From 5504eca8c10d1d07aeb9b89d3c7f10c27049f0bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Fri, 12 Jul 2024 10:08:56 +0200 Subject: [PATCH] openshift: Properly filter unsupported grub config --- config/common/errors.go | 1 + config/openshift/v4_14/translate.go | 2 ++ config/openshift/v4_15/translate.go | 2 ++ config/openshift/v4_16/translate.go | 2 ++ internal/doc/butane.yaml | 37 ----------------------------- 5 files changed, 7 insertions(+), 37 deletions(-) diff --git a/config/common/errors.go b/config/common/errors.go index 922111ab..dd5bb4a4 100644 --- a/config/common/errors.go +++ b/config/common/errors.go @@ -80,6 +80,7 @@ var ( ErrUserFieldSupport = errors.New("fields other than \"name\", \"ssh_authorized_keys\", and \"password_hash\" (4.13.0+) are not supported in this spec version") ErrUserNameSupport = errors.New("users other than \"core\" are not supported in this spec version") ErrKernelArgumentSupport = errors.New("this section cannot be used for kernel arguments in this spec version; use openshift.kernel_arguments instead") + ErrGrubConfigSupport = errors.New("GRUB configuration is not supported in this version") // Storage ErrClevisSupport = errors.New("clevis is not supported in this spec version") diff --git a/config/openshift/v4_14/translate.go b/config/openshift/v4_14/translate.go index ae7e36f4..ebc4f3b0 100644 --- a/config/openshift/v4_14/translate.go +++ b/config/openshift/v4_14/translate.go @@ -100,6 +100,8 @@ var ( // link support in the MCO, consider what should happen if // the user specifies a storage.tree that includes symlinks. "spec.config.storage.links": common.ErrLinkSupport, + // FORBIDDEN + "spec.config.grub": common.ErrGrubConfigSupport, }) ) diff --git a/config/openshift/v4_15/translate.go b/config/openshift/v4_15/translate.go index f1cb3286..654a2f01 100644 --- a/config/openshift/v4_15/translate.go +++ b/config/openshift/v4_15/translate.go @@ -100,6 +100,8 @@ var ( // link support in the MCO, consider what should happen if // the user specifies a storage.tree that includes symlinks. "spec.config.storage.links": common.ErrLinkSupport, + // FORBIDDEN + "spec.config.grub": common.ErrGrubConfigSupport, }) ) diff --git a/config/openshift/v4_16/translate.go b/config/openshift/v4_16/translate.go index 11e28065..2dccae82 100644 --- a/config/openshift/v4_16/translate.go +++ b/config/openshift/v4_16/translate.go @@ -100,6 +100,8 @@ var ( // link support in the MCO, consider what should happen if // the user specifies a storage.tree that includes symlinks. "spec.config.storage.links": common.ErrLinkSupport, + // FORBIDDEN + "spec.config.grub.users.name": common.ErrGrubConfigSupport, }) ) diff --git a/internal/doc/butane.yaml b/internal/doc/butane.yaml index 8b37492d..9b2e67cd 100644 --- a/internal/doc/butane.yaml +++ b/internal/doc/butane.yaml @@ -349,43 +349,6 @@ root: children: - name: devices desc: the list of whole-disk devices (not partitions) to include in the disk array, referenced by their absolute path. At least two devices must be specified. - - name: grub - after: $ - desc: describes the desired GRUB bootloader configuration. - transforms: - - regex: ".*" - replacement: "Unsupported" - if: - - variant: openshift - max: 4.16.0 - children: - - name: users - desc: the list of GRUB superusers. - transforms: - - regex: ".*" - replacement: "Unsupported" - if: - - variant: openshift - max: 4.16.0 - children: - - name: name - desc: the user name. - transforms: - - regex: ".*" - replacement: "Unsupported" - if: - - variant: openshift - max: 4.16.0 - - name: password_hash - desc: the PBKDF2 password hash, generated with `grub2-mkpasswd-pbkdf2`. - # required by validation - required: true - transforms: - - regex: ".*" - replacement: "Unsupported" - if: - - variant: openshift - max: 4.16.0 - name: openshift after: $ desc: describes miscellaneous OpenShift configuration. Respected when rendering to a MachineConfig, ignored when rendering directly to an Ignition config.