diff --git a/go.mod b/go.mod index ba543c6b..a343b14a 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/clarketm/json v1.17.1 github.com/coreos/go-semver v0.3.1 github.com/coreos/go-systemd/v22 v22.5.0 - github.com/coreos/ignition/v2 v2.18.0 + github.com/coreos/ignition/v2 v2.19.0 github.com/coreos/vcontext v0.0.0-20230201181013-d72178a18687 github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace github.com/stretchr/testify v1.9.0 @@ -15,7 +15,7 @@ require ( ) require ( - github.com/aws/aws-sdk-go v1.50.25 // indirect + github.com/aws/aws-sdk-go v1.53.5 // indirect github.com/coreos/go-json v0.0.0-20230131223807-18775e0fb4fb // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/kr/pretty v0.3.1 // indirect diff --git a/go.sum b/go.sum index 666538ab..3412ab2b 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/aws/aws-sdk-go v1.50.25 h1:vhiHtLYybv1Nhx3Kv18BBC6L0aPJHaG9aeEsr92W99c= -github.com/aws/aws-sdk-go v1.50.25/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.53.5 h1:1OcVWMjGlwt7EU5OWmmEEXqaYfmX581EK317QJZXItM= +github.com/aws/aws-sdk-go v1.53.5/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/clarketm/json v1.17.1 h1:U1IxjqJkJ7bRK4L6dyphmoO840P6bdhPdbbLySourqI= github.com/clarketm/json v1.17.1/go.mod h1:ynr2LRfb0fQU34l07csRNBTcivjySLLiY1YzQqKVfdo= github.com/coreos/go-json v0.0.0-20230131223807-18775e0fb4fb h1:rmqyI19j3Z/74bIRhuC59RB442rXUazKNueVpfJPxg4= @@ -8,8 +8,8 @@ github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/coreos/ignition/v2 v2.18.0 h1:sPSGGsxaCuFMpKOMBQ71I9RIR20SIF4dWnoTomcPEYQ= -github.com/coreos/ignition/v2 v2.18.0/go.mod h1:TURPHDqWUWTmej8c+CEMBENMU3N/Lt6GfreHJuoDMbA= +github.com/coreos/ignition/v2 v2.19.0 h1:ek200E31M1NCVyvL22Bd40kOJp7yt1gdHAb3xwqTi8Y= +github.com/coreos/ignition/v2 v2.19.0/go.mod h1:ydb815SaH9A4304wIUoCS5IHyKRHWEp7dfJH8cQW2gA= github.com/coreos/vcontext v0.0.0-20230201181013-d72178a18687 h1:uSmlDgJGbUB0bwQBcZomBTottKwEDF5fF8UjSwKSzWM= github.com/coreos/vcontext v0.0.0-20230201181013-d72178a18687/go.mod h1:Salmysdw7DAVuobBW/LwsKKgpyCPHUhjyJoMJD+ZJiI= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= diff --git a/vendor/github.com/coreos/ignition/v2/config/doc/ignition.yaml b/vendor/github.com/coreos/ignition/v2/config/doc/ignition.yaml index a15b2097..6f39c255 100644 --- a/vendor/github.com/coreos/ignition/v2/config/doc/ignition.yaml +++ b/vendor/github.com/coreos/ignition/v2/config/doc/ignition.yaml @@ -380,6 +380,11 @@ root: required: true - name: needsNetwork desc: whether or not the device requires networking. + - name: cex + desc: describes the IBM Crypto Express (CEX) card configuration for the luks device. + children: + - name: enabled + desc: whether or not to use a CEX secure key to encrypt the luks device. - name: systemd desc: describes the desired state of the systemd units. children: diff --git a/vendor/github.com/coreos/ignition/v2/config/shared/errors/errors.go b/vendor/github.com/coreos/ignition/v2/config/shared/errors/errors.go index 8e2d24d5..13742ab0 100644 --- a/vendor/github.com/coreos/ignition/v2/config/shared/errors/errors.go +++ b/vendor/github.com/coreos/ignition/v2/config/shared/errors/errors.go @@ -85,6 +85,8 @@ var ( ErrInvalidProxy = errors.New("proxies must be http(s)") ErrInsecureProxy = errors.New("insecure plaintext HTTP proxy specified for HTTPS resources") ErrPathConflictsSystemd = errors.New("path conflicts with systemd unit or dropin") + ErrCexWithClevis = errors.New("cannot use cex with clevis") + ErrCexWithKeyFile = errors.New("cannot use key file with cex") // Systemd section errors ErrInvalidSystemdExt = errors.New("invalid systemd unit extension") diff --git a/vendor/github.com/coreos/ignition/v2/config/v3_5_experimental/types/cex.go b/vendor/github.com/coreos/ignition/v2/config/v3_5_experimental/types/cex.go new file mode 100644 index 00000000..b34f5f52 --- /dev/null +++ b/vendor/github.com/coreos/ignition/v2/config/v3_5_experimental/types/cex.go @@ -0,0 +1,33 @@ +// Copyright 2020 Red Hat, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package types + +import ( + "github.com/coreos/ignition/v2/config/util" + + "github.com/coreos/vcontext/path" + "github.com/coreos/vcontext/report" +) + +func (cm Cex) IsPresent() bool { + return util.IsTrue(cm.Enabled) +} + +func (cx Cex) Validate(c path.ContextPath) (r report.Report) { + if !util.IsTrue(cx.Enabled) { + return + } + return +} diff --git a/vendor/github.com/coreos/ignition/v2/config/v3_5_experimental/types/luks.go b/vendor/github.com/coreos/ignition/v2/config/v3_5_experimental/types/luks.go index 90d72387..e4c1d681 100644 --- a/vendor/github.com/coreos/ignition/v2/config/v3_5_experimental/types/luks.go +++ b/vendor/github.com/coreos/ignition/v2/config/v3_5_experimental/types/luks.go @@ -53,6 +53,17 @@ func (l Luks) Validate(c path.ContextPath) (r report.Report) { if err := validateURLNilOK(l.KeyFile.Source); err != nil { r.AddOnError(c.Append("keys"), errors.ErrInvalidLuksKeyFile) } + + // fail if Cex use with Clevis + if l.Clevis.IsPresent() && l.Cex.IsPresent() { + r.AddOnError(c.Append("cex"), errors.ErrCexWithClevis) + } + + // fail if key file is provided along with Cex + if l.Cex.IsPresent() && util.NotEmpty(l.KeyFile.Source) { + r.AddOnError(c.Append("cex"), errors.ErrCexWithKeyFile) + } + return } diff --git a/vendor/github.com/coreos/ignition/v2/config/v3_5_experimental/types/schema.go b/vendor/github.com/coreos/ignition/v2/config/v3_5_experimental/types/schema.go index 27fe5b5b..82957838 100644 --- a/vendor/github.com/coreos/ignition/v2/config/v3_5_experimental/types/schema.go +++ b/vendor/github.com/coreos/ignition/v2/config/v3_5_experimental/types/schema.go @@ -2,6 +2,10 @@ package types // generated by "schematyper --package=types config/v3_5_experimental/schema/ignition.json -o config/v3_5_experimental/types/schema.go --root-type=Config" -- DO NOT EDIT +type Cex struct { + Enabled *bool `json:"enabled,omitempty"` +} + type Clevis struct { Custom ClevisCustom `json:"custom,omitempty"` Tang []Tang `json:"tang,omitempty"` @@ -109,6 +113,7 @@ type LinkEmbedded1 struct { } type Luks struct { + Cex Cex `json:"cex,omitempty"` Clevis Clevis `json:"clevis,omitempty"` Device *string `json:"device,omitempty"` Discard *bool `json:"discard,omitempty"` diff --git a/vendor/modules.txt b/vendor/modules.txt index c7dd39e6..fe49a332 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,4 +1,4 @@ -# github.com/aws/aws-sdk-go v1.50.25 +# github.com/aws/aws-sdk-go v1.53.5 ## explicit; go 1.19 github.com/aws/aws-sdk-go/aws/arn # github.com/clarketm/json v1.17.1 @@ -13,7 +13,7 @@ github.com/coreos/go-semver/semver # github.com/coreos/go-systemd/v22 v22.5.0 ## explicit; go 1.12 github.com/coreos/go-systemd/v22/unit -# github.com/coreos/ignition/v2 v2.18.0 +# github.com/coreos/ignition/v2 v2.19.0 ## explicit; go 1.20 github.com/coreos/ignition/v2/config/doc github.com/coreos/ignition/v2/config/merge