* Bump libraries to incorporate CVE fixes
Bump golang.org/x/net to cover CVE-2025-22870 and fix bsc#1238700.
Bump golang.org/x/crypto to cover CVE-2025-22869 and fix bsc#1239335.
In addition and as a requirement of the new x/crypto library go is bumped to 1.23
Signed-off-by: David Cassany <dcassany@suse.com>
* Dockerfile: bump golang container to 1.24 (#912)
Required since vendored x/crypto lib requires go ver >= 1.23
Related to #dd41431b0b2792f0fca005adf3abc3cf471877c4
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* CVE-2025-22872
Bump golang.org/x/net
https://github.com/advisories/GHSA-vvgc-356p-c3xw
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* go mod vendor
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
---------
Signed-off-by: David Cassany <dcassany@suse.com>
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
Co-authored-by: David Cassany <dcassany@suse.com>
* Build e2e chart locally
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Add mockgen to build tools
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Add missing GINKGO tool
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Reduce e2e tests concurrency
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Make test more verbose
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Bump system-upgrade-controller version
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Raise timeout
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Print error
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Add plan crd
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Adjust timeout
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Do not deploy operator twice
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Restore vendored helper
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Do not attempt to delete pods multiple times
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Remove debug println
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Disable e2e workflow
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Update ele-testhelpers library
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
---------
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Update system-upgrade-controller API
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Update Fleet API
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* Sanitize dependencies
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
---------
Signed-off-by: Andrea Mazzotti <andrea.mazzotti@suse.com>
* feat: Add Type field to SeedImageSpec
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* feat: Add raw disk build generation to SeedImage
If SeedImageSpec.Type is set to 'raw' we now try to run elemental
build-disk to generate the disk image.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Add elemental-toolkit to seedimage-builder
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* feat: Update yip to v1.4.5
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* feat: Reset yaml
Add yip cloud-config for raw disk-image that will extract the
elemental-register configuration to /oem/registration/config.yaml and
Start the elemental-register-install.service in the post-reset hook.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* feat: Use new toolkit param deploy-command
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
---------
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Bump golang.org/x/net from 0.8.0 to 0.17.0
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Debug wait-commit-status
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Update google.golang.org/grpc to v1.53.0
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
---------
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
- Added full registration config and statefile path parameters on elemental-register
- Remove support for multiple configuration files
- Added (hardcoded) timer to skip registration updates for 24 hours
- Store emulated TPM seed for future registration updates
- Exit with error code in case of failures (systemd will manage restarts)
- Use virtual filesystem where possible
* Add client registration config utility
* Use a config-map for the seed-image pod
* Allow ConfigMaps manipulation in SeedImage RBAC
* Drop configmap-uid annotation
* go mod tidy
* Adapt tests
* Add createConfigMapObject tests
Signed-off-by: David Cassany <dcassany@suse.com>
* Add new package to Dockerfile
* Update dependencies
* Add unit test helpers
* Add new machine registration controller
* Remove old machine registration controller
* Add rbac tag for secrets
* Fix container argument in chart
* Add labels to all created resources
* Add e2e test config
* Switch to using test config
* Update vendor
* Fix lint issues
* Change rancher namespace variable name
* Put do nothing test back
get the latest and gratest:
d273b29 tpm: add single step functions to perform attestation
baef878 Merge pull request #3 from fgiudici/status_in_dial_error
30058b5 Include more info in the error msg on Dial() error
a02dabe Merge pull request #4 from fgiudici/lint_add_comment
eab8ac2 Make the linter happy (add a comment)
89d72d3 Add EmulatedHostSeed option
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
The module will be soon used to dump some more debugging data
go get -d github.com/sanity-io/litter
Signed-off-by: Francesco Giudici <francesco.giudici@suse.com>
* Generate v3.Setting code
Signed-off-by: Itxaka <igarcia@suse.com>
* Use the rancher cacerts for the registration
Also drops the cacert passing via chart, adds proper permissions to the
settings resource, adds the cache index and checks that indeed we are
returning a cacert on the registration url
Signed-off-by: Itxaka <igarcia@suse.com>
* fix lint
Signed-off-by: Itxaka <igarcia@suse.com>
* Drop manual rancherl-url and get the rancher url automatically
Drop any manual setup of rancher-url and use the settings to get the set
rancher-url
Signed-off-by: Itxaka <igarcia@suse.com>
* Small fix for getRancherCACert
Signed-off-by: Itxaka <igarcia@suse.com>
* Fix test setting the wrong url
Signed-off-by: Itxaka <igarcia@suse.com>
There seems to have some confusion between the namespace of the operator
to run on and the namespaces we want the operator to watch
This restores the sync_namespaces so the operator can watch all
namespaces and sets teh namespace option to be where the operator is
runnig, needed for things like the registration url to be properly
served
Signed-off-by: Itxaka <igarcia@suse.com>
Remove all the mentions to rancheros-operator in tests, imports and
dependencies.
Restore e2e scripts and test targets on makefile
Fix all lint issues
Signed-off-by: Itxaka <igarcia@suse.com>
* Move main into a cmd/operator package
* Add elemental-installer
* Adding installer unit tests
* Update Makefile
* Update .github/workflows/unit-tests.yaml
* Adapat Dockerfile and golreleaser to keep releasing and building elemental-operator as they used to
Signed-off-by: David Cassany <dcassany@suse.com>
Co-authored-by: Itxaka <igarcia@suse.com>
Francesco Giudici