Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

todo responsibilities and cleanup (#1837)

Browse Source 
* chore: add TODO responsibilities

* chore: remove not needed TODOs

* chore: remove outdated migrations

* chore: remove resolved goleak exception

* chore: remove not needed cosign env

* config: add link to our Azure snp docs
This commit is contained in:
3u13r 2023-06-01 12:33:06 +02:00 committed by GitHub
parent 0c13f3ed8d
commit e0285c122e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
31 changed files with 40 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/actions/build_cli/action.yml vendored
View File

@ -66,7 +66,7 @@ runs:
export PATH="$PATH:$(dirname "${OUTPUT_PATH}")"
echo "::endgroup::"
# TODO: Replace with https://github.com/sigstore/sigstore-installer/tree/initial
# TODO(3u13r): Replace with https://github.com/sigstore/sigstore-installer/tree/initial
# once it has the functionality
- name: Install Cosign
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''

1
.github/actions/constellation_create/action.yml vendored
View File

@ -242,7 +242,6 @@ runs:
echo "KUBECONFIG=$(pwd)/constellation-admin.conf" >> $GITHUB_OUTPUT
echo "MASTERSECRET=$(pwd)/constellation-mastersecret.json" >> $GITHUB_OUTPUT
# TODO(nirusu): Temporarily increase kubectl wait timeout here - might be related to all the Cilium / cert-manager issues?
- name: Wait for nodes to join and become ready
shell: bash
env:

3
.github/actions/container_sbom/action.yml vendored
View File

@ -27,7 +27,6 @@ runs:
- name: Generate SBOM
shell: bash
env:
# COSIGN_EXPERIMENTAL: 1 # This breaks verification with HTTP 404
COSIGN_PUBLIC_KEY: ${{ inputs.cosignPublicKey }}
COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
@ -37,7 +36,7 @@ runs:
syft packages ${{ inputs.containerReference }} -o cyclonedx-json > container-image-predicate.json
cosign attest ${{ inputs.containerReference }} --key env://COSIGN_PRIVATE_KEY --predicate container-image-predicate.json --type "https://cyclonedx.org/bom" > container-image.att.json
cosign attach attestation ${{ inputs.containerReference }} --attestation container-image.att.json
# TODO: type should be auto-discovered after issue is resolved:
# TODO(3u13r): type should be auto-discovered after issue is resolved:
# https://github.com/sigstore/cosign/issues/2264
cosign verify-attestation ${{ inputs.containerReference }} --type "https://cyclonedx.org/bom" --key env://COSIGN_PUBLIC_KEY
grype ${{ inputs.containerReference }} --fail-on high --only-fixed --add-cpes-if-none

2
.github/actions/e2e_test/action.yml vendored
View File

@ -266,7 +266,7 @@ runs:
if: inputs.test == 'sonobuoy full'
uses: ./.github/actions/e2e_sonobuoy
with:
# TODO: Remove E2E_SKIP once AB#2174 is resolved
# TODO(3u13r): Remove E2E_SKIP once AB#2174 is resolved
sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml'
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
artifactNameSuffix: ${{ steps.create-prefix.outputs.prefix }}

3
.github/workflows/build-ccm-gcp.yml vendored
View File

@ -12,8 +12,9 @@ jobs:
strategy:
matrix:
version: [v26.0.1]
# TODO: Once issue is closed upgrade older versions, rebuild, and update versions.go
# TODO(katexochen): Once issue is closed upgrade older versions, rebuild, and update versions.go
# https://github.com/kubernetes/cloud-provider-gcp/issues/451
# Alternativly, they start to publish releases themselves and we can remove this workflow (see https://github.com/kubernetes/cloud-provider-gcp/issues/289).
# version: [v26.0.1, v25.5.0, v24.0.0]
include:
- version: v26.0.1

2
.github/workflows/build-os-image.yml vendored
View File

@ -222,7 +222,7 @@ jobs:
name: "Build OS using mkosi"
needs: [build-settings, build-dependencies]
runs-on: ubuntu-22.04
# TODO: flatten outputs once possible
# TODO(malt3): flatten outputs once possible
# https://github.com/community/community/discussions/17245
outputs:
image-raw-aws-aws-nitro-tpm-sha256: ${{ steps.collect-hashes.outputs.image-raw-aws-aws-nitro-tpm-sha256 }}

2
3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.need vendored
View File

@ -204,7 +204,7 @@ cc_library(
# "-D_CRYPT_HASH_C_",
# "-D_X509_SPT_",
# from internal/internal_cgo.go
# TODO: cleanup these flags
# TODO(malt3): cleanup these flags
"-fno-delete-null-pointer-checks",
"-fwrapv",
"-fno-sanitize=all", # relax sanitizer checks for this test-only dependency

2
bazel/oci/pin.bzl
View File

@ -154,7 +154,7 @@ oci_sum = rule(
)
def _oci_sum_merge_impl(ctx):
# TODO: select list of labels
# TODO(malt3): select list of labels
inputs = ctx.files.sums
output = ctx.actions.declare_file(ctx.label.name + ".sha256")
args = [

4
bootstrapper/internal/kubernetes/k8sapi/k8sutil.go
View File

@ -92,7 +92,7 @@ func (k *KubernetesUtil) InstallComponents(ctx context.Context, kubernetesCompon
func (k *KubernetesUtil) InitCluster(
ctx context.Context, initConfig []byte, nodeName, clusterName string, ips []net.IP, controlPlaneEndpoint string, conformanceMode bool, log *logger.Logger,
) ([]byte, error) {
// TODO: audit policy should be user input
// TODO(3u13r): audit policy should be user input
auditPolicy, err := resources.NewDefaultAuditPolicy().Marshal()
if err != nil {
return nil, fmt.Errorf("generating default audit policy: %w", err)
@ -314,7 +314,7 @@ func (k *KubernetesUtil) FixCilium(ctx context.Context) error {
// JoinCluster joins existing Kubernetes cluster using kubeadm join.
func (k *KubernetesUtil) JoinCluster(ctx context.Context, joinConfig []byte, peerRole role.Role, controlPlaneEndpoint string, log *logger.Logger) error {
// TODO: audit policy should be user input
// TODO(3u13r): audit policy should be user input
auditPolicy, err := resources.NewDefaultAuditPolicy().Marshal()
if err != nil {
return fmt.Errorf("generating default audit policy: %w", err)

4
cli/internal/cloudcmd/create.go
View File

@ -357,7 +357,7 @@ func normalizeAzureURIs(vars terraform.AzureClusterVariables) terraform.AzureClu
}
func (c *Creator) createOpenStack(ctx context.Context, cl terraformClient, opts CreateOptions) (idFile clusterid.File, retErr error) {
// TODO: Remove this once OpenStack is supported.
// TODO(malt3): Remove this once OpenStack is supported.
if os.Getenv("CONSTELLATION_OPENSTACK_DEV") != "1" {
return clusterid.File{}, errors.New("OpenStack isn't supported yet")
}
@ -417,7 +417,7 @@ func (c *Creator) createQEMU(ctx context.Context, cl terraformClient, lv libvirt
qemuRollbacker := &rollbackerQEMU{client: cl, libvirt: lv, createdWorkspace: false}
defer rollbackOnError(c.out, &retErr, qemuRollbacker, opts.TFLogLevel)
// TODO: render progress bar
// TODO(malt3): render progress bar
downloader := c.newRawDownloader()
imagePath, err := downloader.Download(ctx, c.out, false, opts.source, opts.Config.Image)
if err != nil {

2
cli/internal/cloudcmd/rollback.go
View File

@ -29,7 +29,7 @@ func rollbackOnError(w io.Writer, onErr *error, roll rollbacker, logLevel terraf
fmt.Fprintf(w, "An error occurred: %s\n", *onErr)
fmt.Fprintln(w, "Attempting to roll back.")
if err := roll.rollback(context.Background(), logLevel); err != nil {
*onErr = errors.Join(*onErr, fmt.Errorf("on rollback: %w", err)) // TODO: print the error, or return it?
*onErr = errors.Join(*onErr, fmt.Errorf("on rollback: %w", err)) // TODO(katexochen): print the error, or return it?
return
}
fmt.Fprintln(w, "Rollback succeeded.")

2
cli/internal/cmd/upgradeapply.go
View File

@ -278,7 +278,7 @@ type imageFetcher interface {
func (u *upgradeApplyCmd) upgradeAttestConfigIfDiff(cmd *cobra.Command, newConfig config.AttestationCfg, flags upgradeApplyFlags) error {
clusterAttestationConfig, _, err := u.upgrader.GetClusterAttestationConfig(cmd.Context(), newConfig.GetVariant())
// Config migration from v2.7 to v2.8 requires us to skip comparing configs if the cluster is still using the legacy config.
// TODO: v2.9 Remove error type check and always run comparison.
// TODO(daniel-weisse): v2.9 Remove error type check and always run comparison.
if err != nil && !errors.Is(err, kubernetes.ErrLegacyJoinConfig) {
return fmt.Errorf("getting cluster measurements: %w", err)
}

2
cli/internal/helm/client.go
View File

@ -425,7 +425,7 @@ type crdClient interface {
ApplyCRD(ctx context.Context, rawCRD []byte) error
GetCRDs(ctx context.Context) ([]apiextensionsv1.CustomResourceDefinition, error)
GetCRs(ctx context.Context, gvr schema.GroupVersionResource) ([]unstructured.Unstructured, error)
DeleteStorageClass(ctx context.Context, name string) error // TODO: remove with v2.9
DeleteStorageClass(ctx context.Context, name string) error // TODO(daniel-weisse): remove with v2.9
}
type actionWrapper interface {

6
cli/internal/kubernetes/upgrade.go
View File

@ -47,7 +47,7 @@ import (
var ErrInProgress = errors.New("upgrade in progress")
// ErrLegacyJoinConfig signals that a legacy join-config was found.
// TODO: v2.9 remove.
// TODO(daniel-weisse): v2.9 remove.
var ErrLegacyJoinConfig = errors.New("legacy join-config with missing attestationConfig found")
// GetConstellationVersion queries the constellation-version object for a given field.
@ -304,7 +304,7 @@ func (u *Upgrader) GetClusterAttestationConfig(ctx context.Context, variant vari
return nil, nil, fmt.Errorf("retrieving current attestation config: %w", err)
}
if _, ok := existingConf.Data[constants.AttestationConfigFilename]; !ok {
// TODO: v2.9 remove legacy config detection since it is only required for upgrades from v2.7
// TODO(daniel-weisse): v2.9 remove legacy config detection since it is only required for upgrades from v2.7
if _, ok := existingConf.Data["measurements"]; ok {
u.log.Debugf("Legacy join config detected, migrating to new config")
return nil, existingConf, ErrLegacyJoinConfig
@ -481,7 +481,7 @@ func (u *stableClient) kubernetesVersion() (string, error) {
}
// joinConfigMigration prepares a join-config ConfigMap for migration from v2.7 to v2.8.
// TODO: v2.9: remove this function.
// TODO(daniel-weisse): v2.9: remove this function.
func joinConfigMigration(existingConf *corev1.ConfigMap, attestVariant variant.Variant) (config.AttestationCfg, *corev1.ConfigMap, error) {
m, ok := existingConf.Data["measurements"]
if !ok {

2
cli/internal/terraform/terraform/openstack/main.tf
View File

@ -216,7 +216,7 @@ resource "openstack_compute_floatingip_associate_v2" "public_ip_associate" {
]
}
# TODO: get LoadBalancer API enabled in the test environment
# TODO(malt3): get LoadBalancer API enabled in the test environment
# resource "openstack_lb_loadbalancer_v2" "loadbalancer" {
# name = local.name

4
cli/internal/terraform/terraform/openstack/modules/instance_group/main.tf
View File

@ -13,7 +13,7 @@ locals {
tags = distinct(sort(concat(var.tags, ["constellation-role-${local.role_dashed}"])))
}
# TODO: get this API enabled in the test environment
# TODO(malt3): get this API enabled in the test environment
# resource "openstack_compute_servergroup_v2" "instance_group" {
# name = local.name
# policies = ["soft-anti-affinity"]
@ -26,7 +26,7 @@ resource "openstack_compute_instance_v2" "instance_group_member" {
flavor_id = var.flavor_id
security_groups = var.security_groups
tags = local.tags
# TODO: get this API enabled in the test environment
# TODO(malt3): get this API enabled in the test environment
# scheduler_hints {
# group = openstack_compute_servergroup_v2.instance_group.id
# }

2
cli/internal/terraform/variables.go
View File

@ -269,7 +269,7 @@ func (v *OpenStackClusterVariables) String() string {
return b.String()
}
// TODO: Add support for OpenStack IAM variables.
// TODO(malt3): Add support for OpenStack IAM variables.
// QEMUVariables is user configuration for creating a QEMU cluster with Terraform.
type QEMUVariables struct {

4
debugd/internal/debugd/metadata/cloudprovider/cloudprovider.go
View File

@ -97,10 +97,6 @@ func (f *Fetcher) DiscoverLoadbalancerIP(ctx context.Context) (string, error) {
}
// The port of the endpoint is not the port we need. We need to strip it off.
//
// TODO: Tag the specific load balancer we are looking for with a distinct tag.
// Change the GetLoadBalancerEndpoint method to return the endpoint of a load
// balancer with a given tag.
lbIP, _, err := net.SplitHostPort(lbEndpoint)
if err != nil {
return "", fmt.Errorf("parsing load balancer endpoint: %w", err)

2
docs/docs/workflows/sbom.md
View File

@ -68,7 +68,7 @@ This example considers only the `verification-service`. The same approach works
:::
<!--
TODO: Once mkosi is implemented
TODO(malt3): Once mkosi is implemented
## Operating System
-->

2
image/mkosi.conf.d/mkosi.conf
View File

@ -12,7 +12,7 @@ SplitArtifacts=yes
SecureBoot=yes
SecureBootKey=pki/db.key
SecureBootCertificate=pki/db.crt
# TODO: Wait for systemd 252 to bring systemd-measure
# TODO(malt3): Wait for systemd 252 to bring systemd-measure
# Measure=yes
ImageId=constellation
Output=image.raw

14
internal/attestation/measurements/measurements.go
View File

@ -17,7 +17,6 @@ import (
"bytes"
"context"
"crypto/sha256"
"encoding/base64"
"encoding/hex"
"encoding/json"
"errors"
@ -46,7 +45,7 @@ const (
PCRIndexClusterID = tpmutil.Handle(15)
// PCRIndexOwnerID is a PCR we extend to mark the node as initialized.
// The value used to extend is derived from Constellation's master key.
// TODO: move to stable, non-debug PCR before use.
// TODO(daniel-weisse): move to stable, non-debug PCR before use.
PCRIndexOwnerID = tpmutil.Handle(16)
// TDXIndexClusterID is the measurement used to mark the node as initialized.
@ -431,16 +430,7 @@ func (m Measurement) MarshalYAML() (any, error) {
func (m *Measurement) unmarshal(eM encodedMeasurement) error {
expected, err := hex.DecodeString(eM.Expected)
if err != nil {
// expected value might be in base64 legacy format
// TODO: Remove with v2.4.0
hexErr := err
expected, err = base64.StdEncoding.DecodeString(eM.Expected)
if err != nil {
return errors.Join(
fmt.Errorf("invalid measurement: not a hex string %w", hexErr),
fmt.Errorf("not a base64 string: %w", err),
)
}
return fmt.Errorf("decoding measurement: %w", err)
}
if len(expected) != 32 && len(expected) != 48 {

28
internal/attestation/measurements/measurements_test.go
View File

@ -80,18 +80,6 @@ func TestUnmarshal(t *testing.T) {
wantMeasurements M
wantErr bool
}{
"valid measurements base64": {
inputYAML: "2:\n expected: \"/V3p3zUOO8RBCsBrv+XM3rk/U7nvUSOfdSzmnbxgDzU=\"\n3:\n expected: \"1aRJbSHeyaUljdsZxv61O7TTwEY/5gfySI3fTxAG754=\"",
inputJSON: `{"2":{"expected":"/V3p3zUOO8RBCsBrv+XM3rk/U7nvUSOfdSzmnbxgDzU="},"3":{"expected":"1aRJbSHeyaUljdsZxv61O7TTwEY/5gfySI3fTxAG754="}}`,
wantMeasurements: M{
2: {
Expected: []byte{253, 93, 233, 223, 53, 14, 59, 196, 65, 10, 192, 107, 191, 229, 204, 222, 185, 63, 83, 185, 239, 81, 35, 159, 117, 44, 230, 157, 188, 96, 15, 53},
},
3: {
Expected: []byte{213, 164, 73, 109, 33, 222, 201, 165, 37, 141, 219, 25, 198, 254, 181, 59, 180, 211, 192, 70, 63, 230, 7, 242, 72, 141, 223, 79, 16, 6, 239, 158},
},
},
},
"valid measurements hex": {
inputYAML: "2:\n expected: \"fd5de9df350e3bc4410ac06bbfe5ccdeb93f53b9ef51239f752ce69dbc600f35\"\n3:\n expected: \"d5a4496d21dec9a5258ddb19c6feb53bb4d3c0463fe607f2488ddf4f1006ef9e\"",
inputJSON: `{"2":{"expected":"fd5de9df350e3bc4410ac06bbfe5ccdeb93f53b9ef51239f752ce69dbc600f35"},"3":{"expected":"d5a4496d21dec9a5258ddb19c6feb53bb4d3c0463fe607f2488ddf4f1006ef9e"}}`,
@ -117,8 +105,8 @@ func TestUnmarshal(t *testing.T) {
},
},
"empty bytes": {
inputYAML: "2:\n expected: \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\"\n3:\n expected: \"AQIDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=\"",
inputJSON: `{"2":{"expected":"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="},"3":{"expected":"AQIDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}}`,
inputYAML: "2:\n expected: \"0000000000000000000000000000000000000000000000000000000000000000\"\n3:\n expected: \"0102030400000000000000000000000000000000000000000000000000000000\"",
inputJSON: `{"2":{"expected":"0000000000000000000000000000000000000000000000000000000000000000"},"3":{"expected":"0102030400000000000000000000000000000000000000000000000000000000"}}`,
wantMeasurements: M{
2: {
Expected: []byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
@ -133,18 +121,6 @@ func TestUnmarshal(t *testing.T) {
inputJSON: `{"2":{"expected":"This is not base64"},"3":{"expected":"AQIDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}}`,
wantErr: true,
},
"legacy format": {
inputYAML: "2: \"/V3p3zUOO8RBCsBrv+XM3rk/U7nvUSOfdSzmnbxgDzU=\"\n3: \"1aRJbSHeyaUljdsZxv61O7TTwEY/5gfySI3fTxAG754=\"",
inputJSON: `{"2":"/V3p3zUOO8RBCsBrv+XM3rk/U7nvUSOfdSzmnbxgDzU=","3":"1aRJbSHeyaUljdsZxv61O7TTwEY/5gfySI3fTxAG754="}`,
wantMeasurements: M{
2: {
Expected: []byte{253, 93, 233, 223, 53, 14, 59, 196, 65, 10, 192, 107, 191, 229, 204, 222, 185, 63, 83, 185, 239, 81, 35, 159, 117, 44, 230, 157, 188, 96, 15, 53},
},
3: {
Expected: []byte{213, 164, 73, 109, 33, 222, 201, 165, 37, 141, 219, 25, 198, 254, 181, 59, 180, 211, 192, 70, 63, 230, 7, 242, 72, 141, 223, 79, 16, 6, 239, 158},
},
},
},
"invalid length hex": {
inputYAML: "2:\n expected: \"fd5de9df350e3bc4410ac06bbfe5ccdeb93f53b9ef\"\n3:\n expected: \"d5a4496d21dec9a5258ddb19c6feb53bb4d3c0463f\"",
inputJSON: `{"2":{"expected":"fd5de9df350e3bc4410ac06bbfe5ccdeb93f53b9ef"},"3":{"expected":"d5a4496d21dec9a5258ddb19c6feb53bb4d3c0463f"}}`,

3
internal/config/config.go
View File

@ -280,8 +280,7 @@ type AttestationConfig struct {
// AWS Nitro TPM attestation.
AWSNitroTPM *AWSNitroTPM `yaml:"awsNitroTPM,omitempty" validate:"omitempty,dive"`
// description: |
// Azure SEV-SNP attestation.\nSee our docs for more information on configurable values
// TODO(AB#3071): add link after docs are written
// Azure SEV-SNP attestation.\nFor details see: https://docs.edgeless.systems/constellation/architecture/attestation#cvm-verification
AzureSEVSNP *AzureSEVSNP `yaml:"azureSEVSNP,omitempty" validate:"omitempty,dive"`
// description: |
// Azure TPM attestation (Trusted Launch).

4
internal/config/config_doc.go
View File

@ -434,8 +434,8 @@ func init() {
AttestationConfigDoc.Fields[1].Name = "azureSEVSNP"
AttestationConfigDoc.Fields[1].Type = "AzureSEVSNP"
AttestationConfigDoc.Fields[1].Note = ""
AttestationConfigDoc.Fields[1].Description = "Azure SEV-SNP attestation.\nSee our docs for more information on configurable values\nTODO(AB#3071): add link after docs are written"
AttestationConfigDoc.Fields[1].Comments[encoder.LineComment] = "Azure SEV-SNP attestation.\nSee our docs for more information on configurable values"
AttestationConfigDoc.Fields[1].Description = "Azure SEV-SNP attestation.\nFor details see: https://docs.edgeless.systems/constellation/architecture/attestation#cvm-verification"
AttestationConfigDoc.Fields[1].Comments[encoder.LineComment] = "Azure SEV-SNP attestation.\nFor details see: https://docs.edgeless.systems/constellation/architecture/attestation#cvm-verification"
AttestationConfigDoc.Fields[2].Name = "azureTrustedLaunch"
AttestationConfigDoc.Fields[2].Type = "AzureTrustedLaunch"
AttestationConfigDoc.Fields[2].Note = ""

21
internal/config/validation.go
View File

@ -391,26 +391,7 @@ func getPlaceholderEntries(m measurements.M) []uint32 {
}
func (c *Config) validateK8sVersion(fl validator.FieldLevel) bool {
// TODO: v2.7: do not create extendedVersion variable and directly validate field from fl.
// This patch is for compatibility with configs from v2.5 only. Configs specifying k8s
// the version as MAJOR.MINOR automatically get extended with the respective patch version.
configVersion := compatibility.EnsurePrefixV(fl.Field().String())
if !semver.IsValid(configVersion) {
return false
}
extendedVersion := K8sVersionFromMajorMinor(semver.MajorMinor(configVersion))
if extendedVersion == "" {
return false
}
valid := versions.IsSupportedK8sVersion(extendedVersion)
if !valid {
return false
}
c.KubernetesVersion = extendedVersion
return true
return versions.IsSupportedK8sVersion(compatibility.EnsurePrefixV(fl.Field().String()))
}
// K8sVersionFromMajorMinor takes a semver in format MAJOR.MINOR

4
internal/file/file_test.go
View File

@ -207,7 +207,7 @@ func TestWriteJSON(t *testing.T) {
content: someContent,
options: OptMkdirAll,
},
// TODO: add tests for mkdirAll actually creating the necessary folders when https://github.com/spf13/afero/issues/270 is fixed.
// TODO(malt3): add tests for mkdirAll actually creating the necessary folders when https://github.com/spf13/afero/issues/270 is fixed.
// Currently, MemMapFs will create files in nonexistent directories due to a bug in afero,
// making it impossible to test the actual behavior of the mkdirAll parameter.
}
@ -369,7 +369,7 @@ func TestWriteYAML(t *testing.T) {
content: someContent,
options: OptMkdirAll,
},
// TODO: add tests for mkdirAll actually creating the necessary folders when https://github.com/spf13/afero/issues/270 is fixed.
// TODO(malt3): add tests for mkdirAll actually creating the necessary folders when https://github.com/spf13/afero/issues/270 is fixed.
// Currently, MemMapFs will create files in nonexistent directories due to a bug in afero,
// making it impossible to test the actual behavior of the mkdirAll parameter.
}

2
internal/kubernetes/kubectl/kubectl.go
View File

@ -200,7 +200,7 @@ func (k *Kubectl) AddNodeSelectorsToDeployment(ctx context.Context, selectors ma
}
// DeleteStorageClass deletes the storage class with the given name.
// TODO: Remove with v2.9.
// TODO(daniel-weisse): Remove with v2.9.
func (k *Kubectl) DeleteStorageClass(ctx context.Context, name string) error {
return k.StorageV1().StorageClasses().Delete(ctx, name, metav1.DeleteOptions{})
}

5
internal/sigstore/rekor_integration_test.go
View File

@ -18,10 +18,7 @@ import (
)
func TestMain(m *testing.M) {
goleak.VerifyTestMain(m,
// TODO: Remove once https://github.com/sigstore/rekor/issues/1094 resolved
goleak.IgnoreTopFunction("internal/poll.runtime_pollWait"),
)
goleak.VerifyTestMain(m)
}
func TestRekorSearchByHash(t *testing.T) {

6
internal/versions/versions.go
View File

@ -143,7 +143,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
// Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md.
CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.25.14@sha256:b45bb9bfd30c0da34650f0992a91a77a7babe2b37d627b1a669f9485a5a47b5e", // renovate:container
// CloudControllerManagerImageGCP is the CCM image used on GCP.
// TODO: use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available.
// TODO(3u13r): use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available.
CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v25.2.0@sha256:86fa9d31ed0b3d0d8806f13d6e7debd3471028b2cb7cca3a876d8a31612a7ba5", // renovate:container
// CloudControllerManagerImageOpenStack is the CCM image used on OpenStack.
CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.25.5", // renovate:container
@ -194,7 +194,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
// Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md.
CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.26.10@sha256:8affb69b608f34e2d691a55328d9af150299f35d2e4c21897d30c1bf6937a5a6", // renovate:container
// CloudControllerManagerImageGCP is the CCM image used on GCP.
// TODO: use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available.
// TODO(3u13r): use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available.
CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v26.0.1@sha256:db2b15a20ad690784a6015bfad55c4dff15826be8cf9f6ac77d70abd11b1f70c", // renovate:container
// CloudControllerManagerImageOpenStack is the CCM image used on OpenStack.
CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.2", // renovate:container
@ -245,7 +245,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{
// Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md.
CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.4@sha256:f4334277ece5db59c49fe919cde4bf564d2b3d6f80a50c6192ab7f309ac3a40c", // renovate:container
// CloudControllerManagerImageGCP is the CCM image used on GCP.
// TODO: use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available.
// TODO(3u13r): use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available.
CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v26.0.1@sha256:db2b15a20ad690784a6015bfad55c4dff15826be8cf9f6ac77d70abd11b1f70c", // renovate:container
// CloudControllerManagerImageOpenStack is the CCM image used on OpenStack.
CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.2", // renovate:container

2
operators/constellation-node-operator/controllers/pendingnode_controller.go
View File

@ -134,7 +134,7 @@ func (r *PendingNodeReconciler) Reconcile(ctx context.Context, req ctrl.Request)
return ctrl.Result{Requeue: true}, nil
case updatev1alpha1.NodeGoalLeave:
logr.Info("Node was not terminated on time", "pendingNodeGoal", pendingNode.Spec.Goal, "cspNodeState", nodeState)
// TODO: decide if other actions should be taken here (e.g. send another request to delete node)
// TODO(malt3): decide if other actions should be taken here (e.g. send another request to delete node)
return ctrl.Result{RequeueAfter: defaultCheckInterval}, nil
}

2
operators/constellation-node-operator/internal/cloud/azure/client/nodeimage_test.go
View File

@ -313,8 +313,6 @@ func TestDeleteNode(t *testing.T) {
}
}
// TODO: test capacityPollingHandler
func TestCapacityPollingHandler(t *testing.T) {
assert := assert.New(t)
wantCapacity := int64(1)