Merge pull request #94769 from jab-rh/apis-4-19-0

jab-rh · web-flow · commit 177fa430206f · 2025-06-13T13:15:19.000-04:00
Add 4-19-0 APIs
diff --git a/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc b/rest_api/config_apis/infrastructure-config-openshift-io-v1.adoc
@@ -122,7 +122,7 @@ Type::
 
 | `name`
 | `string`
-|
+| 
 
 |===
 === .spec.platformSpec
@@ -2911,7 +2911,7 @@ Description::
 | Parameter | Type | Description
 | `body`
 | xref:../config_apis/infrastructure-config-openshift-io-v1.adoc#infrastructure-config-openshift-io-v1[`Infrastructure`] schema
-|
+| 
 |===
 
 .HTTP responses
@@ -3044,7 +3044,7 @@ Description::
 | Parameter | Type | Description
 | `body`
 | xref:../config_apis/infrastructure-config-openshift-io-v1.adoc#infrastructure-config-openshift-io-v1[`Infrastructure`] schema
-|
+| 
 |===
 
 .HTTP responses
@@ -3146,7 +3146,7 @@ Description::
 | Parameter | Type | Description
 | `body`
 | xref:../config_apis/infrastructure-config-openshift-io-v1.adoc#infrastructure-config-openshift-io-v1[`Infrastructure`] schema
-|
+| 
 |===
 
 .HTTP responses
diff --git a/rest_api/console_apis/consoleplugin-console-openshift-io-v1.adoc b/rest_api/console_apis/consoleplugin-console-openshift-io-v1.adoc
@@ -72,6 +72,52 @@ Required::
 | `object`
 | backend holds the configuration of backend which is serving console's plugin .
 
+| `contentSecurityPolicy`
+| `array`
+| contentSecurityPolicy is a list of Content-Security-Policy (CSP) directives for the plugin.
+Each directive specifies a list of values, appropriate for the given directive type,
+for example a list of remote endpoints for fetch directives such as ScriptSrc.
+Console web application uses CSP to detect and mitigate certain types of attacks,
+such as cross-site scripting (XSS) and data injection attacks.
+Dynamic plugins should specify this field if need to load assets from outside
+the cluster or if violation reports are observed. Dynamic plugins should always prefer
+loading their assets from within the cluster, either by vendoring them, or fetching
+from a cluster service.
+CSP violation reports can be viewed in the browser's console logs during development and
+testing of the plugin in the OpenShift web console.
+Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc.
+Each of the available directives may be defined only once in the list.
+The value 'self' is automatically included in all fetch directives by the OpenShift web
+console's backend.
+For more information about the CSP directives, see:
+https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+
+The OpenShift web console server aggregates the CSP directives and values across
+its own default values and all enabled ConsolePlugin CRs, merging them into a single
+policy string that is sent to the browser via `Content-Security-Policy` HTTP response header.
+
+Example:
+  ConsolePlugin A directives:
+    script-src: https://script1.com/, https://script2.com/
+    font-src: https://font1.com/
+
+  ConsolePlugin B directives:
+    script-src: https://script2.com/, https://script3.com/
+    font-src: https://font2.com/
+    img-src: https://img1.com/
+
+  Unified set of CSP directives, passed to the OpenShift web console server:
+    script-src: https://script1.com/, https://script2.com/, https://script3.com/
+    font-src: https://font1.com/, https://font2.com/
+    img-src: https://img1.com/
+
+  OpenShift web console server CSP response header:
+    Content-Security-Policy: default-src 'self'; base-uri 'self'; script-src 'self' https://script1.com/ https://script2.com/ https://script3.com/; font-src 'self' https://font1.com/ https://font2.com/; img-src 'self' https://img1.com/; style-src 'self'; frame-src 'none'; object-src 'none'
+
+| `contentSecurityPolicy[]`
+| `object`
+| ConsolePluginCSP holds configuration for a specific CSP directive
+
 | `displayName`
 | `string`
 | displayName is the display name of the plugin.
@@ -166,6 +212,111 @@ that contains metadata about the plugin and the extensions.
 | `integer`
 | port on which the Service that is serving the plugin is listening to.
 
+|===
+=== .spec.contentSecurityPolicy
+Description::
++
+--
+contentSecurityPolicy is a list of Content-Security-Policy (CSP) directives for the plugin.
+Each directive specifies a list of values, appropriate for the given directive type,
+for example a list of remote endpoints for fetch directives such as ScriptSrc.
+Console web application uses CSP to detect and mitigate certain types of attacks,
+such as cross-site scripting (XSS) and data injection attacks.
+Dynamic plugins should specify this field if need to load assets from outside
+the cluster or if violation reports are observed. Dynamic plugins should always prefer
+loading their assets from within the cluster, either by vendoring them, or fetching
+from a cluster service.
+CSP violation reports can be viewed in the browser's console logs during development and
+testing of the plugin in the OpenShift web console.
+Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc.
+Each of the available directives may be defined only once in the list.
+The value 'self' is automatically included in all fetch directives by the OpenShift web
+console's backend.
+For more information about the CSP directives, see:
+https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+
+The OpenShift web console server aggregates the CSP directives and values across
+its own default values and all enabled ConsolePlugin CRs, merging them into a single
+policy string that is sent to the browser via `Content-Security-Policy` HTTP response header.
+
+Example:
+  ConsolePlugin A directives:
+    script-src: https://script1.com/, https://script2.com/
+    font-src: https://font1.com/
+
+  ConsolePlugin B directives:
+    script-src: https://script2.com/, https://script3.com/
+    font-src: https://font2.com/
+    img-src: https://img1.com/
+
+  Unified set of CSP directives, passed to the OpenShift web console server:
+    script-src: https://script1.com/, https://script2.com/, https://script3.com/
+    font-src: https://font1.com/, https://font2.com/
+    img-src: https://img1.com/
+
+  OpenShift web console server CSP response header:
+    Content-Security-Policy: default-src 'self'; base-uri 'self'; script-src 'self' https://script1.com/ https://script2.com/ https://script3.com/; font-src 'self' https://font1.com/ https://font2.com/; img-src 'self' https://img1.com/; style-src 'self'; frame-src 'none'; object-src 'none'
+--
+
+Type::
+  `array`
+
+
+
+
+=== .spec.contentSecurityPolicy[]
+Description::
++
+--
+ConsolePluginCSP holds configuration for a specific CSP directive
+--
+
+Type::
+  `object`
+
+Required::
+  - `directive`
+  - `values`
+
+
+
+[cols="1,1,1",options="header"]
+|===
+| Property | Type | Description
+
+| `directive`
+| `string`
+| directive specifies which Content-Security-Policy directive to configure.
+Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc.
+DefaultSrc directive serves as a fallback for the other CSP fetch directives.
+For more information about the DefaultSrc directive, see:
+https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src
+ScriptSrc directive specifies valid sources for JavaScript.
+For more information about the ScriptSrc directive, see:
+https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
+StyleSrc directive specifies valid sources for stylesheets.
+For more information about the StyleSrc directive, see:
+https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
+ImgSrc directive specifies a valid sources of images and favicons.
+For more information about the ImgSrc directive, see:
+https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src
+FontSrc directive specifies valid sources for fonts loaded using @font-face.
+For more information about the FontSrc directive, see:
+https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src
+ConnectSrc directive restricts the URLs which can be loaded using script interfaces.
+For more information about the ConnectSrc directive, see:
+https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src
+
+| `values`
+| `array (string)`
+| values defines an array of values to append to the console defaults for this directive.
+Each ConsolePlugin may define their own directives with their values. These will be set
+by the OpenShift web console's backend, as part of its Content-Security-Policy header.
+The array can contain at most 16 values. Each directive value must have a maximum length
+of 1024 characters and must not contain whitespace, commas (,), semicolons (;) or single
+quotes ('). The value '*' is not permitted.
+Each value in the array must be unique.
+
 |===
 === .spec.i18n
 Description::
diff --git a/rest_api/machine_apis/machineosbuild-machineconfiguration-openshift-io-v1.adoc b/rest_api/machine_apis/machineosbuild-machineconfiguration-openshift-io-v1.adoc
@@ -272,7 +272,7 @@ and should start and end with an alphanumeric character.
 | `string`
 | resource of the referent.
 This value should consist of at most 63 characters, and of only lowercase alphanumeric characters and hyphens,
-and should start and end with an alphanumeric character.
+and should start with an alphabetic character and end with an alphanumeric character.
 Example: "deployments", "deploymentconfigs", "pods", etc.
 
 |===
@@ -404,7 +404,7 @@ and should start and end with an alphanumeric character.
 | `string`
 | resource of the referent.
 This value should consist of at most 63 characters, and of only lowercase alphanumeric characters and hyphens,
-and should start and end with an alphanumeric character.
+and should start with an alphabetic character and end with an alphanumeric character.
 Example: "deployments", "deploymentconfigs", "pods", etc.
 
 |===
diff --git a/rest_api/machine_apis/machineosconfig-machineconfiguration-openshift-io-v1.adoc b/rest_api/machine_apis/machineosconfig-machineconfiguration-openshift-io-v1.adoc
@@ -433,7 +433,7 @@ and should start and end with an alphanumeric character.
 | `string`
 | resource of the referent.
 This value should consist of at most 63 characters, and of only lowercase alphanumeric characters and hyphens,
-and should start and end with an alphanumeric character.
+and should start with an alphabetic character and end with an alphanumeric character.
 Example: "deployments", "deploymentconfigs", "pods", etc.
 
 |===
