OAuth and
-// webhook token authenticators). The canonical name of an instance is `cluster`.
-type Authentication struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// spec holds user settable values for configuration
-	// +kubebuilder:validation:Required
-	// +required
-	Spec AuthenticationSpec `json:"spec"`
-	// status holds observed values from the cluster. They may not be overridden.
-	// +optional
-	Status AuthenticationStatus `json:"status"`
-}
-
-type AuthenticationSpec struct {
-	// type identifies the cluster managed, user facing authentication mode in use.
-	// Specifically, it manages the component that responds to login attempts.
-	// The default is IntegratedOAuth.
-	// +optional
-	Type AuthenticationType `json:"type"`
-
-	// oauthMetadata contains the discovery endpoint data for OAuth 2.0
-	// Authorization Server Metadata for an external OAuth server.
-	// This discovery document can be viewed from its served location:
-	// oc get --raw '/.well-known/oauth-authorization-server'
-	// For further details, see the IETF Draft:
-	// https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
-	// If oauthMetadata.name is non-empty, this value has precedence
-	// over any metadata reference stored in status.
-	// The key "oauthMetadata" is used to locate the data.
-	// If specified and the config map or expected key is not found, no metadata is served.
-	// If the specified metadata is not valid, no metadata is served.
-	// The namespace for this config map is openshift-config.
-	// +optional
-	OAuthMetadata ConfigMapNameReference `json:"oauthMetadata"`
-
-	// webhookTokenAuthenticators configures remote token reviewers.
-	// These remote authentication webhooks can be used to verify bearer tokens
-	// via the tokenreviews.authentication.k8s.io REST API.  This is required to
-	// honor bearer tokens that are provisioned by an external authentication service.
-	// The namespace for these secrets is openshift-config.
-	// +optional
-	WebhookTokenAuthenticators []WebhookTokenAuthenticator `json:"webhookTokenAuthenticators,omitempty"`
-}
-
-type AuthenticationStatus struct {
-	// integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0
-	// Authorization Server Metadata for the in-cluster integrated OAuth server.
-	// This discovery document can be viewed from its served location:
-	// oc get --raw '/.well-known/oauth-authorization-server'
-	// For further details, see the IETF Draft:
-	// https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2
-	// This contains the observed value based on cluster state.
-	// An explicitly set value in spec.oauthMetadata has precedence over this field.
-	// This field has no meaning if authentication spec.type is not set to IntegratedOAuth.
-	// The key "oauthMetadata" is used to locate the data.
-	// If the config map or expected key is not found, no metadata is served.
-	// If the specified metadata is not valid, no metadata is served.
-	// The namespace for this config map is openshift-config-managed.
-	IntegratedOAuthMetadata ConfigMapNameReference `json:"integratedOAuthMetadata"`
-
-	// TODO if we add support for an in-cluster operator managed Keycloak instance
-	// KeycloakOAuthMetadata ConfigMapNameReference `json:"keycloakOAuthMetadata"`
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-type AuthenticationList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-
-	Items []Authentication `json:"items"`
-}
-
-type AuthenticationType string
-
-const (
-	// None means that no cluster managed authentication system is in place.
-	// Note that user login will only work if a manually configured system is in place and
-	// referenced in authentication spec via oauthMetadata and webhookTokenAuthenticators.
-	AuthenticationTypeNone AuthenticationType = "None"
-
-	// IntegratedOAuth refers to the cluster managed OAuth server.
-	// It is configured via the top level OAuth config.
-	AuthenticationTypeIntegratedOAuth AuthenticationType = "IntegratedOAuth"
-
-	// TODO if we add support for an in-cluster operator managed Keycloak instance
-	// AuthenticationTypeKeycloak AuthenticationType = "Keycloak"
-)
-
-// webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator
-type WebhookTokenAuthenticator struct {
-	// kubeConfig contains kube config file data which describes how to access the remote webhook service.
-	// For further details, see:
-	// https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication
-	// The key "kubeConfig" is used to locate the data.
-	// If the secret or expected key is not found, the webhook is not honored.
-	// If the specified kube config data is not valid, the webhook is not honored.
-	// The namespace for this secret is determined by the point of use.
-	KubeConfig SecretNameReference `json:"kubeConfig"`
-}
-
-const (
-	// OAuthMetadataKey is the key for the oauth authorization server metadata
-	OAuthMetadataKey = "oauthMetadata"
-
-	// KubeConfigKey is the key for the kube config file data in a secret
-	KubeConfigKey = "kubeConfig"
-)
--- a/vendor/github.com/openshift/api/config/v1/types_build.go
+++ b/vendor/github.com/openshift/api/config/v1/types_build.go
@ -1,109 +0,0 @@
-package v1
-
-import (
-	corev1 "k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// Build configures the behavior of OpenShift builds for the entire cluster.
-// This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.
-//
-// The canonical name is "cluster"
-type Build struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// Spec holds user-settable values for the build controller configuration
-	// +kubebuilder:validation:Required
-	// +required
-	Spec BuildSpec `json:"spec"`
-}
-
-type BuildSpec struct {
-	// AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that
-	// should be trusted for image pushes and pulls during builds.
-	// The namespace for this config map is openshift-config.
-	//
-	// DEPRECATED: Additional CAs for image pull and push should be set on
-	// image.config.openshift.io/cluster instead.
-	//
-	// +optional
-	AdditionalTrustedCA ConfigMapNameReference `json:"additionalTrustedCA"`
-	// BuildDefaults controls the default information for Builds
-	// +optional
-	BuildDefaults BuildDefaults `json:"buildDefaults"`
-	// BuildOverrides controls override settings for builds
-	// +optional
-	BuildOverrides BuildOverrides `json:"buildOverrides"`
-}
-
-type BuildDefaults struct {
-	// DefaultProxy contains the default proxy settings for all build operations, including image pull/push
-	// and source download.
-	//
-	// Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables
-	// in the build config's strategy.
-	// +optional
-	DefaultProxy *ProxySpec `json:"defaultProxy,omitempty"`
-
-	// GitProxy contains the proxy settings for git operations only. If set, this will override
-	// any Proxy settings for all git commands, such as git clone.
-	//
-	// Values that are not set here will be inherited from DefaultProxy.
-	// +optional
-	GitProxy *ProxySpec `json:"gitProxy,omitempty"`
-
-	// Env is a set of default environment variables that will be applied to the
-	// build if the specified variables do not exist on the build
-	// +optional
-	Env []corev1.EnvVar `json:"env,omitempty"`
-
-	// ImageLabels is a list of docker labels that are applied to the resulting image.
-	// User can override a default label by providing a label with the same name in their
-	// Build/BuildConfig.
-	// +optional
-	ImageLabels []ImageLabel `json:"imageLabels,omitempty"`
-
-	// Resources defines resource requirements to execute the build.
-	// +optional
-	Resources corev1.ResourceRequirements `json:"resources"`
-}
-
-type ImageLabel struct {
-	// Name defines the name of the label. It must have non-zero length.
-	Name string `json:"name"`
-
-	// Value defines the literal value of the label.
-	// +optional
-	Value string `json:"value,omitempty"`
-}
-
-type BuildOverrides struct {
-	// ImageLabels is a list of docker labels that are applied to the resulting image.
-	// If user provided a label in their Build/BuildConfig with the same name as one in this
-	// list, the user's label will be overwritten.
-	// +optional
-	ImageLabels []ImageLabel `json:"imageLabels,omitempty"`
-
-	// NodeSelector is a selector which must be true for the build pod to fit on a node
-	// +optional
-	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
-
-	// Tolerations is a list of Tolerations that will override any existing
-	// tolerations set on a build pod.
-	// +optional
-	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-type BuildList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-
-	Items []Build `json:"items"`
-}
--- a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go
+++ b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go
@ -1,184 +0,0 @@
-package v1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
-)
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// ClusterOperator is the Custom Resource object which holds the current state
-// of an operator. This object is used by operators to convey their state to
-// the rest of the cluster.
-type ClusterOperator struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata"`
-
-	// spec holds configuration that could apply to any operator.
-	// +kubebuilder:validation:Required
-	// +required
-	Spec ClusterOperatorSpec `json:"spec"`
-
-	// status holds the information about the state of an operator.  It is consistent with status information across
-	// the Kubernetes ecosystem.
-	// +optional
-	Status ClusterOperatorStatus `json:"status"`
-}
-
-// ClusterOperatorSpec is empty for now, but you could imagine holding information like "pause".
-type ClusterOperatorSpec struct {
-}
-
-// ClusterOperatorStatus provides information about the status of the operator.
-// +k8s:deepcopy-gen=true
-type ClusterOperatorStatus struct {
-	// conditions describes the state of the operator's managed and monitored components.
-	// +patchMergeKey=type
-	// +patchStrategy=merge
-	// +optional
-	Conditions []ClusterOperatorStatusCondition `json:"conditions,omitempty"  patchStrategy:"merge" patchMergeKey:"type"`
-
-	// versions is a slice of operator and operand version tuples.  Operators which manage multiple operands will have multiple
-	// operand entries in the array.  Available operators must report the version of the operator itself with the name "operator".
-	// An operator reports a new "operator" version when it has rolled out the new version to all of its operands.
-	// +optional
-	Versions []OperandVersion `json:"versions,omitempty"`
-
-	// relatedObjects is a list of objects that are "interesting" or related to this operator.  Common uses are:
-	// 1. the detailed resource driving the operator
-	// 2. operator namespaces
-	// 3. operand namespaces
-	// +optional
-	RelatedObjects []ObjectReference `json:"relatedObjects,omitempty"`
-
-	// extension contains any additional status information specific to the
-	// operator which owns this status object.
-	// +nullable
-	// +optional
-	// +kubebuilder:pruning:PreserveUnknownFields
-	Extension runtime.RawExtension `json:"extension"`
-}
-
-type OperandVersion struct {
-	// name is the name of the particular operand this version is for.  It usually matches container images, not operators.
-	// +kubebuilder:validation:Required
-	// +required
-	Name string `json:"name"`
-
-	// version indicates which version of a particular operand is currently being managed.  It must always match the Available
-	// operand.  If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout
-	// 1.1.0
-	// +kubebuilder:validation:Required
-	// +required
-	Version string `json:"version"`
-}
-
-// ObjectReference contains enough information to let you inspect or modify the referred object.
-type ObjectReference struct {
-	// group of the referent.
-	// +kubebuilder:validation:Required
-	// +required
-	Group string `json:"group"`
-	// resource of the referent.
-	// +kubebuilder:validation:Required
-	// +required
-	Resource string `json:"resource"`
-	// namespace of the referent.
-	// +optional
-	Namespace string `json:"namespace,omitempty"`
-	// name of the referent.
-	// +kubebuilder:validation:Required
-	// +required
-	Name string `json:"name"`
-}
-
-type ConditionStatus string
-
-// These are valid condition statuses. "ConditionTrue" means a resource is in the condition.
-// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes
-// can't decide if a resource is in the condition or not. In the future, we could add other
-// intermediate conditions, e.g. ConditionDegraded.
-const (
-	ConditionTrue    ConditionStatus = "True"
-	ConditionFalse   ConditionStatus = "False"
-	ConditionUnknown ConditionStatus = "Unknown"
-)
-
-// ClusterOperatorStatusCondition represents the state of the operator's
-// managed and monitored components.
-// +k8s:deepcopy-gen=true
-type ClusterOperatorStatusCondition struct {
-	// type specifies the aspect reported by this condition.
-	// +kubebuilder:validation:Required
-	// +required
-	Type ClusterStatusConditionType `json:"type"`
-
-	// status of the condition, one of True, False, Unknown.
-	// +kubebuilder:validation:Required
-	// +required
-	Status ConditionStatus `json:"status"`
-
-	// lastTransitionTime is the time of the last update to the current status property.
-	// +kubebuilder:validation:Required
-	// +required
-	LastTransitionTime metav1.Time `json:"lastTransitionTime"`
-
-	// reason is the CamelCase reason for the condition's current status.
-	// +optional
-	Reason string `json:"reason,omitempty"`
-
-	// message provides additional information about the current condition.
-	// This is only to be consumed by humans.
-	// +optional
-	Message string `json:"message,omitempty"`
-}
-
-// ClusterStatusConditionType is an aspect of operator state.
-type ClusterStatusConditionType string
-
-const (
-	// Available indicates that the operand (eg: openshift-apiserver for the
-	// openshift-apiserver-operator), is functional and available in the cluster.
-	OperatorAvailable ClusterStatusConditionType = "Available"
-
-	// Progressing indicates that the operator is actively rolling out new code,
-	// propagating config changes, or otherwise moving from one steady state to
-	// another.  Operators should not report progressing when they are reconciling
-	// a previously known state.
-	OperatorProgressing ClusterStatusConditionType = "Progressing"
-
-	// Degraded indicates that the operator's current state does not match its
-	// desired state over a period of time resulting in a lower quality of service.
-	// The period of time may vary by component, but a Degraded state represents
-	// persistent observation of a condition.  As a result, a component should not
-	// oscillate in and out of Degraded state.  A service may be Available even
-	// if its degraded.  For example, your service may desire 3 running pods, but 1
-	// pod is crash-looping.  The service is Available but Degraded because it
-	// may have a lower quality of service.  A component may be Progressing but
-	// not Degraded because the transition from one state to another does not
-	// persist over a long enough period to report Degraded.  A service should not
-	// report Degraded during the course of a normal upgrade.  A service may report
-	// Degraded in response to a persistent infrastructure failure that requires
-	// administrator intervention.  For example, if a control plane host is unhealthy
-	// and must be replaced.  An operator should report Degraded if unexpected
-	// errors occur over a period, but the expectation is that all unexpected errors
-	// are handled as operators mature.
-	OperatorDegraded ClusterStatusConditionType = "Degraded"
-
-	// Upgradeable indicates whether the operator is in a state that is safe to upgrade. When status is `False`
-	// administrators should not upgrade their cluster and the message field should contain a human readable description
-	// of what the administrator should do to allow the operator to successfully update.  A missing condition, True,
-	// and Unknown are all treated by the CVO as allowing an upgrade.
-	OperatorUpgradeable ClusterStatusConditionType = "Upgradeable"
-)
-
-// ClusterOperatorList is a list of OperatorStatus resources.
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-type ClusterOperatorList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-
-	Items []ClusterOperator `json:"items"`
-}
--- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go
+++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go
@ -1,267 +0,0 @@
-package v1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// ClusterVersion is the configuration for the ClusterVersionOperator. This is where
-// parameters related to automatic updates can be set.
-type ClusterVersion struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// spec is the desired state of the cluster version - the operator will work
-	// to ensure that the desired version is applied to the cluster.
-	// +kubebuilder:validation:Required
-	// +required
-	Spec ClusterVersionSpec `json:"spec"`
-	// status contains information about the available updates and any in-progress
-	// updates.
-	// +optional
-	Status ClusterVersionStatus `json:"status"`
-}
-
-// ClusterVersionSpec is the desired version state of the cluster. It includes
-// the version the cluster should be at, how the cluster is identified, and
-// where the cluster should look for version updates.
-// +k8s:deepcopy-gen=true
-type ClusterVersionSpec struct {
-	// clusterID uniquely identifies this cluster. This is expected to be
-	// an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in
-	// hexadecimal values). This is a required field.
-	// +kubebuilder:validation:Required
-	// +required
-	ClusterID ClusterID `json:"clusterID"`
-
-	// desiredUpdate is an optional field that indicates the desired value of
-	// the cluster version. Setting this value will trigger an upgrade (if
-	// the current version does not match the desired version). The set of
-	// recommended update values is listed as part of available updates in
-	// status, and setting values outside that range may cause the upgrade
-	// to fail. You may specify the version field without setting image if
-	// an update exists with that version in the availableUpdates or history.
-	//
-	// If an upgrade fails the operator will halt and report status
-	// about the failing component. Setting the desired update value back to
-	// the previous version will cause a rollback to be attempted. Not all
-	// rollbacks will succeed.
-	//
-	// +optional
-	DesiredUpdate *Update `json:"desiredUpdate,omitempty"`
-
-	// upstream may be used to specify the preferred update server. By default
-	// it will use the appropriate update server for the cluster and region.
-	//
-	// +optional
-	Upstream URL `json:"upstream,omitempty"`
-	// channel is an identifier for explicitly requesting that a non-default
-	// set of updates be applied to this cluster. The default channel will be
-	// contain stable updates that are appropriate for production clusters.
-	//
-	// +optional
-	Channel string `json:"channel,omitempty"`
-
-	// overrides is list of overides for components that are managed by
-	// cluster version operator. Marking a component unmanaged will prevent
-	// the operator from creating or updating the object.
-	// +optional
-	Overrides []ComponentOverride `json:"overrides,omitempty"`
-}
-
-// ClusterVersionStatus reports the status of the cluster versioning,
-// including any upgrades that are in progress. The current field will
-// be set to whichever version the cluster is reconciling to, and the
-// conditions array will report whether the update succeeded, is in
-// progress, or is failing.
-// +k8s:deepcopy-gen=true
-type ClusterVersionStatus struct {
-	// desired is the version that the cluster is reconciling towards.
-	// If the cluster is not yet fully initialized desired will be set
-	// with the information available, which may be an image or a tag.
-	// +kubebuilder:validation:Required
-	// +required
-	Desired Update `json:"desired"`
-
-	// history contains a list of the most recent versions applied to the cluster.
-	// This value may be empty during cluster startup, and then will be updated
-	// when a new update is being applied. The newest update is first in the
-	// list and it is ordered by recency. Updates in the history have state
-	// Completed if the rollout completed - if an update was failing or halfway
-	// applied the state will be Partial. Only a limited amount of update history
-	// is preserved.
-	// +optional
-	History []UpdateHistory `json:"history,omitempty"`
-
-	// observedGeneration reports which version of the spec is being synced.
-	// If this value is not equal to metadata.generation, then the desired
-	// and conditions fields may represent a previous version.
-	// +kubebuilder:validation:Required
-	// +required
-	ObservedGeneration int64 `json:"observedGeneration"`
-
-	// versionHash is a fingerprint of the content that the cluster will be
-	// updated with. It is used by the operator to avoid unnecessary work
-	// and is for internal use only.
-	// +kubebuilder:validation:Required
-	// +required
-	VersionHash string `json:"versionHash"`
-
-	// conditions provides information about the cluster version. The condition
-	// "Available" is set to true if the desiredUpdate has been reached. The
-	// condition "Progressing" is set to true if an update is being applied.
-	// The condition "Degraded" is set to true if an update is currently blocked
-	// by a temporary or permanent error. Conditions are only valid for the
-	// current desiredUpdate when metadata.generation is equal to
-	// status.generation.
-	// +optional
-	Conditions []ClusterOperatorStatusCondition `json:"conditions,omitempty"`
-
-	// availableUpdates contains the list of updates that are appropriate
-	// for this cluster. This list may be empty if no updates are recommended,
-	// if the update service is unavailable, or if an invalid channel has
-	// been specified.
-	// +nullable
-	// +kubebuilder:validation:Required
-	// +required
-	AvailableUpdates []Update `json:"availableUpdates"`
-}
-
-// UpdateState is a constant representing whether an update was successfully
-// applied to the cluster or not.
-type UpdateState string
-
-const (
-	// CompletedUpdate indicates an update was successfully applied
-	// to the cluster (all resource updates were successful).
-	CompletedUpdate UpdateState = "Completed"
-	// PartialUpdate indicates an update was never completely applied
-	// or is currently being applied.
-	PartialUpdate UpdateState = "Partial"
-)
-
-// UpdateHistory is a single attempted update to the cluster.
-type UpdateHistory struct {
-	// state reflects whether the update was fully applied. The Partial state
-	// indicates the update is not fully applied, while the Completed state
-	// indicates the update was successfully rolled out at least once (all
-	// parts of the update successfully applied).
-	// +kubebuilder:validation:Required
-	// +required
-	State UpdateState `json:"state"`
-
-	// startedTime is the time at which the update was started.
-	// +kubebuilder:validation:Required
-	// +required
-	StartedTime metav1.Time `json:"startedTime"`
-	// completionTime, if set, is when the update was fully applied. The update
-	// that is currently being applied will have a null completion time.
-	// Completion time will always be set for entries that are not the current
-	// update (usually to the started time of the next update).
-	// +kubebuilder:validation:Required
-	// +required
-	// +nullable
-	CompletionTime *metav1.Time `json:"completionTime"`
-
-	// version is a semantic versioning identifying the update version. If the
-	// requested image does not define a version, or if a failure occurs
-	// retrieving the image, this value may be empty.
-	//
-	// +optional
-	Version string `json:"version"`
-	// image is a container image location that contains the update. This value
-	// is always populated.
-	// +kubebuilder:validation:Required
-	// +required
-	Image string `json:"image"`
-	// verified indicates whether the provided update was properly verified
-	// before it was installed. If this is false the cluster may not be trusted.
-	// +kubebuilder:validation:Required
-	// +required
-	Verified bool `json:"verified"`
-}
-
-// ClusterID is string RFC4122 uuid.
-type ClusterID string
-
-// ComponentOverride allows overriding cluster version operator's behavior
-// for a component.
-// +k8s:deepcopy-gen=true
-type ComponentOverride struct {
-	// kind indentifies which object to override.
-	// +kubebuilder:validation:Required
-	// +required
-	Kind string `json:"kind"`
-	// group identifies the API group that the kind is in.
-	// +kubebuilder:validation:Required
-	// +required
-	Group string `json:"group"`
-
-	// namespace is the component's namespace. If the resource is cluster
-	// scoped, the namespace should be empty.
-	// +kubebuilder:validation:Required
-	// +required
-	Namespace string `json:"namespace"`
-	// name is the component's name.
-	// +kubebuilder:validation:Required
-	// +required
-	Name string `json:"name"`
-
-	// unmanaged controls if cluster version operator should stop managing the
-	// resources in this cluster.
-	// Default: false
-	// +kubebuilder:validation:Required
-	// +required
-	Unmanaged bool `json:"unmanaged"`
-}
-
-// URL is a thin wrapper around string that ensures the string is a valid URL.
-type URL string
-
-// Update represents a release of the ClusterVersionOperator, referenced by the
-// Image member.
-// +k8s:deepcopy-gen=true
-type Update struct {
-	// version is a semantic versioning identifying the update version. When this
-	// field is part of spec, version is optional if image is specified.
-	//
-	// +optional
-	Version string `json:"version"`
-	// image is a container image location that contains the update. When this
-	// field is part of spec, image is optional if version is specified and the
-	// availableUpdates field contains a matching version.
-	//
-	// +optional
-	Image string `json:"image"`
-	// force allows an administrator to update to an image that has failed
-	// verification, does not appear in the availableUpdates list, or otherwise
-	// would be blocked by normal protections on update. This option should only
-	// be used when the authenticity of the provided image has been verified out
-	// of band because the provided image will run with full administrative access
-	// to the cluster. Do not use this flag with images that comes from unknown
-	// or potentially malicious sources.
-	//
-	// This flag does not override other forms of consistency checking that are
-	// required before a new update is deployed.
-	//
-	// +optional
-	Force bool `json:"force"`
-}
-
-// RetrievedUpdates reports whether available updates have been retrieved from
-// the upstream update server. The condition is Unknown before retrieval, False
-// if the updates could not be retrieved or recently failed, or True if the
-// availableUpdates field is accurate and recent.
-const RetrievedUpdates ClusterStatusConditionType = "RetrievedUpdates"
-
-// ClusterVersionList is a list of ClusterVersion resources.
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-type ClusterVersionList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-
-	Items []ClusterVersion `json:"items"`
-}
--- a/vendor/github.com/openshift/api/config/v1/types_console.go
+++ b/vendor/github.com/openshift/api/config/v1/types_console.go
@ -1,62 +0,0 @@
-package v1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// Console holds cluster-wide configuration for the web console, including the
-// logout URL, and reports the public URL of the console. The canonical name is
-// `cluster`.
-type Console struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// spec holds user settable values for configuration
-	// +kubebuilder:validation:Required
-	// +required
-	Spec ConsoleSpec `json:"spec"`
-	// status holds observed values from the cluster. They may not be overridden.
-	// +optional
-	Status ConsoleStatus `json:"status"`
-}
-
-// ConsoleSpec is the specification of the desired behavior of the Console.
-type ConsoleSpec struct {
-	// +optional
-	Authentication ConsoleAuthentication `json:"authentication"`
-}
-
-// ConsoleStatus defines the observed status of the Console.
-type ConsoleStatus struct {
-	// The URL for the console. This will be derived from the host for the route that
-	// is created for the console.
-	ConsoleURL string `json:"consoleURL"`
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-type ConsoleList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-
-	Items []Console `json:"items"`
-}
-
-// ConsoleAuthentication defines a list of optional configuration for console authentication.
-type ConsoleAuthentication struct {
-	// An optional, absolute URL to redirect web browsers to after logging out of
-	// the console. If not specified, it will redirect to the default login page.
-	// This is required when using an identity provider that supports single
-	// sign-on (SSO) such as:
-	// - OpenID (Keycloak, Azure)
-	// - RequestHeader (GSSAPI, SSPI, SAML)
-	// - OAuth (GitHub, GitLab, Google)
-	// Logging out of the console will destroy the user's token. The logoutRedirect
-	// provides the user the option to perform single logout (SLO) through the identity
-	// provider to destroy their single sign-on session.
-	// +optional
-	// +kubebuilder:validation:Pattern=`^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$`
-	LogoutRedirect string `json:"logoutRedirect,omitempty"`
-}
--- a/vendor/github.com/openshift/api/config/v1/types_dns.go
+++ b/vendor/github.com/openshift/api/config/v1/types_dns.go
@ -1,87 +0,0 @@
-package v1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// DNS holds cluster-wide information about DNS. The canonical name is `cluster`
-type DNS struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// spec holds user settable values for configuration
-	// +kubebuilder:validation:Required
-	// +required
-	Spec DNSSpec `json:"spec"`
-	// status holds observed values from the cluster. They may not be overridden.
-	// +optional
-	Status DNSStatus `json:"status"`
-}
-
-type DNSSpec struct {
-	// baseDomain is the base domain of the cluster. All managed DNS records will
-	// be sub-domains of this base.
-	//
-	// For example, given the base domain `openshift.example.com`, an API server
-	// DNS record may be created for `cluster-api.openshift.example.com`.
-	//
-	// Once set, this field cannot be changed.
-	BaseDomain string `json:"baseDomain"`
-	// publicZone is the location where all the DNS records that are publicly accessible to
-	// the internet exist.
-	//
-	// If this field is nil, no public records should be created.
-	//
-	// Once set, this field cannot be changed.
-	//
-	// +optional
-	PublicZone *DNSZone `json:"publicZone,omitempty"`
-	// privateZone is the location where all the DNS records that are only available internally
-	// to the cluster exist.
-	//
-	// If this field is nil, no private records should be created.
-	//
-	// Once set, this field cannot be changed.
-	//
-	// +optional
-	PrivateZone *DNSZone `json:"privateZone,omitempty"`
-}
-
-// DNSZone is used to define a DNS hosted zone.
-// A zone can be identified by an ID or tags.
-type DNSZone struct {
-	// id is the identifier that can be used to find the DNS hosted zone.
-	//
-	// on AWS zone can be fetched using `ID` as id in [1]
-	// on Azure zone can be fetched using `ID` as a pre-determined name in [2],
-	// on GCP zone can be fetched using `ID` as a pre-determined name in [3].
-	//
-	// [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options
-	// [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show
-	// [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get
-	// +optional
-	ID string `json:"id,omitempty"`
-
-	// tags can be used to query the DNS hosted zone.
-	//
-	// on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,
-	//
-	// [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options
-	// +optional
-	Tags map[string]string `json:"tags,omitempty"`
-}
-
-type DNSStatus struct {
-	// dnsSuffix (service-ca amongst others)
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-type DNSList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-
-	Items []DNS `json:"items"`
-}
--- a/vendor/github.com/openshift/api/config/v1/types_feature.go
+++ b/vendor/github.com/openshift/api/config/v1/types_feature.go
@ -1,194 +0,0 @@
-package v1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// Feature holds cluster-wide information about feature gates.  The canonical name is `cluster`
-type FeatureGate struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// spec holds user settable values for configuration
-	// +kubebuilder:validation:Required
-	// +required
-	Spec FeatureGateSpec `json:"spec"`
-	// status holds observed values from the cluster. They may not be overridden.
-	// +optional
-	Status FeatureGateStatus `json:"status"`
-}
-
-type FeatureSet string
-
-var (
-	// Default feature set that allows upgrades.
-	Default FeatureSet = ""
-
-	// TechPreviewNoUpgrade turns on tech preview features that are not part of the normal supported platform. Turning
-	// this feature set on CANNOT BE UNDONE and PREVENTS UPGRADES.
-	TechPreviewNoUpgrade FeatureSet = "TechPreviewNoUpgrade"
-
-	// CustomNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES.
-	// Because of its nature, this setting cannot be validated.  If you have any typos or accidentally apply invalid combinations
-	// your cluster may fail in an unrecoverable way.
-	CustomNoUpgrade FeatureSet = "CustomNoUpgrade"
-
-	// TopologyManager enables ToplogyManager support. Upgrades are enabled with this feature.
-	LatencySensitive FeatureSet = "LatencySensitive"
-)
-
-type FeatureGateSpec struct {
-	FeatureGateSelection `json:",inline"`
-}
-
-// +union
-type FeatureGateSelection struct {
-	// featureSet changes the list of features in the cluster.  The default is empty.  Be very careful adjusting this setting.
-	// Turning on or off features may cause irreversible changes in your cluster which cannot be undone.
-	// +unionDiscriminator
-	// +optional
-	FeatureSet FeatureSet `json:"featureSet,omitempty"`
-
-	// customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES.
-	// Because of its nature, this setting cannot be validated.  If you have any typos or accidentally apply invalid combinations
-	// your cluster may fail in an unrecoverable way.  featureSet must equal "CustomNoUpgrade" must be set to use this field.
-	// +optional
-	// +nullable
-	CustomNoUpgrade *CustomFeatureGates `json:"customNoUpgrade,omitempty"`
-}
-
-type CustomFeatureGates struct {
-	// enabled is a list of all feature gates that you want to force on
-	// +optional
-	Enabled []string `json:"enabled,omitempty"`
-	// disabled is a list of all feature gates that you want to force off
-	// +optional
-	Disabled []string `json:"disabled,omitempty"`
-}
-
-type FeatureGateStatus struct {
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-type FeatureGateList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-
-	Items []FeatureGate `json:"items"`
-}
-
-type FeatureGateEnabledDisabled struct {
-	Enabled  []string
-	Disabled []string
-}
-
-// FeatureSets Contains a map of Feature names to Enabled/Disabled Feature.
-//
-// NOTE: The caller needs to make sure to check for the existence of the value
-// using golang's existence field. A possible scenario is an upgrade where new
-// FeatureSets are added and a controller has not been upgraded with a newer
-// version of this file. In this upgrade scenario the map could return nil.
-//
-// example:
-//   if featureSet, ok := FeatureSets["SomeNewFeature"]; ok { }
-//
-// If you put an item in either of these lists, put your area and name on it so we can find owners.
-var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{
-	Default: defaultFeatures,
-	CustomNoUpgrade: {
-		Enabled:  []string{},
-		Disabled: []string{},
-	},
-	TechPreviewNoUpgrade: newDefaultFeatures().toFeatures(),
-	LatencySensitive: newDefaultFeatures().
-		with(
-			"TopologyManager", // sig-pod, sjenning
-		).
-		toFeatures(),
-}
-
-var defaultFeatures = &FeatureGateEnabledDisabled{
-	Enabled: []string{
-		"RotateKubeletServerCertificate", // sig-pod, sjenning
-		"SupportPodPidsLimit",            // sig-pod, sjenning
-		"NodeDisruptionExclusion",        // sig-scheduling, ccoleman
-		"ServiceNodeExclusion",           // sig-scheduling, ccoleman
-		"SCTPSupport",                    // sig-network, ccallend
-	},
-	Disabled: []string{
-		"LegacyNodeRoleBehavior", // sig-scheduling, ccoleman
-	},
-}
-
-type featureSetBuilder struct {
-	forceOn  []string
-	forceOff []string
-}
-
-func newDefaultFeatures() *featureSetBuilder {
-	return &featureSetBuilder{}
-}
-
-func (f *featureSetBuilder) with(forceOn ...string) *featureSetBuilder {
-	f.forceOn = append(f.forceOn, forceOn...)
-	return f
-}
-
-func (f *featureSetBuilder) without(forceOff ...string) *featureSetBuilder {
-	f.forceOff = append(f.forceOff, forceOff...)
-	return f
-}
-
-func (f *featureSetBuilder) isForcedOff(needle string) bool {
-	for _, forcedOff := range f.forceOff {
-		if needle == forcedOff {
-			return true
-		}
-	}
-	return false
-}
-
-func (f *featureSetBuilder) isForcedOn(needle string) bool {
-	for _, forceOn := range f.forceOn {
-		if needle == forceOn {
-			return true
-		}
-	}
-	return false
-}
-
-func (f *featureSetBuilder) toFeatures() *FeatureGateEnabledDisabled {
-	finalOn := []string{}
-	finalOff := []string{}
-
-	// only add the default enabled features if they haven't been explicitly set off
-	for _, defaultOn := range defaultFeatures.Enabled {
-		if !f.isForcedOff(defaultOn) {
-			finalOn = append(finalOn, defaultOn)
-		}
-	}
-	for _, currOn := range f.forceOn {
-		if f.isForcedOff(currOn) {
-			panic("coding error, you can't have features both on and off")
-		}
-		finalOn = append(finalOn, currOn)
-	}
-
-	// only add the default disabled features if they haven't been explicitly set on
-	for _, defaultOff := range defaultFeatures.Disabled {
-		if !f.isForcedOn(defaultOff) {
-			finalOff = append(finalOff, defaultOff)
-		}
-	}
-	for _, currOff := range f.forceOff {
-		finalOff = append(finalOff, currOff)
-	}
-
-	return &FeatureGateEnabledDisabled{
-		Enabled:  finalOn,
-		Disabled: finalOff,
-	}
-}
--- a/vendor/github.com/openshift/api/config/v1/types_image.go
+++ b/vendor/github.com/openshift/api/config/v1/types_image.go
@ -1,115 +0,0 @@
-package v1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// Image governs policies related to imagestream imports and runtime configuration
-// for external registries. It allows cluster admins to configure which registries
-// OpenShift is allowed to import images from, extra CA trust bundles for external
-// registries, and policies to blacklist/whitelist registry hostnames.
-// When exposing OpenShift's image registry to the public, this also lets cluster
-// admins specify the external hostname.
-type Image struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// spec holds user settable values for configuration
-	// +kubebuilder:validation:Required
-	// +required
-	Spec ImageSpec `json:"spec"`
-	// status holds observed values from the cluster. They may not be overridden.
-	// +optional
-	Status ImageStatus `json:"status"`
-}
-
-type ImageSpec struct {
-	// allowedRegistriesForImport limits the container image registries that normal users may import
-	// images from. Set this list to the registries that you trust to contain valid Docker
-	// images and that you want applications to be able to import from. Users with
-	// permission to create Images or ImageStreamMappings via the API are not affected by
-	// this policy - typically only administrators or system integrations will have those
-	// permissions.
-	// +optional
-	AllowedRegistriesForImport []RegistryLocation `json:"allowedRegistriesForImport,omitempty"`
-
-	// externalRegistryHostnames provides the hostnames for the default external image
-	// registry. The external hostname should be set only when the image registry
-	// is exposed externally. The first value is used in 'publicDockerImageRepository'
-	// field in ImageStreams. The value must be in "hostname[:port]" format.
-	// +optional
-	ExternalRegistryHostnames []string `json:"externalRegistryHostnames,omitempty"`
-
-	// additionalTrustedCA is a reference to a ConfigMap containing additional CAs that
-	// should be trusted during imagestream import, pod image pull, build image pull, and
-	// imageregistry pullthrough.
-	// The namespace for this config map is openshift-config.
-	// +optional
-	AdditionalTrustedCA ConfigMapNameReference `json:"additionalTrustedCA"`
-
-	// registrySources contains configuration that determines how the container runtime
-	// should treat individual registries when accessing images for builds+pods. (e.g.
-	// whether or not to allow insecure access).  It does not contain configuration for the
-	// internal cluster registry.
-	// +optional
-	RegistrySources RegistrySources `json:"registrySources"`
-}
-
-type ImageStatus struct {
-
-	// internalRegistryHostname sets the hostname for the default internal image
-	// registry. The value must be in "hostname[:port]" format.
-	// This value is set by the image registry operator which controls the internal registry
-	// hostname. For backward compatibility, users can still use OPENSHIFT_DEFAULT_REGISTRY
-	// environment variable but this setting overrides the environment variable.
-	// +optional
-	InternalRegistryHostname string `json:"internalRegistryHostname,omitempty"`
-
-	// externalRegistryHostnames provides the hostnames for the default external image
-	// registry. The external hostname should be set only when the image registry
-	// is exposed externally. The first value is used in 'publicDockerImageRepository'
-	// field in ImageStreams. The value must be in "hostname[:port]" format.
-	// +optional
-	ExternalRegistryHostnames []string `json:"externalRegistryHostnames,omitempty"`
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-type ImageList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-
-	Items []Image `json:"items"`
-}
-
-// RegistryLocation contains a location of the registry specified by the registry domain
-// name. The domain name might include wildcards, like '*' or '??'.
-type RegistryLocation struct {
-	// domainName specifies a domain name for the registry
-	// In case the registry use non-standard (80 or 443) port, the port should be included
-	// in the domain name as well.
-	DomainName string `json:"domainName"`
-	// insecure indicates whether the registry is secure (https) or insecure (http)
-	// By default (if not specified) the registry is assumed as secure.
-	// +optional
-	Insecure bool `json:"insecure,omitempty"`
-}
-
-// RegistrySources holds cluster-wide information about how to handle the registries config.
-type RegistrySources struct {
-	// insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.
-	// +optional
-	InsecureRegistries []string `json:"insecureRegistries,omitempty"`
-	// blockedRegistries are blacklisted from image pull/push. All other registries are allowed.
-	//
-	// Only one of BlockedRegistries or AllowedRegistries may be set.
-	// +optional
-	BlockedRegistries []string `json:"blockedRegistries,omitempty"`
-	// allowedRegistries are whitelisted for image pull/push. All other registries are blocked.
-	//
-	// Only one of BlockedRegistries or AllowedRegistries may be set.
-	// +optional
-	AllowedRegistries []string `json:"allowedRegistries,omitempty"`
-}
--- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go
+++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go
@ -1,241 +0,0 @@
-package v1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// Infrastructure holds cluster-wide information about Infrastructure.  The canonical name is `cluster`
-type Infrastructure struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// spec holds user settable values for configuration
-	// +kubebuilder:validation:Required
-	// +required
-	Spec InfrastructureSpec `json:"spec"`
-	// status holds observed values from the cluster. They may not be overridden.
-	// +optional
-	Status InfrastructureStatus `json:"status"`
-}
-
-// InfrastructureSpec contains settings that apply to the cluster infrastructure.
-type InfrastructureSpec struct {
-	// cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file.
-	// This configuration file is used to configure the Kubernetes cloud provider integration
-	// when using the built-in cloud provider integration or the external cloud controller manager.
-	// The namespace for this config map is openshift-config.
-	// +optional
-	CloudConfig ConfigMapFileReference `json:"cloudConfig"`
-}
-
-// InfrastructureStatus describes the infrastructure the cluster is leveraging.
-type InfrastructureStatus struct {
-	// infrastructureName uniquely identifies a cluster with a human friendly name.
-	// Once set it should not be changed. Must be of max length 27 and must have only
-	// alphanumeric or hyphen characters.
-	InfrastructureName string `json:"infrastructureName"`
-
-	// platform is the underlying infrastructure provider for the cluster.
-	//
-	// Deprecated: Use platformStatus.type instead.
-	Platform PlatformType `json:"platform,omitempty"`
-
-	// platformStatus holds status information specific to the underlying
-	// infrastructure provider.
-	// +optional
-	PlatformStatus *PlatformStatus `json:"platformStatus,omitempty"`
-
-	// etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering
-	// etcd servers and clients.
-	// For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery
-	EtcdDiscoveryDomain string `json:"etcdDiscoveryDomain"`
-
-	// apiServerURL is a valid URI with scheme(http/https), address and
-	// port.  apiServerURL can be used by components like the web console
-	// to tell users where to find the Kubernetes API.
-	APIServerURL string `json:"apiServerURL"`
-
-	// apiServerInternalURL is a valid URI with scheme(http/https),
-	// address and port.  apiServerInternalURL can be used by components
-	// like kubelets, to contact the Kubernetes API server using the
-	// infrastructure provider rather than Kubernetes networking.
-	APIServerInternalURL string `json:"apiServerInternalURI"`
-}
-
-// PlatformType is a specific supported infrastructure provider.
-type PlatformType string
-
-const (
-	// AWSPlatformType represents Amazon Web Services infrastructure.
-	AWSPlatformType PlatformType = "AWS"
-
-	// AzurePlatformType represents Microsoft Azure infrastructure.
-	AzurePlatformType PlatformType = "Azure"
-
-	// BareMetalPlatformType represents managed bare metal infrastructure.
-	BareMetalPlatformType PlatformType = "BareMetal"
-
-	// GCPPlatformType represents Google Cloud Platform infrastructure.
-	GCPPlatformType PlatformType = "GCP"
-
-	// LibvirtPlatformType represents libvirt infrastructure.
-	LibvirtPlatformType PlatformType = "Libvirt"
-
-	// OpenStackPlatformType represents OpenStack infrastructure.
-	OpenStackPlatformType PlatformType = "OpenStack"
-
-	// NonePlatformType means there is no infrastructure provider.
-	NonePlatformType PlatformType = "None"
-
-	// VSpherePlatformType represents VMWare vSphere infrastructure.
-	VSpherePlatformType PlatformType = "VSphere"
-
-	// OvirtPlatformType represents oVirt/RHV infrastructure.
-	OvirtPlatformType PlatformType = "oVirt"
-)
-
-// PlatformStatus holds the current status specific to the underlying infrastructure provider
-// of the current cluster. Since these are used at status-level for the underlying cluster, it
-// is supposed that only one of the status structs is set.
-type PlatformStatus struct {
-	// type is the underlying infrastructure provider for the cluster. This
-	// value controls whether infrastructure automation such as service load
-	// balancers, dynamic volume provisioning, machine creation and deletion, and
-	// other integrations are enabled. If None, no infrastructure automation is
-	// enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt",
-	// "OpenStack", "VSphere", "oVirt", and "None". Individual components may not support
-	// all platforms, and must handle unrecognized platforms as None if they do
-	// not support that platform.
-	Type PlatformType `json:"type"`
-
-	// AWS contains settings specific to the Amazon Web Services infrastructure provider.
-	// +optional
-	AWS *AWSPlatformStatus `json:"aws,omitempty"`
-
-	// Azure contains settings specific to the Azure infrastructure provider.
-	// +optional
-	Azure *AzurePlatformStatus `json:"azure,omitempty"`
-
-	// GCP contains settings specific to the Google Cloud Platform infrastructure provider.
-	// +optional
-	GCP *GCPPlatformStatus `json:"gcp,omitempty"`
-
-	// BareMetal contains settings specific to the BareMetal platform.
-	// +optional
-	BareMetal *BareMetalPlatformStatus `json:"baremetal,omitempty"`
-
-	// OpenStack contains settings specific to the OpenStack infrastructure provider.
-	// +optional
-	OpenStack *OpenStackPlatformStatus `json:"openstack,omitempty"`
-
-	// Ovirt contains settings specific to the oVirt infrastructure provider.
-	// +optional
-	Ovirt *OvirtPlatformStatus `json:"ovirt,omitempty"`
-}
-
-// AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.
-type AWSPlatformStatus struct {
-	// region holds the default AWS region for new AWS resources created by the cluster.
-	Region string `json:"region"`
-}
-
-// AzurePlatformStatus holds the current status of the Azure infrastructure provider.
-type AzurePlatformStatus struct {
-	// resourceGroupName is the Resource Group for new Azure resources created for the cluster.
-	ResourceGroupName string `json:"resourceGroupName"`
-
-	// networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster.
-	// If empty, the value is same as ResourceGroupName.
-	// +optional
-	NetworkResourceGroupName string `json:"networkResourceGroupName,omitempty"`
-}
-
-// GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.
-type GCPPlatformStatus struct {
-	// resourceGroupName is the Project ID for new GCP resources created for the cluster.
-	ProjectID string `json:"projectID"`
-
-	// region holds the region for new GCP resources created for the cluster.
-	Region string `json:"region"`
-}
-
-// BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider.
-// For more information about the network architecture used with the BareMetal platform type, see:
-// https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md
-type BareMetalPlatformStatus struct {
-	// apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
-	// by components inside the cluster, like kubelets using the infrastructure rather
-	// than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
-	// points to. It is the IP for a self-hosted load balancer in front of the API servers.
-	APIServerInternalIP string `json:"apiServerInternalIP,omitempty"`
-
-	// ingressIP is an external IP which routes to the default ingress controller.
-	// The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
-	IngressIP string `json:"ingressIP,omitempty"`
-
-	// nodeDNSIP is the IP address for the internal DNS used by the
-	// nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
-	// provides name resolution for the nodes themselves. There is no DNS-as-a-service for
-	// BareMetal deployments. In order to minimize necessary changes to the
-	// datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
-	// to the nodes in the cluster.
-	NodeDNSIP string `json:"nodeDNSIP,omitempty"`
-}
-
-// OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider.
-type OpenStackPlatformStatus struct {
-	// apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
-	// by components inside the cluster, like kubelets using the infrastructure rather
-	// than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
-	// points to. It is the IP for a self-hosted load balancer in front of the API servers.
-	APIServerInternalIP string `json:"apiServerInternalIP,omitempty"`
-
-	// cloudName is the name of the desired OpenStack cloud in the
-	// client configuration file (`clouds.yaml`).
-	CloudName string `json:"cloudName,omitempty"`
-
-	// ingressIP is an external IP which routes to the default ingress controller.
-	// The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
-	IngressIP string `json:"ingressIP,omitempty"`
-
-	// nodeDNSIP is the IP address for the internal DNS used by the
-	// nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
-	// provides name resolution for the nodes themselves. There is no DNS-as-a-service for
-	// OpenStack deployments. In order to minimize necessary changes to the
-	// datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
-	// to the nodes in the cluster.
-	NodeDNSIP string `json:"nodeDNSIP,omitempty"`
-}
-
-// OvirtPlatformStatus holds the current status of the  oVirt infrastructure provider.
-type OvirtPlatformStatus struct {
-	// apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used
-	// by components inside the cluster, like kubelets using the infrastructure rather
-	// than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI
-	// points to. It is the IP for a self-hosted load balancer in front of the API servers.
-	APIServerInternalIP string `json:"apiServerInternalIP,omitempty"`
-
-	// ingressIP is an external IP which routes to the default ingress controller.
-	// The IP is a suitable target of a wildcard DNS record used to resolve default route host names.
-	IngressIP string `json:"ingressIP,omitempty"`
-
-	// nodeDNSIP is the IP address for the internal DNS used by the
-	// nodes. Unlike the one managed by the DNS operator, `NodeDNSIP`
-	// provides name resolution for the nodes themselves. There is no DNS-as-a-service for
-	// oVirt deployments. In order to minimize necessary changes to the
-	// datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames
-	// to the nodes in the cluster.
-	NodeDNSIP string `json:"nodeDNSIP,omitempty"`
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// InfrastructureList is
-type InfrastructureList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-
-	Items []Infrastructure `json:"items"`
-}
--- a/vendor/github.com/openshift/api/config/v1/types_ingress.go
+++ b/vendor/github.com/openshift/api/config/v1/types_ingress.go
@ -1,46 +0,0 @@
-package v1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// Ingress holds cluster-wide information about ingress, including the default ingress domain
-// used for routes. The canonical name is `cluster`.
-type Ingress struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// spec holds user settable values for configuration
-	// +kubebuilder:validation:Required
-	// +required
-	Spec IngressSpec `json:"spec"`
-	// status holds observed values from the cluster. They may not be overridden.
-	// +optional
-	Status IngressStatus `json:"status"`
-}
-
-type IngressSpec struct {
-	// domain is used to generate a default host name for a route when the
-	// route's host name is empty. The generated host name will follow this
-	// pattern: "<route-name>.<route-namespace>.<domain>".
-	//
-	// It is also used as the default wildcard domain suffix for ingress. The
-	// default ingresscontroller domain will follow this pattern: "*.<domain>".
-	//
-	// Once set, changing domain is not currently supported.
-	Domain string `json:"domain"`
-}
-
-type IngressStatus struct {
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-type IngressList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-
-	Items []Ingress `json:"items"`
-}
--- a/vendor/github.com/openshift/api/config/v1/types_network.go
+++ b/vendor/github.com/openshift/api/config/v1/types_network.go
@ -1,122 +0,0 @@
-package v1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc.
-// Please view network.spec for an explanation on what applies when configuring this resource.
-type Network struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// spec holds user settable values for configuration.
-	// As a general rule, this SHOULD NOT be read directly. Instead, you should
-	// consume the NetworkStatus, as it indicates the currently deployed configuration.
-	// Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
-	// +kubebuilder:validation:Required
-	// +required
-	Spec NetworkSpec `json:"spec"`
-	// status holds observed values from the cluster. They may not be overridden.
-	// +optional
-	Status NetworkStatus `json:"status"`
-}
-
-// NetworkSpec is the desired network configuration.
-// As a general rule, this SHOULD NOT be read directly. Instead, you should
-// consume the NetworkStatus, as it indicates the currently deployed configuration.
-// Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.
-type NetworkSpec struct {
-	// IP address pool to use for pod IPs.
-	// This field is immutable after installation.
-	ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork"`
-
-	// IP address pool for services.
-	// Currently, we only support a single entry here.
-	// This field is immutable after installation.
-	ServiceNetwork []string `json:"serviceNetwork"`
-
-	// NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN).
-	// This should match a value that the cluster-network-operator understands,
-	// or else no networking will be installed.
-	// Currently supported values are:
-	// - OpenShiftSDN
-	// This field is immutable after installation.
-	NetworkType string `json:"networkType"`
-
-	// externalIP defines configuration for controllers that
-	// affect Service.ExternalIP. If nil, then ExternalIP is
-	// not allowed to be set.
-	// +optional
-	ExternalIP *ExternalIPConfig `json:"externalIP,omitempty"`
-}
-
-// NetworkStatus is the current network configuration.
-type NetworkStatus struct {
-	// IP address pool to use for pod IPs.
-	ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork,omitempty"`
-
-	// IP address pool for services.
-	// Currently, we only support a single entry here.
-	ServiceNetwork []string `json:"serviceNetwork,omitempty"`
-
-	// NetworkType is the plugin that is deployed (e.g. OpenShiftSDN).
-	NetworkType string `json:"networkType,omitempty"`
-
-	// ClusterNetworkMTU is the MTU for inter-pod networking.
-	ClusterNetworkMTU int `json:"clusterNetworkMTU,omitempty"`
-}
-
-// ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs
-// are allocated.
-type ClusterNetworkEntry struct {
-	// The complete block for pod IPs.
-	CIDR string `json:"cidr"`
-
-	// The size (prefix) of block to allocate to each node.
-	// +kubebuilder:validation:Minimum=0
-	HostPrefix uint32 `json:"hostPrefix"`
-}
-
-// ExternalIPConfig specifies some IP blocks relevant for the ExternalIP field
-// of a Service resource.
-type ExternalIPConfig struct {
-	// policy is a set of restrictions applied to the ExternalIP field.
-	// If nil or empty, then ExternalIP is not allowed to be set.
-	// +optional
-	Policy *ExternalIPPolicy `json:"policy,omitempty"`
-
-	// autoAssignCIDRs is a list of CIDRs from which to automatically assign
-	// Service.ExternalIP. These are assigned when the service is of type
-	// LoadBalancer. In general, this is only useful for bare-metal clusters.
-	// In Openshift 3.x, this was misleadingly called "IngressIPs".
-	// Automatically assigned External IPs are not affected by any
-	// ExternalIPPolicy rules.
-	// Currently, only one entry may be provided.
-	// +optional
-	AutoAssignCIDRs []string `json:"autoAssignCIDRs,omitempty"`
-}
-
-// ExternalIPPolicy configures exactly which IPs are allowed for the ExternalIP
-// field in a Service. If the zero struct is supplied, then none are permitted.
-// The policy controller always allows automatically assigned external IPs.
-type ExternalIPPolicy struct {
-	// allowedCIDRs is the list of allowed CIDRs.
-	AllowedCIDRs []string `json:"allowedCIDRs,omitempty"`
-
-	// rejectedCIDRs is the list of disallowed CIDRs. These take precedence
-	// over allowedCIDRs.
-	// +optional
-	RejectedCIDRs []string `json:"rejectedCIDRs,omitempty"`
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-type NetworkList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-
-	Items []Network `json:"items"`
-}
--- a/vendor/github.com/openshift/api/config/v1/types_oauth.go
+++ b/vendor/github.com/openshift/api/config/v1/types_oauth.go
@ -1,557 +0,0 @@
-package v1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// OAuth Server and Identity Provider Config
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// OAuth holds cluster-wide information about OAuth.  The canonical name is `cluster`.
-// It is used to configure the integrated OAuth server.
-// This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth.
-type OAuth struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata"`
-
-	// +kubebuilder:validation:Required
-	// +required
-	Spec OAuthSpec `json:"spec"`
-	// +optional
-	Status OAuthStatus `json:"status"`
-}
-
-// OAuthSpec contains desired cluster auth configuration
-type OAuthSpec struct {
-	// identityProviders is an ordered list of ways for a user to identify themselves.
-	// When this list is empty, no identities are provisioned for users.
-	// +optional
-	IdentityProviders []IdentityProvider `json:"identityProviders,omitempty"`
-
-	// tokenConfig contains options for authorization and access tokens
-	TokenConfig TokenConfig `json:"tokenConfig"`
-
-	// templates allow you to customize pages like the login page.
-	// +optional
-	Templates OAuthTemplates `json:"templates"`
-}
-
-// OAuthStatus shows current known state of OAuth server in the cluster
-type OAuthStatus struct {
-	// TODO Fill in with status of identityProviders and templates (and maybe tokenConfig)
-}
-
-// TokenConfig holds the necessary configuration options for authorization and access tokens
-type TokenConfig struct {
-	// accessTokenMaxAgeSeconds defines the maximum age of access tokens
-	AccessTokenMaxAgeSeconds int32 `json:"accessTokenMaxAgeSeconds"`
-
-	// accessTokenInactivityTimeoutSeconds defines the default token
-	// inactivity timeout for tokens granted by any client.
-	// The value represents the maximum amount of time that can occur between
-	// consecutive uses of the token. Tokens become invalid if they are not
-	// used within this temporal window. The user will need to acquire a new
-	// token to regain access once a token times out.
-	// Valid values are integer values:
-	//   x < 0  Tokens time out is enabled but tokens never timeout unless configured per client (e.g. `-1`)
-	//   x = 0  Tokens time out is disabled (default)
-	//   x > 0  Tokens time out if there is no activity for x seconds
-	// The current minimum allowed value for X is 300 (5 minutes)
-	// +optional
-	AccessTokenInactivityTimeoutSeconds int32 `json:"accessTokenInactivityTimeoutSeconds,omitempty"`
-}
-
-const (
-	// LoginTemplateKey is the key of the login template in a secret
-	LoginTemplateKey = "login.html"
-
-	// ProviderSelectionTemplateKey is the key for the provider selection template in a secret
-	ProviderSelectionTemplateKey = "providers.html"
-
-	// ErrorsTemplateKey is the key for the errors template in a secret
-	ErrorsTemplateKey = "errors.html"
-
-	// BindPasswordKey is the key for the LDAP bind password in a secret
-	BindPasswordKey = "bindPassword"
-
-	// ClientSecretKey is the key for the oauth client secret data in a secret
-	ClientSecretKey = "clientSecret"
-
-	// HTPasswdDataKey is the key for the htpasswd file data in a secret
-	HTPasswdDataKey = "htpasswd"
-)
-
-// OAuthTemplates allow for customization of pages like the login page
-type OAuthTemplates struct {
-	// login is the name of a secret that specifies a go template to use to render the login page.
-	// The key "login.html" is used to locate the template data.
-	// If specified and the secret or expected key is not found, the default login page is used.
-	// If the specified template is not valid, the default login page is used.
-	// If unspecified, the default login page is used.
-	// The namespace for this secret is openshift-config.
-	// +optional
-	Login SecretNameReference `json:"login"`
-
-	// providerSelection is the name of a secret that specifies a go template to use to render
-	// the provider selection page.
-	// The key "providers.html" is used to locate the template data.
-	// If specified and the secret or expected key is not found, the default provider selection page is used.
-	// If the specified template is not valid, the default provider selection page is used.
-	// If unspecified, the default provider selection page is used.
-	// The namespace for this secret is openshift-config.
-	// +optional
-	ProviderSelection SecretNameReference `json:"providerSelection"`
-
-	// error is the name of a secret that specifies a go template to use to render error pages
-	// during the authentication or grant flow.
-	// The key "errors.html" is used to locate the template data.
-	// If specified and the secret or expected key is not found, the default error page is used.
-	// If the specified template is not valid, the default error page is used.
-	// If unspecified, the default error page is used.
-	// The namespace for this secret is openshift-config.
-	// +optional
-	Error SecretNameReference `json:"error"`
-}
-
-// IdentityProvider provides identities for users authenticating using credentials
-type IdentityProvider struct {
-	// name is used to qualify the identities returned by this provider.
-	// - It MUST be unique and not shared by any other identity provider used
-	// - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":"
-	//   Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName
-	Name string `json:"name"`
-
-	// mappingMethod determines how identities from this provider are mapped to users
-	// Defaults to "claim"
-	// +optional
-	MappingMethod MappingMethodType `json:"mappingMethod,omitempty"`
-
-	IdentityProviderConfig `json:",inline"`
-}
-
-// MappingMethodType specifies how new identities should be mapped to users when they log in
-type MappingMethodType string
-
-const (
-	// MappingMethodClaim provisions a user with the identity’s preferred user name. Fails if a user
-	// with that user name is already mapped to another identity.
-	// Default.
-	MappingMethodClaim MappingMethodType = "claim"
-
-	// MappingMethodLookup looks up existing users already mapped to an identity but does not
-	// automatically provision users or identities. Requires identities and users be set up
-	// manually or using an external process.
-	MappingMethodLookup MappingMethodType = "lookup"
-
-	// MappingMethodAdd provisions a user with the identity’s preferred user name. If a user with
-	// that user name already exists, the identity is mapped to the existing user, adding to any
-	// existing identity mappings for the user.
-	MappingMethodAdd MappingMethodType = "add"
-)
-
-type IdentityProviderType string
-
-const (
-	// IdentityProviderTypeBasicAuth provides identities for users authenticating with HTTP Basic Auth
-	IdentityProviderTypeBasicAuth IdentityProviderType = "BasicAuth"
-
-	// IdentityProviderTypeGitHub provides identities for users authenticating using GitHub credentials
-	IdentityProviderTypeGitHub IdentityProviderType = "GitHub"
-
-	// IdentityProviderTypeGitLab provides identities for users authenticating using GitLab credentials
-	IdentityProviderTypeGitLab IdentityProviderType = "GitLab"
-
-	// IdentityProviderTypeGoogle provides identities for users authenticating using Google credentials
-	IdentityProviderTypeGoogle IdentityProviderType = "Google"
-
-	// IdentityProviderTypeHTPasswd provides identities from an HTPasswd file
-	IdentityProviderTypeHTPasswd IdentityProviderType = "HTPasswd"
-
-	// IdentityProviderTypeKeystone provides identitities for users authenticating using keystone password credentials
-	IdentityProviderTypeKeystone IdentityProviderType = "Keystone"
-
-	// IdentityProviderTypeLDAP provides identities for users authenticating using LDAP credentials
-	IdentityProviderTypeLDAP IdentityProviderType = "LDAP"
-
-	// IdentityProviderTypeOpenID provides identities for users authenticating using OpenID credentials
-	IdentityProviderTypeOpenID IdentityProviderType = "OpenID"
-
-	// IdentityProviderTypeRequestHeader provides identities for users authenticating using request header credentials
-	IdentityProviderTypeRequestHeader IdentityProviderType = "RequestHeader"
-)
-
-// IdentityProviderConfig contains configuration for using a specific identity provider
-type IdentityProviderConfig struct {
-	// type identifies the identity provider type for this entry.
-	Type IdentityProviderType `json:"type"`
-
-	// Provider-specific configuration
-	// The json tag MUST match the `Type` specified above, case-insensitively
-	// e.g. For `Type: "LDAP"`, the `ldap` configuration should be provided
-
-	// basicAuth contains configuration options for the BasicAuth IdP
-	// +optional
-	BasicAuth *BasicAuthIdentityProvider `json:"basicAuth,omitempty"`
-
-	// github enables user authentication using GitHub credentials
-	// +optional
-	GitHub *GitHubIdentityProvider `json:"github,omitempty"`
-
-	// gitlab enables user authentication using GitLab credentials
-	// +optional
-	GitLab *GitLabIdentityProvider `json:"gitlab,omitempty"`
-
-	// google enables user authentication using Google credentials
-	// +optional
-	Google *GoogleIdentityProvider `json:"google,omitempty"`
-
-	// htpasswd enables user authentication using an HTPasswd file to validate credentials
-	// +optional
-	HTPasswd *HTPasswdIdentityProvider `json:"htpasswd,omitempty"`
-
-	// keystone enables user authentication using keystone password credentials
-	// +optional
-	Keystone *KeystoneIdentityProvider `json:"keystone,omitempty"`
-
-	// ldap enables user authentication using LDAP credentials
-	// +optional
-	LDAP *LDAPIdentityProvider `json:"ldap,omitempty"`
-
-	// openID enables user authentication using OpenID credentials
-	// +optional
-	OpenID *OpenIDIdentityProvider `json:"openID,omitempty"`
-
-	// requestHeader enables user authentication using request header credentials
-	// +optional
-	RequestHeader *RequestHeaderIdentityProvider `json:"requestHeader,omitempty"`
-}
-
-// BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials
-type BasicAuthIdentityProvider struct {
-	// OAuthRemoteConnectionInfo contains information about how to connect to the external basic auth server
-	OAuthRemoteConnectionInfo `json:",inline"`
-}
-
-// OAuthRemoteConnectionInfo holds information necessary for establishing a remote connection
-type OAuthRemoteConnectionInfo struct {
-	// url is the remote URL to connect to
-	URL string `json:"url"`
-
-	// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
-	// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
-	// The key "ca.crt" is used to locate the data.
-	// If specified and the config map or expected key is not found, the identity provider is not honored.
-	// If the specified ca data is not valid, the identity provider is not honored.
-	// If empty, the default system roots are used.
-	// The namespace for this config map is openshift-config.
-	// +optional
-	CA ConfigMapNameReference `json:"ca"`
-
-	// tlsClientCert is an optional reference to a secret by name that contains the
-	// PEM-encoded TLS client certificate to present when connecting to the server.
-	// The key "tls.crt" is used to locate the data.
-	// If specified and the secret or expected key is not found, the identity provider is not honored.
-	// If the specified certificate data is not valid, the identity provider is not honored.
-	// The namespace for this secret is openshift-config.
-	// +optional
-	TLSClientCert SecretNameReference `json:"tlsClientCert"`
-
-	// tlsClientKey is an optional reference to a secret by name that contains the
-	// PEM-encoded TLS private key for the client certificate referenced in tlsClientCert.
-	// The key "tls.key" is used to locate the data.
-	// If specified and the secret or expected key is not found, the identity provider is not honored.
-	// If the specified certificate data is not valid, the identity provider is not honored.
-	// The namespace for this secret is openshift-config.
-	// +optional
-	TLSClientKey SecretNameReference `json:"tlsClientKey"`
-}
-
-// HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials
-type HTPasswdIdentityProvider struct {
-	// fileData is a required reference to a secret by name containing the data to use as the htpasswd file.
-	// The key "htpasswd" is used to locate the data.
-	// If the secret or expected key is not found, the identity provider is not honored.
-	// If the specified htpasswd data is not valid, the identity provider is not honored.
-	// The namespace for this secret is openshift-config.
-	FileData SecretNameReference `json:"fileData"`
-}
-
-// LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials
-type LDAPIdentityProvider struct {
-	// url is an RFC 2255 URL which specifies the LDAP search parameters to use.
-	// The syntax of the URL is:
-	// ldap://host:port/basedn?attribute?scope?filter
-	URL string `json:"url"`
-
-	// bindDN is an optional DN to bind with during the search phase.
-	// +optional
-	BindDN string `json:"bindDN"`
-
-	// bindPassword is an optional reference to a secret by name
-	// containing a password to bind with during the search phase.
-	// The key "bindPassword" is used to locate the data.
-	// If specified and the secret or expected key is not found, the identity provider is not honored.
-	// The namespace for this secret is openshift-config.
-	// +optional
-	BindPassword SecretNameReference `json:"bindPassword"`
-
-	// insecure, if true, indicates the connection should not use TLS
-	// WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always
-	//          attempt to connect using TLS, even when `insecure` is set to `true`
-	// When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to
-	// a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.
-	Insecure bool `json:"insecure"`
-
-	// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
-	// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
-	// The key "ca.crt" is used to locate the data.
-	// If specified and the config map or expected key is not found, the identity provider is not honored.
-	// If the specified ca data is not valid, the identity provider is not honored.
-	// If empty, the default system roots are used.
-	// The namespace for this config map is openshift-config.
-	// +optional
-	CA ConfigMapNameReference `json:"ca"`
-
-	// attributes maps LDAP attributes to identities
-	Attributes LDAPAttributeMapping `json:"attributes"`
-}
-
-// LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields
-type LDAPAttributeMapping struct {
-	// id is the list of attributes whose values should be used as the user ID. Required.
-	// First non-empty attribute is used. At least one attribute is required. If none of the listed
-	// attribute have a value, authentication fails.
-	// LDAP standard identity attribute is "dn"
-	ID []string `json:"id"`
-
-	// preferredUsername is the list of attributes whose values should be used as the preferred username.
-	// LDAP standard login attribute is "uid"
-	// +optional
-	PreferredUsername []string `json:"preferredUsername,omitempty"`
-
-	// name is the list of attributes whose values should be used as the display name. Optional.
-	// If unspecified, no display name is set for the identity
-	// LDAP standard display name attribute is "cn"
-	// +optional
-	Name []string `json:"name,omitempty"`
-
-	// email is the list of attributes whose values should be used as the email address. Optional.
-	// If unspecified, no email is set for the identity
-	// +optional
-	Email []string `json:"email,omitempty"`
-}
-
-// KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials
-type KeystoneIdentityProvider struct {
-	// OAuthRemoteConnectionInfo contains information about how to connect to the keystone server
-	OAuthRemoteConnectionInfo `json:",inline"`
-
-	// domainName is required for keystone v3
-	DomainName string `json:"domainName"`
-
-	// TODO if we ever add support for 3.11 to 4.0 upgrades, add this configuration
-	// useUsernameIdentity indicates that users should be authenticated by username, not keystone ID
-	// DEPRECATED - only use this option for legacy systems to ensure backwards compatibility
-	// +optional
-	// UseUsernameIdentity bool `json:"useUsernameIdentity"`
-}
-
-// RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials
-type RequestHeaderIdentityProvider struct {
-	// loginURL is a URL to redirect unauthenticated /authorize requests to
-	// Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here
-	// ${url} is replaced with the current URL, escaped to be safe in a query parameter
-	//   https://www.example.com/sso-login?then=${url}
-	// ${query} is replaced with the current query string
-	//   https://www.example.com/auth-proxy/oauth/authorize?${query}
-	// Required when login is set to true.
-	LoginURL string `json:"loginURL"`
-
-	// challengeURL is a URL to redirect unauthenticated /authorize requests to
-	// Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be
-	// redirected here.
-	// ${url} is replaced with the current URL, escaped to be safe in a query parameter
-	//   https://www.example.com/sso-login?then=${url}
-	// ${query} is replaced with the current query string
-	//   https://www.example.com/auth-proxy/oauth/authorize?${query}
-	// Required when challenge is set to true.
-	ChallengeURL string `json:"challengeURL"`
-
-	// ca is a required reference to a config map by name containing the PEM-encoded CA bundle.
-	// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
-	// Specifically, it allows verification of incoming requests to prevent header spoofing.
-	// The key "ca.crt" is used to locate the data.
-	// If the config map or expected key is not found, the identity provider is not honored.
-	// If the specified ca data is not valid, the identity provider is not honored.
-	// The namespace for this config map is openshift-config.
-	ClientCA ConfigMapNameReference `json:"ca"`
-
-	// clientCommonNames is an optional list of common names to require a match from. If empty, any
-	// client certificate validated against the clientCA bundle is considered authoritative.
-	// +optional
-	ClientCommonNames []string `json:"clientCommonNames,omitempty"`
-
-	// headers is the set of headers to check for identity information
-	Headers []string `json:"headers"`
-
-	// preferredUsernameHeaders is the set of headers to check for the preferred username
-	PreferredUsernameHeaders []string `json:"preferredUsernameHeaders"`
-
-	// nameHeaders is the set of headers to check for the display name
-	NameHeaders []string `json:"nameHeaders"`
-
-	// emailHeaders is the set of headers to check for the email address
-	EmailHeaders []string `json:"emailHeaders"`
-}
-
-// GitHubIdentityProvider provides identities for users authenticating using GitHub credentials
-type GitHubIdentityProvider struct {
-	// clientID is the oauth client ID
-	ClientID string `json:"clientID"`
-
-	// clientSecret is a required reference to the secret by name containing the oauth client secret.
-	// The key "clientSecret" is used to locate the data.
-	// If the secret or expected key is not found, the identity provider is not honored.
-	// The namespace for this secret is openshift-config.
-	ClientSecret SecretNameReference `json:"clientSecret"`
-
-	// organizations optionally restricts which organizations are allowed to log in
-	// +optional
-	Organizations []string `json:"organizations,omitempty"`
-
-	// teams optionally restricts which teams are allowed to log in. Format is <org>/<team>.
-	// +optional
-	Teams []string `json:"teams,omitempty"`
-
-	// hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of
-	// GitHub Enterprise.
-	// It must match the GitHub Enterprise settings value configured at /setup/settings#hostname.
-	// +optional
-	Hostname string `json:"hostname"`
-
-	// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
-	// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
-	// The key "ca.crt" is used to locate the data.
-	// If specified and the config map or expected key is not found, the identity provider is not honored.
-	// If the specified ca data is not valid, the identity provider is not honored.
-	// If empty, the default system roots are used.
-	// This can only be configured when hostname is set to a non-empty value.
-	// The namespace for this config map is openshift-config.
-	// +optional
-	CA ConfigMapNameReference `json:"ca"`
-}
-
-// GitLabIdentityProvider provides identities for users authenticating using GitLab credentials
-type GitLabIdentityProvider struct {
-	// clientID is the oauth client ID
-	ClientID string `json:"clientID"`
-
-	// clientSecret is a required reference to the secret by name containing the oauth client secret.
-	// The key "clientSecret" is used to locate the data.
-	// If the secret or expected key is not found, the identity provider is not honored.
-	// The namespace for this secret is openshift-config.
-	ClientSecret SecretNameReference `json:"clientSecret"`
-
-	// url is the oauth server base URL
-	URL string `json:"url"`
-
-	// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
-	// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
-	// The key "ca.crt" is used to locate the data.
-	// If specified and the config map or expected key is not found, the identity provider is not honored.
-	// If the specified ca data is not valid, the identity provider is not honored.
-	// If empty, the default system roots are used.
-	// The namespace for this config map is openshift-config.
-	// +optional
-	CA ConfigMapNameReference `json:"ca"`
-}
-
-// GoogleIdentityProvider provides identities for users authenticating using Google credentials
-type GoogleIdentityProvider struct {
-	// clientID is the oauth client ID
-	ClientID string `json:"clientID"`
-
-	// clientSecret is a required reference to the secret by name containing the oauth client secret.
-	// The key "clientSecret" is used to locate the data.
-	// If the secret or expected key is not found, the identity provider is not honored.
-	// The namespace for this secret is openshift-config.
-	ClientSecret SecretNameReference `json:"clientSecret"`
-
-	// hostedDomain is the optional Google App domain (e.g. "mycompany.com") to restrict logins to
-	// +optional
-	HostedDomain string `json:"hostedDomain"`
-}
-
-// OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials
-type OpenIDIdentityProvider struct {
-	// clientID is the oauth client ID
-	ClientID string `json:"clientID"`
-
-	// clientSecret is a required reference to the secret by name containing the oauth client secret.
-	// The key "clientSecret" is used to locate the data.
-	// If the secret or expected key is not found, the identity provider is not honored.
-	// The namespace for this secret is openshift-config.
-	ClientSecret SecretNameReference `json:"clientSecret"`
-
-	// ca is an optional reference to a config map by name containing the PEM-encoded CA bundle.
-	// It is used as a trust anchor to validate the TLS certificate presented by the remote server.
-	// The key "ca.crt" is used to locate the data.
-	// If specified and the config map or expected key is not found, the identity provider is not honored.
-	// If the specified ca data is not valid, the identity provider is not honored.
-	// If empty, the default system roots are used.
-	// The namespace for this config map is openshift-config.
-	// +optional
-	CA ConfigMapNameReference `json:"ca"`
-
-	// extraScopes are any scopes to request in addition to the standard "openid" scope.
-	// +optional
-	ExtraScopes []string `json:"extraScopes,omitempty"`
-
-	// extraAuthorizeParameters are any custom parameters to add to the authorize request.
-	// +optional
-	ExtraAuthorizeParameters map[string]string `json:"extraAuthorizeParameters,omitempty"`
-
-	// issuer is the URL that the OpenID Provider asserts as its Issuer Identifier.
-	// It must use the https scheme with no query or fragment component.
-	Issuer string `json:"issuer"`
-
-	// claims mappings
-	Claims OpenIDClaims `json:"claims"`
-}
-
-// UserIDClaim is the claim used to provide a stable identifier for OIDC identities.
-// Per http://openid.net/specs/openid-connect-core-1_0.html#ClaimStability
-//  "The sub (subject) and iss (issuer) Claims, used together, are the only Claims that an RP can
-//   rely upon as a stable identifier for the End-User, since the sub Claim MUST be locally unique
-//   and never reassigned within the Issuer for a particular End-User, as described in Section 2.
-//   Therefore, the only guaranteed unique identifier for a given End-User is the combination of the
-//   iss Claim and the sub Claim."
-const UserIDClaim = "sub"
-
-// OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider
-type OpenIDClaims struct {
-	// preferredUsername is the list of claims whose values should be used as the preferred username.
-	// If unspecified, the preferred username is determined from the value of the sub claim
-	// +optional
-	PreferredUsername []string `json:"preferredUsername,omitempty"`
-
-	// name is the list of claims whose values should be used as the display name. Optional.
-	// If unspecified, no display name is set for the identity
-	// +optional
-	Name []string `json:"name,omitempty"`
-
-	// email is the list of claims whose values should be used as the email address. Optional.
-	// If unspecified, no email is set for the identity
-	// +optional
-	Email []string `json:"email,omitempty"`
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-type OAuthList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-
-	Items []OAuth `json:"items"`
-}
--- a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go
+++ b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go
@ -1,78 +0,0 @@
-package v1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// OperatorHubSpec defines the desired state of OperatorHub
-type OperatorHubSpec struct {
-	// disableAllDefaultSources allows you to disable all the default hub
-	// sources. If this is true, a specific entry in sources can be used to
-	// enable a default source. If this is false, a specific entry in
-	// sources can be used to disable or enable a default source.
-	// +optional
-	DisableAllDefaultSources bool `json:"disableAllDefaultSources,omitempty"`
-	// sources is the list of default hub sources and their configuration.
-	// If the list is empty, it implies that the default hub sources are
-	// enabled on the cluster unless disableAllDefaultSources is true.
-	// If disableAllDefaultSources is true and sources is not empty,
-	// the configuration present in sources will take precedence. The list of
-	// default hub sources and their current state will always be reflected in
-	// the status block.
-	// +optional
-	Sources []HubSource `json:"sources,omitempty"`
-}
-
-// OperatorHubStatus defines the observed state of OperatorHub. The current
-// state of the default hub sources will always be reflected here.
-type OperatorHubStatus struct {
-	// sources encapsulates the result of applying the configuration for each
-	// hub source
-	Sources []HubSourceStatus `json:"sources,omitempty"`
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// OperatorHub is the Schema for the operatorhubs API. It can be used to change
-// the state of the default hub sources for OperatorHub on the cluster from
-// enabled to disabled and vice versa.
-// +kubebuilder:subresource:status
-// +genclient:nonNamespaced
-type OperatorHub struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata"`
-
-	Spec   OperatorHubSpec   `json:"spec"`
-	Status OperatorHubStatus `json:"status"`
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// OperatorHubList contains a list of OperatorHub
-type OperatorHubList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-	Items           []OperatorHub `json:"items"`
-}
-
-// HubSource is used to specify the hub source and its configuration
-type HubSource struct {
-	// name is the name of one of the default hub sources
-	// +kubebuilder:validation:MaxLength=253
-	// +kubebuilder:validation:MinLength=1
-	// +kubebuilder:Required
-	Name string `json:"name"`
-	// disabled is used to disable a default hub source on cluster
-	// +kubebuilder:Required
-	Disabled bool `json:"disabled"`
-}
-
-// HubSourceStatus is used to reflect the current state of applying the
-// configuration to a default source
-type HubSourceStatus struct {
-	HubSource `json:",omitempty"`
-	// status indicates success or failure in applying the configuration
-	Status string `json:"status,omitempty"`
-	// message provides more information regarding failures
-	Message string `json:"message,omitempty"`
-}
--- a/vendor/github.com/openshift/api/config/v1/types_project.go
+++ b/vendor/github.com/openshift/api/config/v1/types_project.go
@ -1,54 +0,0 @@
-package v1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// Project holds cluster-wide information about Project.  The canonical name is `cluster`
-type Project struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// spec holds user settable values for configuration
-	// +kubebuilder:validation:Required
-	// +required
-	Spec ProjectSpec `json:"spec"`
-	// status holds observed values from the cluster. They may not be overridden.
-	// +optional
-	Status ProjectStatus `json:"status"`
-}
-
-// TemplateReference references a template in a specific namespace.
-// The namespace must be specified at the point of use.
-type TemplateReference struct {
-	// name is the metadata.name of the referenced project request template
-	Name string `json:"name"`
-}
-
-// ProjectSpec holds the project creation configuration.
-type ProjectSpec struct {
-	// projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint
-	// +optional
-	ProjectRequestMessage string `json:"projectRequestMessage"`
-
-	// projectRequestTemplate is the template to use for creating projects in response to projectrequest.
-	// This must point to a template in 'openshift-config' namespace. It is optional.
-	// If it is not specified, a default template is used.
-	//
-	// +optional
-	ProjectRequestTemplate TemplateReference `json:"projectRequestTemplate"`
-}
-
-type ProjectStatus struct {
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-type ProjectList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-
-	Items []Project `json:"items"`
-}
--- a/vendor/github.com/openshift/api/config/v1/types_proxy.go
+++ b/vendor/github.com/openshift/api/config/v1/types_proxy.go
@ -1,90 +0,0 @@
-package v1
-
-import (
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`
-type Proxy struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// Spec holds user-settable values for the proxy configuration
-	// +kubebuilder:validation:Required
-	// +required
-	Spec ProxySpec `json:"spec"`
-	// status holds observed values from the cluster. They may not be overridden.
-	// +optional
-	Status ProxyStatus `json:"status"`
-}
-
-// ProxySpec contains cluster proxy creation configuration.
-type ProxySpec struct {
-	// httpProxy is the URL of the proxy for HTTP requests.  Empty means unset and will not result in an env var.
-	// +optional
-	HTTPProxy string `json:"httpProxy,omitempty"`
-
-	// httpsProxy is the URL of the proxy for HTTPS requests.  Empty means unset and will not result in an env var.
-	// +optional
-	HTTPSProxy string `json:"httpsProxy,omitempty"`
-
-	// noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.
-	// Empty means unset and will not result in an env var.
-	// +optional
-	NoProxy string `json:"noProxy,omitempty"`
-
-	// readinessEndpoints is a list of endpoints used to verify readiness of the proxy.
-	// +optional
-	ReadinessEndpoints []string `json:"readinessEndpoints,omitempty"`
-
-	// trustedCA is a reference to a ConfigMap containing a CA certificate bundle used
-	// for client egress HTTPS connections. The certificate bundle must be from the CA
-	// that signed the proxy's certificate and be signed for everything. The trustedCA
-	// field should only be consumed by a proxy validator. The validator is responsible
-	// for reading the certificate bundle from required key "ca-bundle.crt" and copying
-	// it to a ConfigMap named "trusted-ca-bundle" in the "openshift-config-managed"
-	// namespace. The namespace for the ConfigMap referenced by trustedCA is
-	// "openshift-config". Here is an example ConfigMap (in yaml):
-	//
-	// apiVersion: v1
-	// kind: ConfigMap
-	// metadata:
-	//  name: user-ca-bundle
-	//  namespace: openshift-config
-	//  data:
-	//    ca-bundle.crt: |
-	//      -----BEGIN CERTIFICATE-----
-	//      Custom CA certificate bundle.
-	//      -----END CERTIFICATE-----
-	//
-	// +optional
-	TrustedCA ConfigMapNameReference `json:"trustedCA,omitempty"`
-}
-
-// ProxyStatus shows current known state of the cluster proxy.
-type ProxyStatus struct {
-	// httpProxy is the URL of the proxy for HTTP requests.
-	// +optional
-	HTTPProxy string `json:"httpProxy,omitempty"`
-
-	// httpsProxy is the URL of the proxy for HTTPS requests.
-	// +optional
-	HTTPSProxy string `json:"httpsProxy,omitempty"`
-
-	// noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.
-	// +optional
-	NoProxy string `json:"noProxy,omitempty"`
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-type ProxyList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-
-	Items []Proxy `json:"items"`
-}
--- a/vendor/github.com/openshift/api/config/v1/types_scheduling.go
+++ b/vendor/github.com/openshift/api/config/v1/types_scheduling.go
@ -1,74 +0,0 @@
-package v1
-
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
-// +genclient
-// +genclient:nonNamespaced
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-// Scheduler holds cluster-wide config information to run the Kubernetes Scheduler
-// and influence its placement decisions. The canonical name for this config is `cluster`.
-type Scheduler struct {
-	metav1.TypeMeta   `json:",inline"`
-	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	// spec holds user settable values for configuration
-	// +kubebuilder:validation:Required
-	// +required
-	Spec SchedulerSpec `json:"spec"`
-	// status holds observed values from the cluster. They may not be overridden.
-	// +optional
-	Status SchedulerStatus `json:"status"`
-}
-
-type SchedulerSpec struct {
-	// policy is a reference to a ConfigMap containing scheduler policy which has
-	// user specified predicates and priorities. If this ConfigMap is not available
-	// scheduler will default to use DefaultAlgorithmProvider.
-	// The namespace for this configmap is openshift-config.
-	// +optional
-	Policy ConfigMapNameReference `json:"policy"`
-	// defaultNodeSelector helps set the cluster-wide default node selector to
-	// restrict pod placement to specific nodes. This is applied to the pods
-	// created in all namespaces without a specified nodeSelector value.
-	// For example,
-	// defaultNodeSelector: "type=user-node,region=east" would set nodeSelector
-	// field in pod spec to "type=user-node,region=east" to all pods created
-	// in all namespaces. Namespaces having project-wide node selectors won't be
-	// impacted even if this field is set. This adds an annotation section to
-	// the namespace.
-	// For example, if a new namespace is created with
-	// node-selector='type=user-node,region=east',
-	// the annotation openshift.io/node-selector: type=user-node,region=east
-	// gets added to the project. When the openshift.io/node-selector annotation
-	// is set on the project the value is used in preference to the value we are setting
-	// for defaultNodeSelector field.
-	// For instance,
-	// openshift.io/node-selector: "type=user-node,region=west" means
-	// that the default of "type=user-node,region=east" set in defaultNodeSelector
-	// would not be applied.
-	// +optional
-	DefaultNodeSelector string `json:"defaultNodeSelector,omitempty"`
-	// MastersSchedulable allows masters nodes to be schedulable. When this flag is
-	// turned on, all the master nodes in the cluster will be made schedulable,
-	// so that workload pods can run on them. The default value for this field is false,
-	// meaning none of the master nodes are schedulable.
-	// Important Note: Once the workload pods start running on the master nodes,
-	// extreme care must be taken to ensure that cluster-critical control plane components
-	// are not impacted.
-	// Please turn on this field after doing due diligence.
-	// +optional
-	MastersSchedulable bool `json:"mastersSchedulable"`
-}
-
-type SchedulerStatus struct {
-}
-
-// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
-
-type SchedulerList struct {
-	metav1.TypeMeta `json:",inline"`
-	metav1.ListMeta `json:"metadata"`
-
-	Items []Scheduler `json:"items"`
-}
--- a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go
+++ b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go
@ -1,260 +0,0 @@
-package v1
-
-// TLSSecurityProfile defines the schema for a TLS security profile. This object
-// is used by operators to apply TLS security settings to operands.
-// +union
-type TLSSecurityProfile struct {
-	// type is one of Old, Intermediate, Modern or Custom. Custom provides
-	// the ability to specify individual TLS security profile parameters.
-	// Old, Intermediate and Modern are TLS security profiles based on:
-	//
-	// https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
-	//
-	// The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers
-	// are found to be insecure.  Depending on precisely which ciphers are available to a process, the list may be
-	// reduced.
-	//
-	// Note that the Modern profile is currently not supported because it is not
-	// yet well adopted by common software libraries.
-	//
-	// +unionDiscriminator
-	// +optional
-	Type TLSProfileType `json:"type"`
-	// old is a TLS security profile based on:
-	//
-	// https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
-	//
-	// and looks like this (yaml):
-	//
-	//   ciphers:
-	//     - TLS_AES_128_GCM_SHA256
-	//     - TLS_AES_256_GCM_SHA384
-	//     - TLS_CHACHA20_POLY1305_SHA256
-	//     - ECDHE-ECDSA-AES128-GCM-SHA256
-	//     - ECDHE-RSA-AES128-GCM-SHA256
-	//     - ECDHE-ECDSA-AES256-GCM-SHA384
-	//     - ECDHE-RSA-AES256-GCM-SHA384
-	//     - ECDHE-ECDSA-CHACHA20-POLY1305
-	//     - ECDHE-RSA-CHACHA20-POLY1305
-	//     - DHE-RSA-AES128-GCM-SHA256
-	//     - DHE-RSA-AES256-GCM-SHA384
-	//     - DHE-RSA-CHACHA20-POLY1305
-	//     - ECDHE-ECDSA-AES128-SHA256
-	//     - ECDHE-RSA-AES128-SHA256
-	//     - ECDHE-ECDSA-AES128-SHA
-	//     - ECDHE-RSA-AES128-SHA
-	//     - ECDHE-ECDSA-AES256-SHA384
-	//     - ECDHE-RSA-AES256-SHA384
-	//     - ECDHE-ECDSA-AES256-SHA
-	//     - ECDHE-RSA-AES256-SHA
-	//     - DHE-RSA-AES128-SHA256
-	//     - DHE-RSA-AES256-SHA256
-	//     - AES128-GCM-SHA256
-	//     - AES256-GCM-SHA384
-	//     - AES128-SHA256
-	//     - AES256-SHA256
-	//     - AES128-SHA
-	//     - AES256-SHA
-	//     - DES-CBC3-SHA
-	//   minTLSVersion: TLSv1.0
-	//
-	// +optional
-	// +nullable
-	Old *OldTLSProfile `json:"old,omitempty"`
-	// intermediate is a TLS security profile based on:
-	//
-	// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
-	//
-	// and looks like this (yaml):
-	//
-	//   ciphers:
-	//     - TLS_AES_128_GCM_SHA256
-	//     - TLS_AES_256_GCM_SHA384
-	//     - TLS_CHACHA20_POLY1305_SHA256
-	//     - ECDHE-ECDSA-AES128-GCM-SHA256
-	//     - ECDHE-RSA-AES128-GCM-SHA256
-	//     - ECDHE-ECDSA-AES256-GCM-SHA384
-	//     - ECDHE-RSA-AES256-GCM-SHA384
-	//     - ECDHE-ECDSA-CHACHA20-POLY1305
-	//     - ECDHE-RSA-CHACHA20-POLY1305
-	//     - DHE-RSA-AES128-GCM-SHA256
-	//     - DHE-RSA-AES256-GCM-SHA384
-	//   minTLSVersion: TLSv1.2
-	//
-	// +optional
-	// +nullable
-	Intermediate *IntermediateTLSProfile `json:"intermediate,omitempty"`
-	// modern is a TLS security profile based on:
-	//
-	// https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
-	//
-	// and looks like this (yaml):
-	//
-	//   ciphers:
-	//     - TLS_AES_128_GCM_SHA256
-	//     - TLS_AES_256_GCM_SHA384
-	//     - TLS_CHACHA20_POLY1305_SHA256
-	//   minTLSVersion: TLSv1.3
-	//
-	// NOTE: Currently unsupported.
-	//
-	// +optional
-	// +nullable
-	Modern *ModernTLSProfile `json:"modern,omitempty"`
-	// custom is a user-defined TLS security profile. Be extremely careful using a custom
-	// profile as invalid configurations can be catastrophic. An example custom profile
-	// looks like this:
-	//
-	//   ciphers:
-	//     - ECDHE-ECDSA-CHACHA20-POLY1305
-	//     - ECDHE-RSA-CHACHA20-POLY1305
-	//     - ECDHE-RSA-AES128-GCM-SHA256
-	//     - ECDHE-ECDSA-AES128-GCM-SHA256
-	//   minTLSVersion: TLSv1.1
-	//
-	// +optional
-	// +nullable
-	Custom *CustomTLSProfile `json:"custom,omitempty"`
-}
-
-// OldTLSProfile is a TLS security profile based on:
-// https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
-type OldTLSProfile struct{}
-
-// IntermediateTLSProfile is a TLS security profile based on:
-// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
-type IntermediateTLSProfile struct{}
-
-// ModernTLSProfile is a TLS security profile based on:
-// https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
-type ModernTLSProfile struct{}
-
-// CustomTLSProfile is a user-defined TLS security profile. Be extremely careful
-// using a custom TLS profile as invalid configurations can be catastrophic.
-type CustomTLSProfile struct {
-	TLSProfileSpec `json:",inline"`
-}
-
-// TLSProfileType defines a TLS security profile type.
-type TLSProfileType string
-
-const (
-	// Old is a TLS security profile based on:
-	// https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
-	TLSProfileOldType TLSProfileType = "Old"
-	// Intermediate is a TLS security profile based on:
-	// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
-	TLSProfileIntermediateType TLSProfileType = "Intermediate"
-	// Modern is a TLS security profile based on:
-	// https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
-	TLSProfileModernType TLSProfileType = "Modern"
-	// Custom is a TLS security profile that allows for user-defined parameters.
-	TLSProfileCustomType TLSProfileType = "Custom"
-)
-
-// TLSProfileSpec is the desired behavior of a TLSSecurityProfile.
-type TLSProfileSpec struct {
-	// ciphers is used to specify the cipher algorithms that are negotiated
-	// during the TLS handshake.  Operators may remove entries their operands
-	// do not support.  For example, to use DES-CBC3-SHA  (yaml):
-	//
-	//   ciphers:
-	//     - DES-CBC3-SHA
-	//
-	Ciphers []string `json:"ciphers"`
-	// minTLSVersion is used to specify the minimal version of the TLS protocol
-	// that is negotiated during the TLS handshake. For example, to use TLS
-	// versions 1.1, 1.2 and 1.3 (yaml):
-	//
-	//   minTLSVersion: TLSv1.1
-	//
-	// NOTE: currently the highest minTLSVersion allowed is VersionTLS12
-	//
-	MinTLSVersion TLSProtocolVersion `json:"minTLSVersion"`
-}
-
-// TLSProtocolVersion is a way to specify the protocol version used for TLS connections.
-// Protocol versions are based on the following most common TLS configurations:
-//
-//   https://ssl-config.mozilla.org/
-//
-// Note that SSLv3.0 is not a supported protocol version due to well known
-// vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE
-type TLSProtocolVersion string
-
-const (
-	// VersionTLSv10 is version 1.0 of the TLS security protocol.
-	VersionTLS10 TLSProtocolVersion = "VersionTLS10"
-	// VersionTLSv11 is version 1.1 of the TLS security protocol.
-	VersionTLS11 TLSProtocolVersion = "VersionTLS11"
-	// VersionTLSv12 is version 1.2 of the TLS security protocol.
-	VersionTLS12 TLSProtocolVersion = "VersionTLS12"
-	// VersionTLSv13 is version 1.3 of the TLS security protocol.
-	VersionTLS13 TLSProtocolVersion = "VersionTLS13"
-)
-
-// TLSProfiles Contains a map of TLSProfileType names to TLSProfileSpec.
-//
-// NOTE: The caller needs to make sure to check that these constants are valid for their binary. Not all
-// entries map to values for all binaries.  In the case of ties, the kube-apiserver wins.  Do not fail,
-// just be sure to whitelist only and everything will be ok.
-var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{
-	TLSProfileOldType: {
-		Ciphers: []string{
-			"TLS_AES_128_GCM_SHA256",
-			"TLS_AES_256_GCM_SHA384",
-			"TLS_CHACHA20_POLY1305_SHA256",
-			"ECDHE-ECDSA-AES128-GCM-SHA256",
-			"ECDHE-RSA-AES128-GCM-SHA256",
-			"ECDHE-ECDSA-AES256-GCM-SHA384",
-			"ECDHE-RSA-AES256-GCM-SHA384",
-			"ECDHE-ECDSA-CHACHA20-POLY1305",
-			"ECDHE-RSA-CHACHA20-POLY1305",
-			"DHE-RSA-AES128-GCM-SHA256",
-			"DHE-RSA-AES256-GCM-SHA384",
-			"DHE-RSA-CHACHA20-POLY1305",
-			"ECDHE-ECDSA-AES128-SHA256",
-			"ECDHE-RSA-AES128-SHA256",
-			"ECDHE-ECDSA-AES128-SHA",
-			"ECDHE-RSA-AES128-SHA",
-			"ECDHE-ECDSA-AES256-SHA384",
-			"ECDHE-RSA-AES256-SHA384",
-			"ECDHE-ECDSA-AES256-SHA",
-			"ECDHE-RSA-AES256-SHA",
-			"DHE-RSA-AES128-SHA256",
-			"DHE-RSA-AES256-SHA256",
-			"AES128-GCM-SHA256",
-			"AES256-GCM-SHA384",
-			"AES128-SHA256",
-			"AES256-SHA256",
-			"AES128-SHA",
-			"AES256-SHA",
-			"DES-CBC3-SHA",
-		},
-		MinTLSVersion: VersionTLS10,
-	},
-	TLSProfileIntermediateType: {
-		Ciphers: []string{
-			"TLS_AES_128_GCM_SHA256",
-			"TLS_AES_256_GCM_SHA384",
-			"TLS_CHACHA20_POLY1305_SHA256",
-			"ECDHE-ECDSA-AES128-GCM-SHA256",
-			"ECDHE-RSA-AES128-GCM-SHA256",
-			"ECDHE-ECDSA-AES256-GCM-SHA384",
-			"ECDHE-RSA-AES256-GCM-SHA384",
-			"ECDHE-ECDSA-CHACHA20-POLY1305",
-			"ECDHE-RSA-CHACHA20-POLY1305",
-			"DHE-RSA-AES128-GCM-SHA256",
-			"DHE-RSA-AES256-GCM-SHA384",
-		},
-		MinTLSVersion: VersionTLS12,
-	},
-	TLSProfileModernType: {
-		Ciphers: []string{
-			"TLS_AES_128_GCM_SHA256",
-			"TLS_AES_256_GCM_SHA384",
-			"TLS_CHACHA20_POLY1305_SHA256",
-		},
-		MinTLSVersion: VersionTLS13,
-	},
-}
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go
--- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -66,7 +66,7 @@ github.com/containernetworking/plugins/pkg/utils/hwaddr
 github.com/containernetworking/plugins/pkg/utils/sysctl
 github.com/containernetworking/plugins/plugins/ipam/host-local/backend
 github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator
-# github.com/containers/buildah v1.14.9-0.20200501175434-42a48f9373d9
+# github.com/containers/buildah v1.14.9-0.20200523094741-de0f541d9224
 github.com/containers/buildah
 github.com/containers/buildah/bind
 github.com/containers/buildah/chroot
@ -425,8 +425,6 @@ github.com/opencontainers/runtime-tools/validate
 github.com/opencontainers/selinux/go-selinux
 github.com/opencontainers/selinux/go-selinux/label
 github.com/opencontainers/selinux/pkg/pwalk
-# github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316
-github.com/openshift/api/config/v1
 # github.com/openshift/imagebuilder v1.1.4
 github.com/openshift/imagebuilder
 github.com/openshift/imagebuilder/dockerfile/command