Backport of arbitrary custom clevis pin in 3.5

alicefr · alicefr · commit 62280d7d2178 · 2025-12-16T16:06:54.000+01:00
In order to support new clevis pin, either they need to be added each
time in the hardcoded list of pins or ignition can allow any name for
the pin. This is required in order to enable the clevis trustee pin used
for confidential clusters.

The backport to 3.5 is necessary because the rust crate for ignition
only support up to 3.5 config version and cannot be used with
3.6-experimental.

Signed-off-by: Alice Frosi &lt;afrosi@redhat.com&gt;
diff --git a/config/v3_5/types/clevis.go b/config/v3_5/types/clevis.go
@@ -33,13 +33,7 @@ func (cu ClevisCustom) Validate(c path.ContextPath) (r report.Report) {
 	if util.NilOrEmpty(cu.Pin) && util.NilOrEmpty(cu.Config) && !util.IsTrue(cu.NeedsNetwork) {
 		return
 	}
-	if util.NotEmpty(cu.Pin) {
-		switch *cu.Pin {
-		case "tpm2", "tang", "sss":
-		default:
-			r.AddOnError(c.Append("pin"), errors.ErrUnknownClevisPin)
-		}
-	} else {
+	if util.NilOrEmpty(cu.Pin) {
 		r.AddOnError(c.Append("pin"), errors.ErrClevisPinRequired)
 	}
 	if util.NilOrEmpty(cu.Config) {
diff --git a/config/v3_5/types/clevis_test.go b/config/v3_5/types/clevis_test.go
@@ -56,7 +56,7 @@ func TestClevisCustomValidate(t *testing.T) {
 				Pin:    util.StrToPtr("z"),
 			},
 			at:  path.New("", "pin"),
-			out: errors.ErrUnknownClevisPin,
+			out: nil,
 		},
 		{
 			in: ClevisCustom{

Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ func TestClevisCustomValidate(t *testing.T) {`
`56`	`56`	`Pin: util.StrToPtr("z"),`
`57`	`57`	`},`
`58`	`58`	`at: path.New("", "pin"),`
`59`		`- out: errors.ErrUnknownClevisPin,`
	`59`	`+ out: nil,`
`60`	`60`	`},`
`61`	`61`	`{`
`62`	`62`	`in: ClevisCustom{`