Skip to content
This repository was archived by the owner on Sep 10, 2025. It is now read-only.

merge upstream#2

Merged
richardgeico merged 836 commits intomainfrom
upstream
Sep 9, 2025
Merged

merge upstream#2
richardgeico merged 836 commits intomainfrom
upstream

Conversation

@ardentperf
Copy link
Collaborator

@ardentperf ardentperf commented Sep 8, 2025

NiccoloFei and others added 30 commits May 19, 2025 20:20
@NiccoloFei @armru
test: allow configuring a custom image repository in major upgrade E2…
02f0165 
…Es (cloudnative-pg#7303)

This patch goes together with
cloudnative-pg/postgres-trunk-containers#80.
The goal is to allow configuring a custom repository (in this case the
`postgresql-trunk`) instead of the default ones (via an env variable),
which will be used to fetch the target images required to perform the
major upgrade scenarios.
This will allow us to test major upgrades to development versions of
PG18.

Closes cloudnative-pg#7302


Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Co-authored-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
@mnencia
feat: allow customization of in-place upgrades from a CNPG-I plugin (c…
2e12927 
…loudnative-pg#7588)

Enable customization of in-place major upgrades using a CNPG-I plugin by
passing optional arguments for `pg_upgrade` and `initdb`, and specify
alternative executable paths for `initdb` if needed.

Closes cloudnative-pg#7587

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@gusfcarvalho @gbartolini
docs: add OpenBao as OSS alternative to Vault (cloudnative-pg#7470)
975b739 
Hashicorp Vault, though commonly used, does have a restrictive, BUSL
license that most organizations cannot use.

Adding a mention to https://openbao.org, which is released under the
MPL license.

Signed-off-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com>
Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
Co-authored-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
@gbartolini
docs: clarify example in distributed topology (cloudnative-pg#7594)
bc479e2 
Closes cloudnative-pg#7593

Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
@gbartolini
docs(major upgrades): clarify image requires same OS (cloudnative-pg#…
0ccb770 
…7604)

Closes cloudnative-pg#7580

Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
@cnpg-bot
feat: Public Cloud K8S versions update (cloudnative-pg#7463)
6a36fdb 
Update the versions used to test the operator on public cloud providers

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: public-cloud-k8s-versions-check <public-cloud-k8s-versions-check@users.noreply.github.com>
@mnencia
test: enable unit test on 1.33 (cloudnative-pg#7606)
a111ccd 
Closes cloudnative-pg#7605

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@leonardoce @armru @mnencia
chore: remove regexp cache from API (cloudnative-pg#7582)
c9004de 
The Cluster API included some extra fields to cache the compiled regexp
and the related errors.
Unfortunately, this prevents the API from being used with
[controllerutil.CreateOrUpdate](1).

This patch removes the cache, compiling the regexp when needed.

Closes: cloudnative-pg#6605

Signed-off-by: Leonardo Cecchi <leonardo.cecchi@enterprisedb.com>

[1]:

https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.4/pkg/controller/controllerutil#CreateOrUpdate

Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@gbartolini
chore: stop testing Kubernetes versions older than 1.29 (cloudnative-…
4970da3 
…pg#7608)

Removed support for Kubernetes (and OpenShift) versions older than 1.29.

Closes cloudnative-pg#7607

Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
@gbartolini @fcanovai
docs: restructure backup and recovery section for CNPG-I plugins (clo…
3c5df07 
…udnative-pg#7581)

With the introduction of the CNPG-I interface and official support for
the Barman Cloud Plugin, the backup and recovery documentation has been
reorganised to reflect the new plugin-based architecture.

This is the first step toward a more modular and extensible approach.
Further work is planned outside the core CloudNativePG repository,
including maintaining an inventory of available plugins and migrating
volume snapshot support into a dedicated plugin.

Closes cloudnative-pg#6876

Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Co-authored-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
@mnencia
fix: guard for nil pgDataImageInfo in major version upgrades reconcil…
6607a88 
…er (cloudnative-pg#7602)

Closes cloudnative-pg#7601

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@sxd @mnencia
chore: move dataDurability defaulting logic to webhook to avoid OLM i…
5ee6eb8 
…ssues (cloudnative-pg#7600)

Defining an OpenAPI default for a field within an optional section (such
as `spec.postgresql.synchronous`) causes OLM to treat the entire section
as required. This leads to validation errors when other mandatory fields
in that section are not set.

To resolve this, the defaulting logic for
`spec.postgresql.synchronous.dataDurability` has been moved from the CRD
schema to the defaulting webhook.

Closes cloudnative-pg#7599

Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@sxd
chore: improve OLM interface by adding fields (cloudnative-pg#7617)
40abc00 
Added some missing fields in the section `spec.postgresql.synchronous`
and `spec.probes` for the OLM UI look better.

Partially-closes cloudnative-pg#7616

Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
@gbartolini @mnencia
docs: Release Notes for 1.26.0, 1.25.2, and 1.24.4 (cloudnative-pg#7595)
51bb12e 
Closes cloudnative-pg#7550

Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@mnencia
docs: fix missing Release Notes for 1.25.2 and 1.24.4 (cloudnative-pg…
e40343b 
…#7620)

Closes cloudnative-pg#7550

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@mnencia
docs: fix 1.26 release date in supported releases (cloudnative-pg#7626)
f13fd08 
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@mnencia
chore(github): update issue template (cloudnative-pg#7629)
fe3e6f2 
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@mnencia @sxd
docs: update operator capability levels page (cloudnative-pg#7636)
b1a8080 
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
Co-authored-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
@mnencia
docs: release 1.24 is EOL (cloudnative-pg#7637)
916ca9f 
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@github-actions @mnencia
Version tag to 1.26.0 (cloudnative-pg#7642)
1535f3c 
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@xgerman
chore: update ADOPTERS.md (cloudnative-pg#7621)
b01202c 
Adds DocumentDB Operator to the ADOPTERS list

Signed-off-by: German Eichberger <xgerman@users.noreply.github.com>
@sxd
chore(ci): remove release-1.24 branch and added release-1.26 (cloudna…
e244b06 
…tive-pg#7650)

The branch release-1.24 is now locked, and no changes should be made to
it. The new branch added to the list is release-1.26.

Closes cloudnative-pg#7649

Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
@cnpg-bot
feat: Public Cloud K8S versions update (cloudnative-pg#7643)
bf81e33 
Update the versions used to test the operator on public cloud providers

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: public-cloud-k8s-versions-check <public-cloud-k8s-versions-check@users.noreply.github.com>
@fcanovai @NiccoloFei
test(e2e): strenghten readiness checks (cloudnative-pg#7603)
67b8594 
Fixes some cases in the e2e where the tests would race to the next test
when the operator is not ready yet, or when the nodes are not ready.

Refactor the code to improve reuse and simplify signatures.

Closes cloudnative-pg#7589

Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Co-authored-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
@sxd
feat(plugin): remove 386 and arm architectures from the build (cloudn…
4757415 
…ative-pg#7648)

The architectures 386 and arm5/6/7 aren't way too used, and just
removing these architectures we reduce to half the amount of os/arch
we build for the plugin.

Closes cloudnative-pg#7564

Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
@sxd
ci: add missing permissions for the catalog creation (cloudnative-pg#…
f65cde3 
…7652)

The bundle and catalog for OLM wasn't being created due to the lack of
permission to push to the registry.

Closes cloudnative-pg#7630

Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
@sxd @armru
test(e2e): replace corev1.Endpoints with discoveryv1.EndpointSlice (
8f702e0 
cloudnative-pg#7544)

The corev1.Endpoints() has been deprecated on Kubernetes API 1.33
and replaced by discoveryv1.EndpointSlice().

Closes cloudnative-pg#7543

Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Co-authored-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
@FloorD
Rewording CONTRIBUTING file (cloudnative-pg#7615)
a9d81ac 
Reworded the contributing file slightly for grammar and clarity 🙏

Signed-off-by: Floor Drees <floordrees@gmail.com>
@renovate
fix(deps): update kubernetes packages to v0.33.1 (main) (cloudnative-…
9369dc5 
…pg#7485)

This PR contains the following updates:

https://github.com/kubernetes/api `v0.32.3` -> `v0.33.1`
https://github.com/kubernetes/apiextensions-apiserver `v0.32.3` -> `v0.33.1`
https://github.com/kubernetes/apimachinery `v0.32.3` -> `v0.33.1`
https://github.com/kubernetes/cli-runtime `v0.32.3` -> `v0.33.1`
https://github.com/kubernetes/client-go `v0.32.3` -> `v0.33.1` 

Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate
chore(deps): update all non-major github action (main) (cloudnative-p…
851e958 
…g#7667)

This PR contains the following updates:

https://github.com/docker/bake-action `76f9fa3` -> `37816e7`
https://github.com/docker/build-push-action `14487ce` -> `2634353`
https://github.com/github/codeql-action `60168ef` -> `ff0a06e`
https://github.com/kubernetes-sigs/kind `v0.27.0` -> `v0.29.0`
https://github.com/rojopolis/spellcheck-github-actions `0.48.0` -> `0.49.0`
https://github.com/sigstore/cosign-installer `d7d6bc7` -> `3454372`

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
cnpg-bot and others added 27 commits August 27, 2025 14:08
@cnpg-bot
feat: Public Cloud K8S versions update (cloudnative-pg#8403)
908922d 
Update the versions used to test the operator on public cloud providers

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
Co-authored-by: public-cloud-k8s-versions-check <public-cloud-k8s-versions-check@users.noreply.github.com>
@renovate
fix(deps): update all non-major go dependencies (main) (cloudnative-p…
bb0df10 
…g#8420)

This PR contains the following updates:

https://github.com/onsi/ginkgo `v2.25.0` -> `v2.25.1`
https://github.com/onsi/gomega `v1.38.0` -> `v1.38.2`
@renovate
chore(deps): update all non-major github action (main) (cloudnative-p…
6983740 
…g#8419)

This PR contains the following updates:

https://github.com/google-github-actions/setup-gcloud `6189d56` -> `cb1e50a`
https://github.com/kubernetes-sigs/kind `v0.29.0` -> `v0.30.0`
snyk/actions `ae57bdf` -> `e222141`
@sxd
chore: ignore shellcheck warnings for SC2329 (cloudnative-pg#8456)
7009f5b 
With the latest version of shellcheck the test SC2329 was added looking
for unused functions, or explicitly ignore that test, in our case, the functions
are called indirectly and always used.

Closes cloudnative-pg#8455

Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
@renovate
chore(deps): update kindest/node docker tag to v1.34.0 (main) (cloudn…
c593eb2 
…ative-pg#8447)
@cnpg-bot
feat: Public Cloud K8S versions update (cloudnative-pg#8450)
11e62c5 
Update the versions used to test the operator on public cloud providers

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
Co-authored-by: public-cloud-k8s-versions-check <public-cloud-k8s-versions-check@users.noreply.github.com>
@renovate @sxd
fix(deps): update kubernetes packages to v0.34.0 (main) (cloudnative-…
fe5eb9d 
…pg#8449)

This PR contains the following updates:

https://github.com/kubernetes/api `v0.33.4` -> `v0.34.0`
https://github.com/kubernetes/apiextensions-apiserver `v0.33.4` -> `v0.34.0`
https://github.com/kubernetes/apimachinery `v0.33.4` -> `v0.34.0`
https://github.com/kubernetes/cli-runtime `v0.33.4` -> `v0.34.0`
https://github.com/kubernetes/client-go `v0.33.4` -> `v0.34.0`


Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
@renovate
chore(deps): update google-github-actions/auth action to v3 (main) (c…
e050af6 
…loudnative-pg#8467)
@armru @mnencia
refactor(backup_controller): simplify flow (cloudnative-pg#8320)
0ee4b72 
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@renovate
chore(deps): update google-github-actions/setup-gcloud action to v3 (…
e6d19c8 
…main) (cloudnative-pg#8471)
@renovate
fix(deps): update module github.com/prometheus-operator/prometheus-op…
e204969 
…erator/pkg/apis/monitoring to v0.85.0 (main) (cloudnative-pg#8411)
@cnpg-bot
test: Updated Postgres versions used in E2E tests (cloudnative-pg#8373)
5cfb176 
Update the Postgres versions used in E2E tests

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
Co-authored-by: postgres-versions-updater <postgres-versions-updater@users.noreply.github.com>
@renovate
fix(deps): update module github.com/onsi/ginkgo/v2 to v2.25.2 (main) (c…
5168521 
…loudnative-pg#8477)
@renovate
fix(deps): update module sigs.k8s.io/controller-runtime to v0.22.0 (m…
01543d1 
…ain) (cloudnative-pg#8459)
@renovate
chore(deps): update module sigs.k8s.io/controller-tools to v0.19.0 (m…
8d15f48 
…ain) (cloudnative-pg#8458)
@cnpg-bot
chore: refresh licenses directory (cloudnative-pg#8500)
6a2cfdc 
Refresh the licenses directory

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
Co-authored-by: license-updater <license-updater@users.noreply.github.com>
@PascalBourdier
chore: add usestdlibvars linter (cloudnative-pg#7826)
ee53e29 
Add `usestdlibvars` linter to the list of golangci linters
Fix issues throw by the new linter

Closes cloudnative-pg#8484

Signed-off-by: Pascal Bourdier <pascal.bourdier@gmail.com>
@sxd
test: enable unit test on 1.34 (cloudnative-pg#8460)
677554b 
Closes cloudnative-pg#8457

Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
@cnpg-bot
test: Updated Postgres versions used in E2E tests (cloudnative-pg#8499)
e1a6c0a 
Update the Postgres versions used in E2E tests

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
Co-authored-by: postgres-versions-updater <postgres-versions-updater@users.noreply.github.com>
@renovate
chore(deps): update dependency operator-framework/operator-registry t…
7ad3b43 
…o v1.57.0 (main) (cloudnative-pg#8489)
@renovate
chore(deps): update github/codeql-action digest to 2d92b76 (main) (cl…
47d1801 
…oudnative-pg#8466)
@armru
fix(backup): do not check Cluster spec.backup if method is plugin (
d1b5dfb 
…cloudnative-pg#8486)

This patch addresses a regression introduced by cloudnative-pg#8320 that does not
affect any released version.

The regression made it impossible to perform backups using a plugin, as
the controller would incorrectly require and validate the `spec.backup`
field even when the backup method was set to plugin. With this change,
validating the `spec.backup` field is skipped when using plugin-based
backups, restoring the expected behavior for plugin users.

Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
@armru
fix(webhook): use correct API group in webhook errors (cloudnative-pg…
6eed116 
…#8485)

Fix the incorrect API group reported by the Pooler and Backup
admission webhook.

Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
@armru @mnencia @NiccoloFei
fix(persistentvolumeclaim): consider WAL-archiver plugins for replica…
6168604 
… recovery source (cloudnative-pg#8506)

Treat WAL archiving as active if either Backup.BarmanObjectStore is set
or a WAL-archiver plugin is enabled.

Closes cloudnative-pg#8507

Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
@renovate
fix(deps): update all non-major go dependencies (main) (cloudnative-p…
954854c 
…g#8512)

This PR contains the following updates:

https://github.com/goreleaser/goreleaser `v2.11.2` -> `v2.12.0`
https://github.com/spf13/cobra `v1.9.1` -> `v1.10.1`
@gbartolini
docs: integrate LFX Mentorship page with application info (cloudnativ…
1a4583d 
…e-pg#8545)

Closes cloudnative-pg#8544

Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
@gbartolini
docs: update LFX Mentorship Program with 2025 term 3 (cloudnative-pg#…
effb15d 
…8543)

Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 8, 2025
View reviewed changes
.github/workflows/continuous-delivery.yml
Comment on lines +1978 to +1981
name: Install operator-sdk
run: |
make operator-sdk
-

Check failure

Code scanning / CodeQL

Checkout of untrusted code in a privileged context Critical

Potential execution of untrusted code on a privileged workflow (
issue_comment
Loading
)
.github/workflows/continuous-delivery.yml
Comment on lines +1982 to +1985
name: Install preflight
run: |
make preflight
-

Check failure

Code scanning / CodeQL

Checkout of untrusted code in a privileged context Critical

Potential execution of untrusted code on a privileged workflow (
issue_comment
Loading
)
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 8, 2025
View reviewed changes
internal/cnpi/plugin/client/lifecycle.go
ctx context.Context,
operationType plugin.OperationVerb,
cluster client.Object,
object client.Object,

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by an access to PgadminPassword
Loading
flows to a logging call.
Sensitive data returned by an access to pgadminPassword
Loading
flows to a logging call.
Sensitive data returned by an access to PgadminPassword
Loading
flows to a logging call.
Sensitive data returned by an access to SecretKeyRef
Loading
flows to a logging call.
Sensitive data returned by an access to SecretKeyRef
Loading
flows to a logging call.
Sensitive data returned by an access to SecretKeyRef
Loading
flows to a logging call.
Sensitive data returned by an access to SecretKeyRef
Loading
flows to a logging call.
Sensitive data returned by an access to password
Loading
flows to a logging call.
Sensitive data returned by an access to password
Loading
flows to a logging call.
Sensitive data returned by an access to password
Loading
flows to a logging call.
Sensitive data returned by an access to SecretKeyRef
Loading
flows to a logging call.
Sensitive data returned by an access to SecretKeyRef
Loading
flows to a logging call.
Sensitive data returned by an access to Password
Loading
flows to a logging call.
Sensitive data returned by an access to Password
Loading
flows to a logging call.
internal/management/controller/roles/postgres.go
}

query := fmt.Sprintf("COMMENT ON ROLE %s IS %s",
pgx.Identifier{role.Name}.Sanitize(), pq.QuoteLiteral(role.Comment))
contextLog.Debug("Updating comment", "query", query)
_, err := sm.superUserDB.ExecContext(ctx, query)
_, err := db.ExecContext(ctx, query)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

Sensitive data returned by an access to ignorePassword
Loading
flows to a logging call.
Sensitive data returned by an access to password
Loading
flows to a logging call.
pkg/certs/tls.go
@@ -54,9 +57,18 @@
// for the <cluster>-rw service, which would cause a name verification error.
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCertificate)

Check failure

Code scanning / CodeQL

Disabled TLS certificate check High

InsecureSkipVerify should not be used in production code.
@richardgeico richardgeico merged commit effb15d into main Sep 9, 2025
2 of 3 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.