Remove old codeowners (#3875)

* remove elchead from codeowners * remove left over assignments to 3u13r * remove leftover assignments to derpsteb --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-07-23 15:30:44 -04:00 · 2025-07-07 10:28:34 +02:00 · 2025-07-07 10:28:34 +02:00 · da6468e536
commit da6468e536
parent b76535b4d1
19 changed files with 15 additions and 87 deletions
--- a/.github/actions/build_cli/action.yml
+++ b/.github/actions/build_cli/action.yml
@ -75,8 +75,6 @@ runs:
      shell: bash
      run: bazel run //bazel/release:push
    # TODO(3u13r): Replace with https://github.com/sigstore/sigstore-installer/tree/initial
    # once it has the functionality
    - name: Install Cosign
      if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
      uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
--- a/.github/actions/constellation_iam_create/action.yml
+++ b/.github/actions/constellation_iam_create/action.yml
@ -102,7 +102,7 @@ runs:
          --tf-log=DEBUG \
          --yes ${extraFlags}
-    # TODO(@3u13r): Replace deprecated --serviceAccountID with --prefix
+    # TODO: Replace deprecated --serviceAccountID with --prefix
    - name: Constellation iam create gcp
      shell: bash
      if: inputs.cloudProvider == 'gcp'
--- a/.github/actions/container_sbom/action.yml
+++ b/.github/actions/container_sbom/action.yml
@ -36,7 +36,7 @@ runs:
        syft packages ${{ inputs.containerReference }} -o cyclonedx-json > container-image-predicate.json
        cosign attest ${{ inputs.containerReference }} --key env://COSIGN_PRIVATE_KEY --predicate container-image-predicate.json --type "https://cyclonedx.org/bom" > container-image.att.json
        cosign attach attestation ${{ inputs.containerReference }} --attestation container-image.att.json
-        # TODO(3u13r): type should be auto-discovered after issue is resolved:
+        # TODO: type should be auto-discovered after issue is resolved:
        # https://github.com/sigstore/cosign/issues/2264
        cosign verify-attestation ${{ inputs.containerReference }} --type "https://cyclonedx.org/bom" --key env://COSIGN_PUBLIC_KEY
        grype ${{ inputs.containerReference }} --fail-on high --only-fixed --add-cpes-if-none
--- a/.github/actions/e2e_test/action.yml
+++ b/.github/actions/e2e_test/action.yml
@ -379,7 +379,7 @@ runs:
      if: inputs.test == 'sonobuoy full'
      uses: ./.github/actions/e2e_sonobuoy
      with:
-        # TODO(3u13r): Remove E2E_SKIP once AB#2174 is resolved
+        # TODO: Remove E2E_SKIP once AB#2174 is resolved
        sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol|Services should serve endpoints on same port and different protocols" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/102cd62a4091f80a795189f64ccc20738f931ef0/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/102cd62a4091f80a795189f64ccc20738f931ef0/cis-benchmarks/kube-bench-master-plugin.yaml'
        kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
        artifactNameSuffix: ${{ steps.create-prefix.outputs.prefix }}
--- a/.github/actions/notify_teams/teams_payload_template.json
+++ b/.github/actions/notify_teams/teams_payload_template.json
@ -11,14 +11,6 @@
                "msteams": {
                    "width": "Full",
                    "entities": [
                        {
                            "type": "mention",
                            "text": "<at>elchead</at>",
                            "mentioned": {
                                "id": "3931943b-8d4b-4300-ac7e-bbb06c4da27f",
                                "name": "Adrian Stobbe"
                            }
                        },
                        {
                            "type": "mention",
                            "text": "<at>msanft</at>",
@ -27,14 +19,6 @@
                                "name": "Moritz Sanft"
                            }
                        },
                        {
                            "type": "mention",
                            "text": "<at>3u13r</at>",
                            "mentioned": {
                                "id": "26869b29-b0d6-48f8-a9ed-7a6374410a53",
                                "name": "Leonard Cohnen"
                            }
                        },
                        {
                            "type": "mention",
                            "text": "<at>daniel-weisse</at>",
@ -51,14 +35,6 @@
                                "name": "Paul Meyer"
                            }
                        },
                        {
                            "type": "mention",
                            "text": "<at>derpsteb</at>",
                            "mentioned": {
                                "id": "a9a34611-9a38-4c00-a8a2-f87d94c2bf7d",
                                "name": "Otto Bittner"
                            }
                        },
                        {
                            "type": "mention",
                            "text": "<at>burgerdev</at>",
--- a/.github/actions/pick_assignee/action.yml
+++ b/.github/actions/pick_assignee/action.yml
@ -14,7 +14,6 @@ runs:
      shell: bash
      run: |
        possibleAssignees=(
          "elchead"
          "daniel-weisse"
          "msanft"
          "burgerdev"
--- a/.github/workflows/e2e-test-release.yml
+++ b/.github/workflows/e2e-test-release.yml
@ -122,7 +122,7 @@ jobs:
          # Tests on macOS runner
          #
          # Skipping verify test on MacOS since the runner uses a different version of sed
-          # TODO(3u13r): Update verify test to work on MacOS runners
+          # TODO: Update verify test to work on MacOS runners
          # - test: "verify"
          #  attestationVariant: "azure-sev-snp"
          #  kubernetes-version: "v1.31"
--- a/8
+++ b/8
@ -6,7 +6,7 @@
 /cli/internal/cloudcmd @daniel-weisse
 /cli/internal/cmd/upgrade* @daniel-weisse
 /cli/internal/libvirt @daniel-weisse
-/cli/internal/terraform @elchead
+/cli/internal/terraform @daniel-weisse
 /csi @daniel-weisse
 /debugd @daniel-weisse
 /disk-mapper @daniel-weisse
@ -34,7 +34,7 @@
 /internal/constellation/featureset @thomasten
 /internal/constellation/helm @burgerdev
 /internal/constellation/kubecmd @daniel-weisse
-/internal/constellation/state @elchead
+/internal/constellation/state @msanft
 /internal/containerimage @burgerdev
 /internal/crypto @thomasten
 /internal/cryptsetup @daniel-weisse
@ -50,14 +50,14 @@
 /internal/osimage @msanft
 /internal/retry @msanft
 /internal/semver @daniel-weisse
-/internal/sigstore @elchead
+/internal/sigstore @burgerdev
 /internal/staticupload @msanft
 /internal/versions @msanft
 /joinservice @daniel-weisse
 /keyservice @daniel-weisse
 /measurement-reader @daniel-weisse
 /operators @msanft
-/terraform-provider-constellation @msanft @elchead
+/terraform-provider-constellation @msanft
 /tools @burgerdev
 /upgrade-agent @msanft
 /verify @daniel-weisse
--- a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go
@ -87,7 +87,6 @@ func (k *KubernetesUtil) InstallComponents(ctx context.Context, kubernetesCompon
 func (k *KubernetesUtil) InitCluster(
 	ctx context.Context, initConfig []byte, nodeName, clusterName string, ips []net.IP, conformanceMode bool, log *slog.Logger,
 ) ([]byte, error) {
 	// TODO(3u13r): audit policy should be user input
 	auditPolicy, err := resources.NewDefaultAuditPolicy().Marshal()
 	if err != nil {
 		return nil, fmt.Errorf("generating default audit policy: %w", err)
@ -186,7 +185,6 @@ func (k *KubernetesUtil) InitCluster(
 // JoinCluster joins existing Kubernetes cluster using kubeadm join.
 func (k *KubernetesUtil) JoinCluster(ctx context.Context, joinConfig []byte, log *slog.Logger) error {
 	// TODO(3u13r): audit policy should be user input
 	auditPolicy, err := resources.NewDefaultAuditPolicy().Marshal()
 	if err != nil {
 		return fmt.Errorf("generating default audit policy: %w", err)
--- a/cli/internal/cloudcmd/tfvars.go
+++ b/cli/internal/cloudcmd/tfvars.go
@ -367,7 +367,7 @@ func qemuTerraformVars(
 		ImagePath:          imagePath,
 		ImageFormat:        conf.Provider.QEMU.ImageFormat,
 		NodeGroups:         nodeGroups,
-		Machine:            "q35", // TODO(elchead): make configurable AB#3225
+		Machine:            "q35",
 		MetadataAPIImage:   conf.Provider.QEMU.MetadataAPIImage,
 		MetadataLibvirtURI: metadataLibvirtURI,
 		NVRAM:              conf.Provider.QEMU.NVRAM,
--- a/cli/internal/terraform/variables.go
+++ b/cli/internal/terraform/variables.go
@ -24,11 +24,6 @@ type Variables interface {
 // ClusterVariables should be used in places where a cluster is created.
 type ClusterVariables interface {
 	Variables
 	// TODO(derpsteb): Rename this function once we have introduced an interface for config.Config.
 	// GetCreateMAA does not follow Go's naming convention because we need to keep the CreateMAA property public for now.
 	// There are functions creating Variables objects outside of this package.
 	// These functions can only be moved into this package once we have introduced an interface for config.Config,
 	// since we do not want to introduce a dependency on config.Config in this package.
 	GetCreateMAA() bool
 }
@ -75,7 +70,6 @@ type AWSClusterVariables struct {
 }
 // GetCreateMAA gets the CreateMAA variable.
 // TODO(derpsteb): Rename this function once we have introduced an interface for config.Config.
 func (a *AWSClusterVariables) GetCreateMAA() bool {
 	return false
 }
@ -148,7 +142,6 @@ type GCPClusterVariables struct {
 }
 // GetCreateMAA gets the CreateMAA variable.
 // TODO(derpsteb): Rename this function once we have introduced an interface for config.Config.
 func (g *GCPClusterVariables) GetCreateMAA() bool {
 	return false
 }
@ -184,8 +177,7 @@ type GCPIAMVariables struct {
 	Zone string `hcl:"zone" cty:"zone"`
 	// ServiceAccountID is the ID of the service account to use.
 	ServiceAccountID string `hcl:"service_account_id" cty:"service_account_id"`
-	// IAMServiceAccountVM is the ID of the service account to attach to VMs.
+	// NamePrefix is a prefix applied to the service account ID and VM ID created by this configuration.
 	// TODO(@3u13r): Eventually remove this field after v2.22 has been released.
 	NamePrefix string `hcl:"name_prefix,optional" cty:"name_prefix"`
 }
@ -231,7 +223,6 @@ type AzureClusterVariables struct {
 }
 // GetCreateMAA gets the CreateMAA variable.
 // TODO(derpsteb): Rename this function once we have introduced an interface for config.Config.
 func (a *AzureClusterVariables) GetCreateMAA() bool {
 	if a.CreateMAA == nil {
 		return false
@ -316,7 +307,6 @@ type OpenStackClusterVariables struct {
 }
 // GetCreateMAA gets the CreateMAA variable.
 // TODO(derpsteb): Rename this function once we have introduced an interface for config.Config.
 func (o *OpenStackClusterVariables) GetCreateMAA() bool {
 	return false
 }
@ -389,7 +379,6 @@ type QEMUVariables struct {
 }
 // GetCreateMAA gets the CreateMAA variable.
 // TODO(derpsteb): Rename this function once we have introduced an interface for config.Config.
 func (q *QEMUVariables) GetCreateMAA() bool {
 	return false
 }
--- a/dev-docs/miniconstellation/setup-miniconstellation.sh
+++ b/dev-docs/miniconstellation/setup-miniconstellation.sh
@ -5,7 +5,6 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c
 sudo install constellation-linux-amd64 /usr/local/bin/constellation
 # Start docker service and auto start on boot
 # TODO(elchead) should be done in cloud-init but was not done in my test case
 sudo systemctl start docker.service && sudo systemctl enable docker.service
 echo "Waiting for docker service to be active..."
 # Wait at most 20min
--- a/internal/cloud/azure/azure.go
+++ b/internal/cloud/azure/azure.go
@ -392,8 +392,8 @@ func (c *Cloud) getLoadBalancerPublicIP(ctx context.Context) (string, error) {
 }
 /*
-// TODO(malt3): uncomment and use as soon as we switch the primary endpoint to DNS.
+// TODO: uncomment and use as soon as we switch the primary endpoint to DNS.
-// Addition from 3u13r: We have to think about how to handle DNS for internal load balancers
+// We have to think about how to handle DNS for internal load balancers
 // that only have a private IP address and therefore no DNS name by default.
 //
 // getLoadBalancerDNSName retrieves the dns name of the load balancer.
--- a/internal/config/config_test.go
+++ b/internal/config/config_test.go
@ -333,7 +333,7 @@ func TestValidate(t *testing.T) {
 	const awsErrCount = 8
 	const gcpErrCount = 8
-	// TODO(AB#3132,3u13r): refactor config validation tests
+	// TODO(AB#3132): refactor config validation tests
 	// Note that the `cnf.Image = ""` is a hack to align `bazel test` with `go test` behavior
 	// since first does version stamping.
 	testCases := map[string]struct {
--- a/internal/config/migration/migration.go
+++ b/internal/config/migration/migration.go
@ -140,10 +140,6 @@ type AWSSEVSNP struct {
 	// description: |
 	//   Expected TPM measurements.
 	Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"`
 	// TODO(derpsteb): reenable launchMeasurement once SNP is fixed on AWS.
 	// description: |
 	//   Expected launch measurement in SNP report.
 	// LaunchMeasurement measurements.Measurement `json:"launchMeasurement" yaml:"launchMeasurement" validate:"required"`
 }
 // AWSNitroTPM is the configuration for AWS Nitro TPM attestation.
--- a/internal/constellation/helm/overrides.go
+++ b/internal/constellation/helm/overrides.go
@ -48,7 +48,7 @@ func extraCiliumValues(provider cloudprovider.Provider, conformanceMode bool, ou
 	extraVals := map[string]any{}
 	strictMode := map[string]any{}
-	// TODO(@3u13r): Once we are able to set the subnet of the load balancer VMs
+	// TODO: Once we are able to set the subnet of the load balancer VMs
 	// on STACKIT, we can remove the OpenStack exception here.
 	if provider != cloudprovider.QEMU && provider != cloudprovider.OpenStack {
 		strictMode = map[string]any{
--- a/s3proxy/cmd/main.go
+++ b/s3proxy/cmd/main.go
@ -40,13 +40,6 @@ func main() {
 		panic(err)
 	}
 	// logLevel can be made a public variable so logging level can be changed dynamically.
 	// TODO (derpsteb): enable once we are on go 1.21.
 	// logLevel := new(slog.LevelVar)
 	// handler := slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{Level: logLevel})
 	// logger := slog.New(handler)
 	// logLevel.Set(flags.logLevel)
 	logger := logger.NewJSONLogger(logger.VerbosityFromInt(flags.logLevel))
 	if flags.forwardMultipartReqs {
@ -110,12 +103,6 @@ func parseFlags() (cmdFlags, error) {
 		return cmdFlags{}, fmt.Errorf("not a valid IPv4 address: %s", *ip)
 	}
 	// TODO(derpsteb): enable once we are on go 1.21.
 	// logLevel := new(slog.Level)
 	// if err := logLevel.UnmarshalText([]byte(*level)); err != nil {
 	// 	return cmdFlags{}, fmt.Errorf("parsing log level: %w", err)
 	// }
 	return cmdFlags{
 		noTLS:                *noTLS,
 		ip:                   netIP.String(),
@ -134,7 +121,5 @@ type cmdFlags struct {
 	certLocation         string
 	kmsEndpoint          string
 	forwardMultipartReqs bool
 	// TODO(derpsteb): enable once we are on go 1.21.
 	// logLevel slog.Level
 	logLevel             int
 }
--- a/terraform/infrastructure/aws/modules/instance_group/main.tf
+++ b/terraform/infrastructure/aws/modules/instance_group/main.tf
@ -51,15 +51,6 @@ resource "aws_launch_template" "launch_template" {
    # use "disabled" to disable SEV-SNP (but still require SNP-capable hardware)
    # use null to leave the setting unset (allows non-SNP-capable hardware to be used)
    amd_sev_snp = var.enable_snp ? "enabled" : null
    # Disable SMT. We are already disabling it inside the image.
    # Disabling SMT only in the image, not in the Hypervisor creates problems.
    # Thus, also disable it in the Hypervisor.
    # TODO(derpsteb): reenable once AWS confirms it's safe to do so.
    # threads_per_core = 1
    # When setting threads_per_core we also have to set core_count.
    # For the currently supported SNP instance families (C6a, M6a, R6a) default_cores
    # equals the maximum number of available cores.
    # core_count = data.aws_ec2_instance_type.instance_data.default_cores
  }
  lifecycle {
--- a/terraform/infrastructure/azure/main.tf
+++ b/terraform/infrastructure/azure/main.tf
@ -182,7 +182,6 @@ module "loadbalancer_backend_control_plane" {
 }
 # We cannot delete them right away since we first need to to delete the dependency from the VMSS to this backend pool.
 # TODO(@3u13r): Remove this resource after v2.18.0 has been released.
 module "loadbalancer_backend_worker" {
  source = "./modules/load_balancer_backend"
@ -193,7 +192,6 @@ module "loadbalancer_backend_worker" {
 }
 # We cannot delete them right away since we first need to to delete the dependency from the VMSS to this backend pool.
 # TODO(@3u13r): Remove this resource after v2.18.0 has been released.
 resource "azurerm_lb_backend_address_pool" "all" {
  loadbalancer_id = azurerm_lb.loadbalancer.id
  name            = "${var.name}-all"
@ -234,7 +232,6 @@ resource "azurerm_network_security_rule" "nsg_rule" {
  for_each = {
    for o in local.ports : o.name => o
  }
  # TODO(elchead): v2.20.0: remove name suffix and priority offset. Might need to add create_before_destroy to the NSG rule.
  name                        = "${each.value.name}-new"
  priority                    = each.value.priority + 10 # offset to not overlap with old rules
  direction                   = "Inbound"