[OTA-1545] Extend ClusterVersion for accepted risks

- Add a new field 'clusterversion.spec.desiredUpdate.accept': It contains
  the names of conditional update risks that are considered acceptable.
- Move `clusterversion.status.conditionalUpdates.risks` two levels up as
  `clusterversion.status.conditionalUpdateRisks`. It contains all the risks
  for `clusterversion.status.conditionalUpdates`.
- Add a new field 'clusterversion.status.conditionalUpdates.riskNames': It
  contains the names of risk for the conditional update. It deprecates
  `clusterversion.status.conditionalUpdates.risks`.

Author: hongkailiu

config/v1/types_cluster_version.go

@@ -199,6 +199,18 @@ type ClusterVersionStatus struct {
 	// +listType=atomic
 	// +optional
 	ConditionalUpdates []ConditionalUpdate `json:"conditionalUpdates,omitempty"`
+
+	// conditionalUpdateRisks represent issues for ConditionalUpdates.
+	// The cluster-version operator will evaluate all risks associated to a conditional
+	// update when it is the desired update and only accept it if all its associated
+	// risks are in "spec.desiredUpdate.accept".
+	// +kubebuilder:validation:MaxItems=1000
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=name
+	// +optional
+	ConditionalUpdateRisks []ConditionalUpdateRisk `json:"conditionalUpdateRisks,omitempty" patchStrategy:"merge" patchMergeKey:"name"`
 }
 
 // UpdateState is a constant representing whether an update was successfully
@@ -255,10 +267,11 @@ type UpdateHistory struct {
 	Verified bool `json:"verified"`
 
 	// acceptedRisks records risks which were accepted to initiate the update.
-	// For example, it may menition an Upgradeable=False or missing signature
-	// that was overriden via desiredUpdate.force, or an update that was
+	// For example, it may mention an Upgradeable=False or missing signature
+	// that was overridden via desiredUpdate.force, or an update that was
 	// initiated despite not being in the availableUpdates set of recommended
-	// update targets.
+	// update targets, or in the conditionUpdates set and all associated risks
+	// are specified in "spec.desiredUpdate.accept".
 	// +optional
 	AcceptedRisks string `json:"acceptedRisks,omitempty"`
 }
@@ -725,6 +738,13 @@ type Update struct {
 	//
 	// +optional
 	Force bool `json:"force"`
+
+	// accept allows an administrator to specify the names of ConditionalUpdateRisk
+	// those are considered acceptable. A conditional update is accepted by Cluster-Version
+	// operator only if all of its risks are acceptable.
+	//
+	// +optional
+	Accept []string `json:"accept"`
 }
 
 // Release represents an OpenShift release image and associated metadata.
@@ -780,11 +800,19 @@ type ConditionalUpdate struct {
 	// +required
 	Release Release `json:"release"`
 
-	// risks represents the range of issues associated with
+	// riskNames are names of status.conditionalUpdateRisks
+	// that are associated with the release in a ConditionalUpdate
+	// +kubebuilder:validation:MinItems=1
+	// +listType=set
+	// +required
+	RiskNames []string `json:"riskNames"`
+
+	// risks represent the range of issues associated with
 	// updating to the target release. The cluster-version
 	// operator will evaluate all entries, and only recommend the
 	// update if there is at least one entry and all entries
 	// recommend the update.
+	// DEPRECATED: the risks has been deprecated by riskNames and will be removed in a future release.
 	// +kubebuilder:validation:MinItems=1
 	// +patchMergeKey=name
 	// +patchStrategy=merge