From d1b63d4fe4586975f0bf87da547753b0039afaa1 Mon Sep 17 00:00:00 2001 From: Yongxuan Zhang Date: Wed, 8 Feb 2023 20:18:10 +0000 Subject: [PATCH] Mark config-trusted-resources as deprecated This commit marks config-trusted-resources as deprecated, VerificationPolicy has covered the features of config-trusted-resources so there's no need to keep it. Signed-off-by: Yongxuan Zhang yongxuanzhang@google.com --- docs/deprecations.md | 2 +- docs/trusted-resources.md | 7 ++++--- pkg/apis/config/trusted_resources.go | 1 + 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/deprecations.md b/docs/deprecations.md index 0a363fa204f..609bc78bd8a 100644 --- a/docs/deprecations.md +++ b/docs/deprecations.md @@ -25,7 +25,7 @@ being deprecated. | [`v1alpha1.Run` is deprecated, feature flag `enable-custom-task` is removed in v0.44.0, `custom-task-version` will be removed together with `v1alpha1.Run`](https://github.com/tektoncd/community/blob/main/teps/0114-custom-tasks-beta.md) | v0.43.0 | Alpha | April 10, 2023 or v0.47.0 | | [ClusterTask is deprecated](https://github.com/tektoncd/pipeline/issues/4476) | v0.41.0 | Beta | July 13, 2023 | | [`pipelineRef.bundle` and `taskRef.bundle` are deprecated](https://github.com/tektoncd/pipeline/issues/5514) | v0.41.0 | Alpha | July 13, 2023 | - +| [The `config-trusted-resources` configMap is deprecated](https://github.com/tektoncd/pipeline/issues/5852) | v0.45.0 | Alpha | v0.46.0 | ### Deprecated PipelineResources related features: The following features are deprecated as part of the deprecation of PipelineResources. diff --git a/docs/trusted-resources.md b/docs/trusted-resources.md index c11035fab74..9b2ccf3251e 100644 --- a/docs/trusted-resources.md +++ b/docs/trusted-resources.md @@ -70,10 +70,11 @@ kubectl patch configmap feature-flags -n tekton-pipelines -p='{"data":{"resource ``` -#### Config key at configmap (will be deprecated) -Multiple keys reference should be separated by comma. If the resource can pass any key in the list, it will pass the verification. +#### Config key at configmap (Deprecated) + +**Note:** key configuration in configmap is deprecated, the issue [#5852](https://github.com/tektoncd/pipeline/issues/5852) will track the deprecation. Please use [VerificationPolicy](#config-key-at-verificationpolicy) instead. -**Note:** key configuration in configmap will be deprecated, the issue [#5852](https://github.com/tektoncd/pipeline/issues/5852) will track the deprecation. +Multiple keys reference should be separated by comma. If the resource can pass any key in the list, it will pass the verification. We currently hardcode SHA256 as hashfunc for loading public keys as verifiers. diff --git a/pkg/apis/config/trusted_resources.go b/pkg/apis/config/trusted_resources.go index aee081bfd19..778e3ad8169 100644 --- a/pkg/apis/config/trusted_resources.go +++ b/pkg/apis/config/trusted_resources.go @@ -29,6 +29,7 @@ import ( // TrustedResources holds the collection of configurations that we attach to contexts. // Configmap named with "config-trusted-resources" where cosign pub key path and // KMS pub key path can be configured +// Deprecated. // +k8s:deepcopy-gen=true type TrustedResources struct { // Keys defines the name of the key in configmap data