remove deprecated constellation create flags (#2325)

* chore: clean-up TODOs * cli: make OpenStack error explicit * cli: remove deprecated flags * config: require DeployCSIDriver field
2025-08-02 20:16:15 -04:00 · 2023-09-08 21:15:02 +02:00 · 2023-09-08 21:15:02 +02:00 · a25c90e9bb
commit a25c90e9bb
parent 5960025da7
14 changed files with 56 additions and 134 deletions
--- a/3rdparty/bazel/org_openssl/BUILD.bazel
+++ b/3rdparty/bazel/org_openssl/BUILD.bazel
@ -18,7 +18,6 @@ cc_test(
        ],
        "//conditions:default": [],
    }),
-    # TODO support OpenSSL on Mac
    target_compatible_with = [
        "@platforms//os:linux",
    ],
@ -27,7 +26,6 @@ cc_test(

 build_test(
    name = "build_test",
-    # TODO support OpenSSL on Mac
    target_compatible_with = [
        "@platforms//os:linux",
    ],
--- a/cli/internal/cloudcmd/create.go
+++ b/cli/internal/cloudcmd/create.go
@ -200,9 +200,8 @@ func normalizeAzureURIs(vars *terraform.AzureClusterVariables) *terraform.AzureC
 }

 func (c *Creator) createOpenStack(ctx context.Context, cl tfResourceClient, opts CreateOptions) (tfOutput terraform.ApplyOutput, retErr error) {
-	// TODO(malt3): Remove this once OpenStack is supported.
 	if os.Getenv("CONSTELLATION_OPENSTACK_DEV") != "1" {
-		return terraform.ApplyOutput{}, errors.New("OpenStack isn't supported yet")
+		return terraform.ApplyOutput{}, errors.New("Constellation must be fine-tuned to your OpenStack deployment. Please create an issue or contact Edgeless Systems at https://edgeless.systems/contact/")
 	}
 	if _, hasOSAuthURL := os.LookupEnv("OS_AUTH_URL"); !hasOSAuthURL && opts.Config.Provider.OpenStack.Cloud == "" {
 		return terraform.ApplyOutput{}, errors.New(
--- a/cli/internal/cloudcmd/create_test.go
+++ b/cli/internal/cloudcmd/create_test.go
@ -21,7 +21,6 @@ import (
 )

 func TestCreator(t *testing.T) {
-	// TODO(malt3): remove once OpenStack is fully supported.
 	t.Setenv("CONSTELLATION_OPENSTACK_DEV", "1")
 	failOnNonAMD64 := (runtime.GOARCH != "amd64") || (runtime.GOOS != "linux")
 	ip := "192.0.2.1"
--- a/cli/internal/cmd/create.go
+++ b/cli/internal/cmd/create.go
@ -35,11 +35,6 @@ func NewCreateCmd() *cobra.Command {
 		RunE:  runCreate,
 	}
 	cmd.Flags().BoolP("yes", "y", false, "create the cluster without further confirmation")
-	// TODO(malt3): remove deprecated flags in v2.11+
-	cmd.Flags().IntP("control-plane-nodes", "c", 0, "number of control-plane nodes")
-	cmd.Flags().IntP("worker-nodes", "w", 0, "number of worker nodes")
-	must(cmd.Flags().MarkDeprecated("control-plane-nodes", "configure the number of control-plane nodes in the configuration file"))
-	must(cmd.Flags().MarkDeprecated("worker-nodes", "configure the number of worker nodes in the configuration file"))
 	return cmd
 }

--- a/cli/internal/cmd/create_test.go
+++ b/cli/internal/cmd/create_test.go
@ -9,7 +9,6 @@ package cmd
 import (
 	"bytes"
 	"errors"
-	"strconv"
 	"testing"

 	"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
@ -49,24 +48,18 @@ func TestCreate(t *testing.T) {
 			setupFs:  fsWithDefaultConfig,
 			creator:  &stubCloudCreator{id: idFile},
 			provider: cloudprovider.GCP,
-			controllerCountFlag: intPtr(1),
-			workerCountFlag:     intPtr(2),
 			yesFlag:  true,
 		},
 		"interactive": {
 			setupFs:  fsWithDefaultConfig,
 			creator:  &stubCloudCreator{id: idFile},
 			provider: cloudprovider.Azure,
-			controllerCountFlag: intPtr(2),
-			workerCountFlag:     intPtr(1),
 			stdin:    "yes\n",
 		},
 		"interactive abort": {
 			setupFs:   fsWithDefaultConfig,
 			creator:   &stubCloudCreator{},
 			provider:  cloudprovider.GCP,
-			controllerCountFlag: intPtr(1),
-			workerCountFlag:     intPtr(1),
 			stdin:     "no\n",
 			wantAbort: true,
 		},
@ -74,41 +67,9 @@ func TestCreate(t *testing.T) {
 			setupFs:  fsWithDefaultConfig,
 			creator:  &stubCloudCreator{},
 			provider: cloudprovider.GCP,
-			controllerCountFlag: intPtr(1),
-			workerCountFlag:     intPtr(1),
 			stdin:    "foo\nfoo\nfoo\n",
 			wantErr:  true,
 		},
-		"flag control-plane-count invalid": {
-			setupFs:             fsWithDefaultConfig,
-			creator:             &stubCloudCreator{},
-			provider:            cloudprovider.GCP,
-			controllerCountFlag: intPtr(0),
-			workerCountFlag:     intPtr(3),
-			wantErr:             true,
-		},
-		"flag worker-count invalid": {
-			setupFs:             fsWithDefaultConfig,
-			creator:             &stubCloudCreator{},
-			provider:            cloudprovider.GCP,
-			controllerCountFlag: intPtr(3),
-			workerCountFlag:     intPtr(0),
-			wantErr:             true,
-		},
-		"flag control-plane-count missing": {
-			setupFs:         fsWithDefaultConfig,
-			creator:         &stubCloudCreator{},
-			provider:        cloudprovider.GCP,
-			workerCountFlag: intPtr(3),
-			wantErr:         true,
-		},
-		"flag worker-count missing": {
-			setupFs:             fsWithDefaultConfig,
-			creator:             &stubCloudCreator{},
-			provider:            cloudprovider.GCP,
-			controllerCountFlag: intPtr(3),
-			wantErr:             true,
-		},
 		"old adminConf in directory": {
 			setupFs: func(require *require.Assertions, csp cloudprovider.Provider) afero.Fs {
 				fs := afero.NewMemMapFs()
@ -119,8 +80,6 @@ func TestCreate(t *testing.T) {
 			},
 			creator:  &stubCloudCreator{},
 			provider: cloudprovider.GCP,
-			controllerCountFlag: intPtr(1),
-			workerCountFlag:     intPtr(1),
 			yesFlag:  true,
 			wantErr:  true,
 		},
@ -134,8 +93,6 @@ func TestCreate(t *testing.T) {
 			},
 			creator:  &stubCloudCreator{},
 			provider: cloudprovider.GCP,
-			controllerCountFlag: intPtr(1),
-			workerCountFlag:     intPtr(1),
 			yesFlag:  true,
 			wantErr:  true,
 		},
@ -143,8 +100,6 @@ func TestCreate(t *testing.T) {
 			setupFs:  func(a *require.Assertions, p cloudprovider.Provider) afero.Fs { return afero.NewMemMapFs() },
 			creator:  &stubCloudCreator{},
 			provider: cloudprovider.GCP,
-			controllerCountFlag: intPtr(1),
-			workerCountFlag:     intPtr(1),
 			yesFlag:  true,
 			wantErr:  true,
 		},
@ -152,8 +107,6 @@ func TestCreate(t *testing.T) {
 			setupFs:  fsWithDefaultConfig,
 			creator:  &stubCloudCreator{createErr: someErr},
 			provider: cloudprovider.GCP,
-			controllerCountFlag: intPtr(1),
-			workerCountFlag:     intPtr(1),
 			yesFlag:  true,
 			wantErr:  true,
 		},
@ -166,8 +119,6 @@ func TestCreate(t *testing.T) {
 			},
 			creator:  &stubCloudCreator{},
 			provider: cloudprovider.GCP,
-			controllerCountFlag: intPtr(1),
-			workerCountFlag:     intPtr(1),
 			yesFlag:  true,
 			wantErr:  true,
 		},
@ -189,12 +140,6 @@ func TestCreate(t *testing.T) {
 			if tc.yesFlag {
 				require.NoError(cmd.Flags().Set("yes", "true"))
 			}
-			if tc.controllerCountFlag != nil {
-				require.NoError(cmd.Flags().Set("control-plane-nodes", strconv.Itoa(*tc.controllerCountFlag)))
-			}
-			if tc.workerCountFlag != nil {
-				require.NoError(cmd.Flags().Set("worker-nodes", strconv.Itoa(*tc.workerCountFlag)))
-			}

 			fileHandler := file.NewHandler(tc.setupFs(require, tc.provider))
 			c := &createCmd{log: logger.NewTest(t)}
@ -332,7 +277,3 @@ func TestValidateCLIandConstellationVersionCompatibility(t *testing.T) {
 		})
 	}
 }
-
-func intPtr(i int) *int {
-	return &i
-}
--- a/cli/internal/cmd/upgradeapply_test.go
+++ b/cli/internal/cmd/upgradeapply_test.go
@ -209,7 +209,7 @@ func (u *stubKubernetesUpgrader) ExtendClusterConfigCertSANs(_ context.Context,
 	return nil
 }

-// TODO(v2.11): Remove this function.
+// TODO(v2.11): Remove this function after v2.11 is released.
 func (u *stubKubernetesUpgrader) RemoveAttestationConfigHelmManagement(_ context.Context) error {
 	return nil
 }
--- a/cli/internal/kubecmd/backup.go
+++ b/cli/internal/kubecmd/backup.go
@ -66,7 +66,7 @@ func (k *KubeCmd) BackupCRs(ctx context.Context, crds []apiextensionsv1.CustomRe
 		k.log.Debugf("Creating backup for resource type: %s", crd.Name)

 		// Iterate over all versions of the CRD
-		// TODO: Consider iterating over crd.Status.StoredVersions instead
+		// TODO(daniel-weisse): Consider iterating over crd.Status.StoredVersions instead
 		// Currently, we have to ignore not-found errors, because a CRD might define
 		// a version that is not installed in the cluster.
 		// With the StoredVersions field, we could only iterate over the installed versions.
--- a/dev-docs/miniconstellation/setup-miniconstellation.sh
+++ b/dev-docs/miniconstellation/setup-miniconstellation.sh
@ -5,7 +5,7 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c
 sudo install constellation-linux-amd64 /usr/local/bin/constellation

 # Start docker service and auto start on boot
-# TODO should be done in cloud-init but was not done in my test case
+# TODO(elchead) should be done in cloud-init but was not done in my test case
 sudo systemctl start docker.service && sudo systemctl enable docker.service
 echo "Waiting for docker service to be active..."
 # Wait at most 20min
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -130,7 +130,7 @@ type AWSConfig struct {
 	IAMProfileWorkerNodes string `yaml:"iamProfileWorkerNodes" validate:"required"`
 	// description: |
 	//   Deploy Persistent Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage
-	DeployCSIDriver *bool `yaml:"deployCSIDriver"` // TODO (msanft): after v2.9 release re-enable "required" validation
+	DeployCSIDriver *bool `yaml:"deployCSIDriver" validate:"required"`
 }

 // AzureConfig are Azure specific configuration values used by the CLI.
@ -472,16 +472,6 @@ func New(fileHandler file.Handler, name string, fetcher attestationconfigapi.Fet
 		c.Provider.OpenStack.Password = openstackPassword
 	}

-	// Backwards compatibility: configs without the field `deployCSIDriver` are valid in version 2.8.
-	// TODO (msanft): v2.9. Remove after v2.9 release.
-	if c.Provider.AWS != nil && c.Provider.AWS.DeployCSIDriver == nil {
-		fmt.Fprintln(
-			os.Stderr,
-			"WARNING: 'provider.aws.deployCSIDriver' not set. The key will be required in v2.10. Defaulting to 'false'.",
-		)
-		c.Provider.AWS.DeployCSIDriver = toPtr(false)
-	}
-
 	return c, c.Validate(force)
 }

--- a/internal/config/config_doc.go
+++ b/internal/config/config_doc.go
@ -155,7 +155,7 @@ func init() {
 	AWSConfigDoc.Fields[3].Comments[encoder.LineComment] = "Name of the IAM profile to use for the worker nodes."
 	AWSConfigDoc.Fields[4].Name = "deployCSIDriver"
 	AWSConfigDoc.Fields[4].Type = "bool"
-	AWSConfigDoc.Fields[4].Note = "TODO (msanft): after v2.9 release re-enable \"required\" validation\n"
+	AWSConfigDoc.Fields[4].Note = ""
 	AWSConfigDoc.Fields[4].Description = "Deploy Persistent Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage"
 	AWSConfigDoc.Fields[4].Comments[encoder.LineComment] = "Deploy Persistent Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage"