-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove config-trusted-resources #6305
remove config-trusted-resources #6305
Conversation
/kind misc |
# Mount secret for trusted resources | ||
- name: verification-secrets | ||
mountPath: /etc/verification-secrets | ||
readOnly: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was introduced to mount secrets(contains public keys) and configmap could refer to the secret.
@@ -55,177 +55,12 @@ func init() { | |||
os.Setenv("PRIVATE_PASSWORD", password) | |||
} | |||
|
|||
func TestTrustedResourcesVerify_ConfigMap_Success(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the e2e test of configmap approach.
The following is the coverage report on the affected files.
|
The following is the coverage report on the affected files.
|
bc61cf8
to
9661b9f
Compare
The following is the coverage report on the affected files.
|
The following is the coverage report on the affected files.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks @Yongxuanzhang, please update the release note to include more detail (including a link to where people can find migration instructions) and update the commit message to note that this is an alpha feature.
@@ -82,20 +81,6 @@ func VerifyPipeline(ctx context.Context, pipelineObj v1beta1.PipelineObject, k8s | |||
// 2. If multiple policies are matched, the resource needs to pass all of them to pass verification. | |||
// 3. To pass one policy, the resource can pass any public keys in the policy. | |||
func verifyResource(ctx context.Context, resource metav1.Object, k8s kubernetes.Interface, signature []byte, source string, policies []*v1alpha1.VerificationPolicy) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please update the docstring of this function
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh thanks! Sorry I should mark this tep as wip, I meant to open it just to run against our ci yesterday
Will take a full pass on the docs and tests
9661b9f
to
16b6735
Compare
The following is the coverage report on the affected files.
|
The following is the coverage report on the affected files.
|
16b6735
to
1702e7d
Compare
The following is the coverage report on the affected files.
|
The following is the coverage report on the affected files.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
pkg/trustedresources/errors.go
Outdated
@@ -20,8 +20,8 @@ import "errors" | |||
var ( | |||
// ErrorResourceVerificationFailed is returned when trusted resources fails verification. | |||
ErrorResourceVerificationFailed = errors.New("resource verification failed") | |||
// ErrorEmptyVerificationConfig is returned when VerificationPolicy or config-trusted-resources configmap are founded | |||
ErrorEmptyVerificationConfig = errors.New("no policies or config-trusted-resources configmap founded for verification") | |||
// ErrorEmptyVerificationConfig is returned when VerificationPolicy are founded |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// ErrorEmptyVerificationConfig is returned when VerificationPolicy are founded | |
// ErrorEmptyVerificationConfig is returned when no VerificationPolicy is found |
maybe? Something about this description is off
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, thanks! This is a mistake
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: lbernick, wlynch The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This commit removes trusted-resources-config. The deprecation is announced in release v0.45. The reason of removing is that trusted-resources-config is used to store public keys for verificaiton but Verification Policy has already covered all the functionalities and has more advanced features. Since there are not any other fields in trusted-resources-config we decided to remove it. Trusted resources is alpha feature so the configmap can be deprecated with one release notice. Closes tektoncd#5852 Signed-off-by: Yongxuan Zhang [email protected]
1702e7d
to
4a3564f
Compare
The following is the coverage report on the affected files.
|
The following is the coverage report on the affected files.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Changes
This commit removes config-trusted-resources. The deprecation is announced in release v0.45. The reason of removing is that config-trusted-resources is used to store public keys for verificaiton but Verification Policy has already covered all the functionalities and has more advanced features. Since there are not any other fields in trusted-resources-config we decided to remove it. Trusted resources is alpha feature so the configmap can be deprecated with one release notice
Closes #5852
Signed-off-by: Yongxuan Zhang [email protected]
Submitter Checklist
As the author of this PR, please check off the items in this checklist:
functionality, content, code)
/kind <type>
. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tepRelease Notes