Skip to content

Commit 62280d7

Browse files
committed
Backport of arbitrary custom clevis pin in 3.5
In order to support new clevis pin, either they need to be added each time in the hardcoded list of pins or ignition can allow any name for the pin. This is required in order to enable the clevis trustee pin used for confidential clusters. The backport to 3.5 is necessary because the rust crate for ignition only support up to 3.5 config version and cannot be used with 3.6-experimental. Signed-off-by: Alice Frosi <afrosi@redhat.com>
1 parent 43d1989 commit 62280d7

File tree

2 files changed

+2
-8
lines changed

2 files changed

+2
-8
lines changed

config/v3_5/types/clevis.go

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -33,13 +33,7 @@ func (cu ClevisCustom) Validate(c path.ContextPath) (r report.Report) {
3333
if util.NilOrEmpty(cu.Pin) && util.NilOrEmpty(cu.Config) && !util.IsTrue(cu.NeedsNetwork) {
3434
return
3535
}
36-
if util.NotEmpty(cu.Pin) {
37-
switch *cu.Pin {
38-
case "tpm2", "tang", "sss":
39-
default:
40-
r.AddOnError(c.Append("pin"), errors.ErrUnknownClevisPin)
41-
}
42-
} else {
36+
if util.NilOrEmpty(cu.Pin) {
4337
r.AddOnError(c.Append("pin"), errors.ErrClevisPinRequired)
4438
}
4539
if util.NilOrEmpty(cu.Config) {

config/v3_5/types/clevis_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ func TestClevisCustomValidate(t *testing.T) {
5656
Pin: util.StrToPtr("z"),
5757
},
5858
at: path.New("", "pin"),
59-
out: errors.ErrUnknownClevisPin,
59+
out: nil,
6060
},
6161
{
6262
in: ClevisCustom{

0 commit comments

Comments
 (0)