Skip to content

config: allow arbitrary custom clevis pin #2145

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

config: allow arbitrary custom clevis pin #2145

wants to merge 2 commits into from

Conversation

@alicefr
Copy link

@alicefr alicefr commented Oct 20, 2025

In order to support new clevis pin, either they need to be added each time in the hardcoded list of pins or ignition can allow any name for the pin. This is required in order to enable the clevis trustee pin used for confidential clusters.

@alicefr
config: allow arbitrary custom clevis pin
8ec0983 
In order to support new clevis pin, either they need to be added each
time in the hardcoded list of pins or ignition can allow any name for
the pin. This is required in order to enable the clevis trustee pin used
for confidential clusters.

Signed-off-by: Alice Frosi <afrosi@redhat.com>
@alicefr
Copy link
Author

alicefr commented Oct 20, 2025

/cc @travier @jlebon

@alicefr alicefr closed this Oct 20, 2025
gemini-code-assist[bot]
gemini-code-assist bot reviewed Oct 20, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request modifies the configuration validation to allow for arbitrary custom Clevis pin names. The change is motivated by the need to support new pins, such as the 'trustee' pin, without having to update a hardcoded list. The implementation correctly removes the switch statement that enforced a whitelist of pin names in config/v3_6_experimental/types/clevis.go. The corresponding unit test in config/v3_6_experimental/types/clevis_test.go is also updated to reflect that a previously unknown pin name is now considered valid. The changes are straightforward, correct, and align with the pull request's objective. I have no further comments.

@alicefr alicefr reopened this Oct 20, 2025
@alicefr alicefr mentioned this pull request Oct 20, 2025
Closed
@alicefr
Copy link
Author

alicefr commented Oct 20, 2025

This PR has been created upon the discussion in #2120 (comment)

@alicefr alicefr closed this Oct 20, 2025
@alicefr alicefr reopened this Oct 20, 2025
@alicefr
Copy link
Author

alicefr commented Oct 20, 2025

How do I fix the release notes?

@alicefr alicefr mentioned this pull request Oct 27, 2025
Draft
prestist
prestist reviewed Oct 27, 2025
View reviewed changes
config/v3_6_experimental/types/clevis_test.go
},
at: path.New("", "pin"),
out: errors.ErrUnknownClevisPin,
out: nil,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a negative test as well please?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are already existing tests covering when the name is empty, so I'm not sure what else we should check. This PR is relaxing the name checking to arbitrarily non-empty string

@yasminvalim
Copy link
Contributor

yasminvalim commented Oct 30, 2025
edited
Loading

How do I fix the release notes?

@alicefr you need to write a simple release notes on ignition/docs/release-notes.md about your change. 😸

@yasminvalim
Copy link
Contributor

Hey, @alicefr! Thanks for working on this 🫂
LGTM, just need a release notes :)

@alicefr
Add release note for the arbitrary clevis pin
90ec30a 
Signed-off-by: Alice Frosi <afrosi@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prestist prestist prestist left review comments

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alicefr @yasminvalim @prestist