remove config-trusted-resources #6305
Conversation
tekton-robot
added
release-note-none
Yongxuanzhang
changed the title
tekton-robot
added
release-note
|
/kind misc |
| # Mount secret for trusted resources | ||
| - name: verification-secrets | ||
| mountPath: /etc/verification-secrets | ||
| readOnly: true |
There was a problem hiding this comment.
This was introduced to mount secrets(contains public keys) and configmap could refer to the secret.
| @@ -55,177 +55,12 @@ func init() { | |||
| os.Setenv("PRIVATE_PASSWORD", password) | |||
| } | |||
|
|
|||
| func TestTrustedResourcesVerify_ConfigMap_Success(t *testing.T) { | |||
There was a problem hiding this comment.
This is the e2e test of configmap approach.
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
Yongxuanzhang
force-pushed
the
remove-trusted-resources-cfg
branch
from
bc61cf8
to
9661b9f
Compare
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
There was a problem hiding this comment.
thanks @Yongxuanzhang, please update the release note to include more detail (including a link to where people can find migration instructions) and update the commit message to note that this is an alpha feature.
| @@ -82,20 +81,6 @@ func VerifyPipeline(ctx context.Context, pipelineObj v1beta1.PipelineObject, k8s | |||
| // 2. If multiple policies are matched, the resource needs to pass all of them to pass verification. | |||
| // 3. To pass one policy, the resource can pass any public keys in the policy. | |||
| func verifyResource(ctx context.Context, resource metav1.Object, k8s kubernetes.Interface, signature []byte, source string, policies []*v1alpha1.VerificationPolicy) error { | |||
There was a problem hiding this comment.
Please update the docstring of this function
There was a problem hiding this comment.
Oh thanks! Sorry I should mark this tep as wip, I meant to open it just to run against our ci yesterday
Will take a full pass on the docs and tests
tekton-robot
added
the
approved
Yongxuanzhang
changed the title
tekton-robot
added
the
do-not-merge/work-in-progress
Yongxuanzhang
force-pushed
the
remove-trusted-resources-cfg
branch
from
9661b9f
to
16b6735
Compare
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
Yongxuanzhang
force-pushed
the
remove-trusted-resources-cfg
branch
from
16b6735
to
1702e7d
Compare
Yongxuanzhang
changed the title
tekton-robot
removed
the
do-not-merge/work-in-progress
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
pkg/trustedresources/errors.go
Outdated
| @@ -20,8 +20,8 @@ import "errors" | |||
| var ( | |||
| // ErrorResourceVerificationFailed is returned when trusted resources fails verification. | |||
| ErrorResourceVerificationFailed = errors.New("resource verification failed") | |||
| // ErrorEmptyVerificationConfig is returned when VerificationPolicy or config-trusted-resources configmap are founded | |||
| ErrorEmptyVerificationConfig = errors.New("no policies or config-trusted-resources configmap founded for verification") | |||
| // ErrorEmptyVerificationConfig is returned when VerificationPolicy are founded | |||
There was a problem hiding this comment.
| // ErrorEmptyVerificationConfig is returned when VerificationPolicy are founded | |
| // ErrorEmptyVerificationConfig is returned when no VerificationPolicy is found |
maybe? Something about this description is off
There was a problem hiding this comment.
Yes, thanks! This is a mistake
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: lbernick, wlynch The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
tekton-robot
added
the
needs-rebase
This commit removes trusted-resources-config. The deprecation is announced in release v0.45. The reason of removing is that trusted-resources-config is used to store public keys for verificaiton but Verification Policy has already covered all the functionalities and has more advanced features. Since there are not any other fields in trusted-resources-config we decided to remove it. Trusted resources is alpha feature so the configmap can be deprecated with one release notice. Closes tektoncd#5852 Signed-off-by: Yongxuan Zhang yongxuanzhang@google.com
Yongxuanzhang
force-pushed
the
remove-trusted-resources-cfg
branch
from
1702e7d
to
4a3564f
Compare
tekton-robot
removed
lgtm
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
Changes
This commit removes config-trusted-resources. The deprecation is announced in release v0.45. The reason of removing is that config-trusted-resources is used to store public keys for verificaiton but Verification Policy has already covered all the functionalities and has more advanced features. Since there are not any other fields in trusted-resources-config we decided to remove it. Trusted resources is alpha feature so the configmap can be deprecated with one release notice
Closes #5852
Signed-off-by: Yongxuan Zhang yongxuanzhang@google.com
Submitter Checklist
As the author of this PR, please check off the items in this checklist:
functionality, content, code)
/kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tepRelease Notes