cleanup: breakup the pkg/credentials into writer and matcher + ensure non corev1 usage in entrypoint for FIPs compliance #8542
Conversation
|
Skipping CI for Draft Pull Request. |
tekton-robot
added
kind/cleanup
tekton-robot
added
release-note
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
|
/retest |
1 similar comment
|
/retest |
|
The following is the coverage report on the affected files.
|
waveywaves
force-pushed
the
cleanup/entrypoint-credentials-fips
branch
3 times, most recently
from
0e86d08 to
ecfd3a3
Compare
|
The following is the coverage report on the affected files.
|
|
@vdemeester @jkhelil PTAL 🙏 |
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
waveywaves
force-pushed
the
cleanup/entrypoint-credentials-fips
branch
from
ecfd3a3 to
03eec53
Compare
|
The following is the coverage report on the affected files.
|
|
The following is the coverage report on the affected files.
|
waveywaves
force-pushed
the
cleanup/entrypoint-credentials-fips
branch
from
8a76dbd to
4ccc489
Compare
|
The following is the coverage report on the affected files.
|
tekton-robot
added
the
approved
vdemeester
removed
the
do-not-merge/work-in-progress
|
/approve |
tekton-robot
added
the
needs-rebase
waveywaves
force-pushed
the
cleanup/entrypoint-credentials-fips
branch
from
4ccc489 to
b9d05a7
Compare
tekton-robot
removed
the
needs-rebase
|
The following is the coverage report on the affected files.
|
|
/retest |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jkhelil, vdemeester The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
waveywaves
force-pushed
the
cleanup/entrypoint-credentials-fips
branch
from
b9d05a7 to
ccf64eb
Compare
waveywaves
changed the title
|
The following is the coverage report on the affected files.
|
The credentials package contains the a matcher and a writer which out of which only the writer is used in cmd/entrypoint. In an effort to isolate usage and not indirectly import the corev1 api which the matcher uses for MatchingAnnotations, we are breaking up the credentials builder interface into two builders for writer and matcher. This ensures that the entrypoint only uses the writer and not the matcher, and we are only using either the writer or the matcher functionality as necessary and not importing unnecessary deps. cleanup: use better names for the credentials interfaces cleanup: use CredsDir from entrypoint pkg instead of pipeline cleanup: remove corev1 usage from credentials package cleanup: add goling gosec exception for Secret type constants
waveywaves
force-pushed
the
cleanup/entrypoint-credentials-fips
branch
from
ccf64eb to
d5d7992
Compare
tekton-robot
added
size/XL
|
The following is the coverage report on the affected files.
|
|
@afrittoli thank you for catching the lack of tests and going through the problem statement 😄 appreciate it 🙂 |
Changes
The credentials package contains the a matcher and a writer which out of which only the writer is used in cmd/entrypoint. In an effort to isolate usage and not indirectly import the corev1 api which the matcher uses for MatchingAnnotations, we are breaking up the credentials builder interface into two builders for writer and matcher.
This ensures that the entrypoint only uses the writer and not the matcher, and we are only using either the writer or the matcher functionality as necessary and not importing unnecessary deps.
Submitter Checklist
As the author of this PR, please check off the items in this checklist:
/kind <type>. Valid types are bug, cleanup, design, documentation, feature, flake, misc, question, tep/kind cleanup
Release Notes