diff --git a/.github/actions/build_cli/action.yml b/.github/actions/build_cli/action.yml
index 8daf1e0d3..b74b67456 100644
--- a/.github/actions/build_cli/action.yml
+++ b/.github/actions/build_cli/action.yml
@@ -75,8 +75,6 @@ runs:
shell: bash
run: bazel run //bazel/release:push
- # TODO(3u13r): Replace with https://github.com/sigstore/sigstore-installer/tree/initial
- # once it has the functionality
- name: Install Cosign
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
diff --git a/.github/actions/constellation_iam_create/action.yml b/.github/actions/constellation_iam_create/action.yml
index 6df998872..46c5ef939 100644
--- a/.github/actions/constellation_iam_create/action.yml
+++ b/.github/actions/constellation_iam_create/action.yml
@@ -102,7 +102,7 @@ runs:
--tf-log=DEBUG \
--yes ${extraFlags}
- # TODO(@3u13r): Replace deprecated --serviceAccountID with --prefix
+ # TODO: Replace deprecated --serviceAccountID with --prefix
- name: Constellation iam create gcp
shell: bash
if: inputs.cloudProvider == 'gcp'
diff --git a/.github/actions/container_sbom/action.yml b/.github/actions/container_sbom/action.yml
index 983fb344e..0d259003d 100644
--- a/.github/actions/container_sbom/action.yml
+++ b/.github/actions/container_sbom/action.yml
@@ -36,7 +36,7 @@ runs:
syft packages ${{ inputs.containerReference }} -o cyclonedx-json > container-image-predicate.json
cosign attest ${{ inputs.containerReference }} --key env://COSIGN_PRIVATE_KEY --predicate container-image-predicate.json --type "https://cyclonedx.org/bom" > container-image.att.json
cosign attach attestation ${{ inputs.containerReference }} --attestation container-image.att.json
- # TODO(3u13r): type should be auto-discovered after issue is resolved:
+ # TODO: type should be auto-discovered after issue is resolved:
# https://github.com/sigstore/cosign/issues/2264
cosign verify-attestation ${{ inputs.containerReference }} --type "https://cyclonedx.org/bom" --key env://COSIGN_PUBLIC_KEY
grype ${{ inputs.containerReference }} --fail-on high --only-fixed --add-cpes-if-none
diff --git a/.github/actions/e2e_test/action.yml b/.github/actions/e2e_test/action.yml
index c2a66db80..7f534ced9 100644
--- a/.github/actions/e2e_test/action.yml
+++ b/.github/actions/e2e_test/action.yml
@@ -379,7 +379,7 @@ runs:
if: inputs.test == 'sonobuoy full'
uses: ./.github/actions/e2e_sonobuoy
with:
- # TODO(3u13r): Remove E2E_SKIP once AB#2174 is resolved
+ # TODO: Remove E2E_SKIP once AB#2174 is resolved
sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol|Services should serve endpoints on same port and different protocols" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/102cd62a4091f80a795189f64ccc20738f931ef0/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/102cd62a4091f80a795189f64ccc20738f931ef0/cis-benchmarks/kube-bench-master-plugin.yaml'
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
artifactNameSuffix: ${{ steps.create-prefix.outputs.prefix }}
diff --git a/.github/actions/notify_teams/teams_payload_template.json b/.github/actions/notify_teams/teams_payload_template.json
index fbef4d36e..0354bc07b 100644
--- a/.github/actions/notify_teams/teams_payload_template.json
+++ b/.github/actions/notify_teams/teams_payload_template.json
@@ -11,14 +11,6 @@
"msteams": {
"width": "Full",
"entities": [
- {
- "type": "mention",
- "text": "elchead",
- "mentioned": {
- "id": "3931943b-8d4b-4300-ac7e-bbb06c4da27f",
- "name": "Adrian Stobbe"
- }
- },
{
"type": "mention",
"text": "msanft",
@@ -27,14 +19,6 @@
"name": "Moritz Sanft"
}
},
- {
- "type": "mention",
- "text": "3u13r",
- "mentioned": {
- "id": "26869b29-b0d6-48f8-a9ed-7a6374410a53",
- "name": "Leonard Cohnen"
- }
- },
{
"type": "mention",
"text": "daniel-weisse",
@@ -51,14 +35,6 @@
"name": "Paul Meyer"
}
},
- {
- "type": "mention",
- "text": "derpsteb",
- "mentioned": {
- "id": "a9a34611-9a38-4c00-a8a2-f87d94c2bf7d",
- "name": "Otto Bittner"
- }
- },
{
"type": "mention",
"text": "burgerdev",
diff --git a/.github/actions/pick_assignee/action.yml b/.github/actions/pick_assignee/action.yml
index e6838c89e..ed9607e77 100644
--- a/.github/actions/pick_assignee/action.yml
+++ b/.github/actions/pick_assignee/action.yml
@@ -14,7 +14,6 @@ runs:
shell: bash
run: |
possibleAssignees=(
- "elchead"
"daniel-weisse"
"msanft"
"burgerdev"
diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml
index 9ab1ebbe1..782b744a1 100644
--- a/.github/workflows/e2e-test-release.yml
+++ b/.github/workflows/e2e-test-release.yml
@@ -122,7 +122,7 @@ jobs:
# Tests on macOS runner
#
# Skipping verify test on MacOS since the runner uses a different version of sed
- # TODO(3u13r): Update verify test to work on MacOS runners
+ # TODO: Update verify test to work on MacOS runners
# - test: "verify"
# attestationVariant: "azure-sev-snp"
# kubernetes-version: "v1.31"
diff --git a/CODEOWNERS b/CODEOWNERS
index 9b9c14fcf..0172574b9 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -6,7 +6,7 @@
/cli/internal/cloudcmd @daniel-weisse
/cli/internal/cmd/upgrade* @daniel-weisse
/cli/internal/libvirt @daniel-weisse
-/cli/internal/terraform @elchead
+/cli/internal/terraform @daniel-weisse
/csi @daniel-weisse
/debugd @daniel-weisse
/disk-mapper @daniel-weisse
@@ -34,7 +34,7 @@
/internal/constellation/featureset @thomasten
/internal/constellation/helm @burgerdev
/internal/constellation/kubecmd @daniel-weisse
-/internal/constellation/state @elchead
+/internal/constellation/state @msanft
/internal/containerimage @burgerdev
/internal/crypto @thomasten
/internal/cryptsetup @daniel-weisse
@@ -50,14 +50,14 @@
/internal/osimage @msanft
/internal/retry @msanft
/internal/semver @daniel-weisse
-/internal/sigstore @elchead
+/internal/sigstore @burgerdev
/internal/staticupload @msanft
/internal/versions @msanft
/joinservice @daniel-weisse
/keyservice @daniel-weisse
/measurement-reader @daniel-weisse
/operators @msanft
-/terraform-provider-constellation @msanft @elchead
+/terraform-provider-constellation @msanft
/tools @burgerdev
/upgrade-agent @msanft
/verify @daniel-weisse
diff --git a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go
index d2ec6e78f..d5a521802 100644
--- a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go
@@ -87,7 +87,6 @@ func (k *KubernetesUtil) InstallComponents(ctx context.Context, kubernetesCompon
func (k *KubernetesUtil) InitCluster(
ctx context.Context, initConfig []byte, nodeName, clusterName string, ips []net.IP, conformanceMode bool, log *slog.Logger,
) ([]byte, error) {
- // TODO(3u13r): audit policy should be user input
auditPolicy, err := resources.NewDefaultAuditPolicy().Marshal()
if err != nil {
return nil, fmt.Errorf("generating default audit policy: %w", err)
@@ -186,7 +185,6 @@ func (k *KubernetesUtil) InitCluster(
// JoinCluster joins existing Kubernetes cluster using kubeadm join.
func (k *KubernetesUtil) JoinCluster(ctx context.Context, joinConfig []byte, log *slog.Logger) error {
- // TODO(3u13r): audit policy should be user input
auditPolicy, err := resources.NewDefaultAuditPolicy().Marshal()
if err != nil {
return fmt.Errorf("generating default audit policy: %w", err)
diff --git a/cli/internal/cloudcmd/tfvars.go b/cli/internal/cloudcmd/tfvars.go
index 98bb7bf55..f866a50cc 100644
--- a/cli/internal/cloudcmd/tfvars.go
+++ b/cli/internal/cloudcmd/tfvars.go
@@ -367,7 +367,7 @@ func qemuTerraformVars(
ImagePath: imagePath,
ImageFormat: conf.Provider.QEMU.ImageFormat,
NodeGroups: nodeGroups,
- Machine: "q35", // TODO(elchead): make configurable AB#3225
+ Machine: "q35",
MetadataAPIImage: conf.Provider.QEMU.MetadataAPIImage,
MetadataLibvirtURI: metadataLibvirtURI,
NVRAM: conf.Provider.QEMU.NVRAM,
diff --git a/cli/internal/terraform/variables.go b/cli/internal/terraform/variables.go
index 4f341f0ab..a16c830d3 100644
--- a/cli/internal/terraform/variables.go
+++ b/cli/internal/terraform/variables.go
@@ -24,11 +24,6 @@ type Variables interface {
// ClusterVariables should be used in places where a cluster is created.
type ClusterVariables interface {
Variables
- // TODO(derpsteb): Rename this function once we have introduced an interface for config.Config.
- // GetCreateMAA does not follow Go's naming convention because we need to keep the CreateMAA property public for now.
- // There are functions creating Variables objects outside of this package.
- // These functions can only be moved into this package once we have introduced an interface for config.Config,
- // since we do not want to introduce a dependency on config.Config in this package.
GetCreateMAA() bool
}
@@ -75,7 +70,6 @@ type AWSClusterVariables struct {
}
// GetCreateMAA gets the CreateMAA variable.
-// TODO(derpsteb): Rename this function once we have introduced an interface for config.Config.
func (a *AWSClusterVariables) GetCreateMAA() bool {
return false
}
@@ -148,7 +142,6 @@ type GCPClusterVariables struct {
}
// GetCreateMAA gets the CreateMAA variable.
-// TODO(derpsteb): Rename this function once we have introduced an interface for config.Config.
func (g *GCPClusterVariables) GetCreateMAA() bool {
return false
}
@@ -184,8 +177,7 @@ type GCPIAMVariables struct {
Zone string `hcl:"zone" cty:"zone"`
// ServiceAccountID is the ID of the service account to use.
ServiceAccountID string `hcl:"service_account_id" cty:"service_account_id"`
- // IAMServiceAccountVM is the ID of the service account to attach to VMs.
- // TODO(@3u13r): Eventually remove this field after v2.22 has been released.
+ // NamePrefix is a prefix applied to the service account ID and VM ID created by this configuration.
NamePrefix string `hcl:"name_prefix,optional" cty:"name_prefix"`
}
@@ -231,7 +223,6 @@ type AzureClusterVariables struct {
}
// GetCreateMAA gets the CreateMAA variable.
-// TODO(derpsteb): Rename this function once we have introduced an interface for config.Config.
func (a *AzureClusterVariables) GetCreateMAA() bool {
if a.CreateMAA == nil {
return false
@@ -316,7 +307,6 @@ type OpenStackClusterVariables struct {
}
// GetCreateMAA gets the CreateMAA variable.
-// TODO(derpsteb): Rename this function once we have introduced an interface for config.Config.
func (o *OpenStackClusterVariables) GetCreateMAA() bool {
return false
}
@@ -389,7 +379,6 @@ type QEMUVariables struct {
}
// GetCreateMAA gets the CreateMAA variable.
-// TODO(derpsteb): Rename this function once we have introduced an interface for config.Config.
func (q *QEMUVariables) GetCreateMAA() bool {
return false
}
diff --git a/dev-docs/miniconstellation/setup-miniconstellation.sh b/dev-docs/miniconstellation/setup-miniconstellation.sh
index fcc15d429..cbbd5d266 100755
--- a/dev-docs/miniconstellation/setup-miniconstellation.sh
+++ b/dev-docs/miniconstellation/setup-miniconstellation.sh
@@ -5,7 +5,6 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c
sudo install constellation-linux-amd64 /usr/local/bin/constellation
# Start docker service and auto start on boot
-# TODO(elchead) should be done in cloud-init but was not done in my test case
sudo systemctl start docker.service && sudo systemctl enable docker.service
echo "Waiting for docker service to be active..."
# Wait at most 20min
diff --git a/internal/cloud/azure/azure.go b/internal/cloud/azure/azure.go
index e0ee19750..b15d2d84f 100644
--- a/internal/cloud/azure/azure.go
+++ b/internal/cloud/azure/azure.go
@@ -392,8 +392,8 @@ func (c *Cloud) getLoadBalancerPublicIP(ctx context.Context) (string, error) {
}
/*
-// TODO(malt3): uncomment and use as soon as we switch the primary endpoint to DNS.
-// Addition from 3u13r: We have to think about how to handle DNS for internal load balancers
+// TODO: uncomment and use as soon as we switch the primary endpoint to DNS.
+// We have to think about how to handle DNS for internal load balancers
// that only have a private IP address and therefore no DNS name by default.
//
// getLoadBalancerDNSName retrieves the dns name of the load balancer.
diff --git a/internal/config/config_test.go b/internal/config/config_test.go
index f7ce59377..f4f3bf343 100644
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@@ -333,7 +333,7 @@ func TestValidate(t *testing.T) {
const awsErrCount = 8
const gcpErrCount = 8
- // TODO(AB#3132,3u13r): refactor config validation tests
+ // TODO(AB#3132): refactor config validation tests
// Note that the `cnf.Image = ""` is a hack to align `bazel test` with `go test` behavior
// since first does version stamping.
testCases := map[string]struct {
diff --git a/internal/config/migration/migration.go b/internal/config/migration/migration.go
index d8fdd659c..471083fd7 100644
--- a/internal/config/migration/migration.go
+++ b/internal/config/migration/migration.go
@@ -140,10 +140,6 @@ type AWSSEVSNP struct {
// description: |
// Expected TPM measurements.
Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"`
- // TODO(derpsteb): reenable launchMeasurement once SNP is fixed on AWS.
- // description: |
- // Expected launch measurement in SNP report.
- // LaunchMeasurement measurements.Measurement `json:"launchMeasurement" yaml:"launchMeasurement" validate:"required"`
}
// AWSNitroTPM is the configuration for AWS Nitro TPM attestation.
diff --git a/internal/constellation/helm/overrides.go b/internal/constellation/helm/overrides.go
index fdadaac88..5e4240359 100644
--- a/internal/constellation/helm/overrides.go
+++ b/internal/constellation/helm/overrides.go
@@ -48,7 +48,7 @@ func extraCiliumValues(provider cloudprovider.Provider, conformanceMode bool, ou
extraVals := map[string]any{}
strictMode := map[string]any{}
- // TODO(@3u13r): Once we are able to set the subnet of the load balancer VMs
+ // TODO: Once we are able to set the subnet of the load balancer VMs
// on STACKIT, we can remove the OpenStack exception here.
if provider != cloudprovider.QEMU && provider != cloudprovider.OpenStack {
strictMode = map[string]any{
diff --git a/s3proxy/cmd/main.go b/s3proxy/cmd/main.go
index b0a017856..587605bb2 100644
--- a/s3proxy/cmd/main.go
+++ b/s3proxy/cmd/main.go
@@ -40,13 +40,6 @@ func main() {
panic(err)
}
- // logLevel can be made a public variable so logging level can be changed dynamically.
- // TODO (derpsteb): enable once we are on go 1.21.
- // logLevel := new(slog.LevelVar)
- // handler := slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{Level: logLevel})
- // logger := slog.New(handler)
- // logLevel.Set(flags.logLevel)
-
logger := logger.NewJSONLogger(logger.VerbosityFromInt(flags.logLevel))
if flags.forwardMultipartReqs {
@@ -110,12 +103,6 @@ func parseFlags() (cmdFlags, error) {
return cmdFlags{}, fmt.Errorf("not a valid IPv4 address: %s", *ip)
}
- // TODO(derpsteb): enable once we are on go 1.21.
- // logLevel := new(slog.Level)
- // if err := logLevel.UnmarshalText([]byte(*level)); err != nil {
- // return cmdFlags{}, fmt.Errorf("parsing log level: %w", err)
- // }
-
return cmdFlags{
noTLS: *noTLS,
ip: netIP.String(),
@@ -134,7 +121,5 @@ type cmdFlags struct {
certLocation string
kmsEndpoint string
forwardMultipartReqs bool
- // TODO(derpsteb): enable once we are on go 1.21.
- // logLevel slog.Level
- logLevel int
+ logLevel int
}
diff --git a/terraform/infrastructure/aws/modules/instance_group/main.tf b/terraform/infrastructure/aws/modules/instance_group/main.tf
index 5a271c970..f2ae997ea 100644
--- a/terraform/infrastructure/aws/modules/instance_group/main.tf
+++ b/terraform/infrastructure/aws/modules/instance_group/main.tf
@@ -51,15 +51,6 @@ resource "aws_launch_template" "launch_template" {
# use "disabled" to disable SEV-SNP (but still require SNP-capable hardware)
# use null to leave the setting unset (allows non-SNP-capable hardware to be used)
amd_sev_snp = var.enable_snp ? "enabled" : null
- # Disable SMT. We are already disabling it inside the image.
- # Disabling SMT only in the image, not in the Hypervisor creates problems.
- # Thus, also disable it in the Hypervisor.
- # TODO(derpsteb): reenable once AWS confirms it's safe to do so.
- # threads_per_core = 1
- # When setting threads_per_core we also have to set core_count.
- # For the currently supported SNP instance families (C6a, M6a, R6a) default_cores
- # equals the maximum number of available cores.
- # core_count = data.aws_ec2_instance_type.instance_data.default_cores
}
lifecycle {
diff --git a/terraform/infrastructure/azure/main.tf b/terraform/infrastructure/azure/main.tf
index 490c57cd0..b062010ce 100644
--- a/terraform/infrastructure/azure/main.tf
+++ b/terraform/infrastructure/azure/main.tf
@@ -182,7 +182,6 @@ module "loadbalancer_backend_control_plane" {
}
# We cannot delete them right away since we first need to to delete the dependency from the VMSS to this backend pool.
-# TODO(@3u13r): Remove this resource after v2.18.0 has been released.
module "loadbalancer_backend_worker" {
source = "./modules/load_balancer_backend"
@@ -193,7 +192,6 @@ module "loadbalancer_backend_worker" {
}
# We cannot delete them right away since we first need to to delete the dependency from the VMSS to this backend pool.
-# TODO(@3u13r): Remove this resource after v2.18.0 has been released.
resource "azurerm_lb_backend_address_pool" "all" {
loadbalancer_id = azurerm_lb.loadbalancer.id
name = "${var.name}-all"
@@ -234,7 +232,6 @@ resource "azurerm_network_security_rule" "nsg_rule" {
for_each = {
for o in local.ports : o.name => o
}
- # TODO(elchead): v2.20.0: remove name suffix and priority offset. Might need to add create_before_destroy to the NSG rule.
name = "${each.value.name}-new"
priority = each.value.priority + 10 # offset to not overlap with old rules
direction = "Inbound"