Update the code from aws-sdk-go to aws-sdk-go-v2, aws-sdk-go is out-of-support
since July 2025. I've tried to preserve the existing behavior as best I could:
- if we're running on EC2 we use ec2rolecreds first, with a fallback to anonymous
credentials
- use anonymous credentials when outside EC2
- use IMDS for region hints
One subtle change appears to be that the S3 code does not tolerate leading
slashes in key names any more, so we need to strip it out explicitly.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
The linter found staticcheck and errorcheck issues. Deferred statements now use join to combine any new error with an existing one, preventing error information from being lost. Other minor error checks, like for printing text and flushing data have also been addressed.
Since a bug preventing special mode bits from being applied properly
has been fixed. Move masking of the bits for configs that are in use
which have special mode bits do not suddenly function different.
Extend the `luks` schema to support a new `cex` key. When enabled, the
volume key of the LUKS device uses a secure key generated using a CEX
card. The keyfile to unlock the volume is not considered confidential.
Closes: #1693
Co-authored-by: Jonathan Lebon <jonathan@jlebon.com>
Allow the Generate() caller to specify a callback that receives a slice
of path components and returns true if the subtree should be ignored.
This is an API change but not a breaking one, since config/doc hasn't
shipped in a release.
Most fields are either required or not, but Butane has a case where a
field is required only on some specs. Add "required-if" attribute to
allow expressing this.
Convert the transform min/max version into a list of constraints, where
each constraint has a variant and possibly a min/max version. The
variant for the Ignition spec version is "ignition", but callers can
supply a map of arbitrary variant/version pairs. If any constraints
exist, one of them must match a variant/version in the map.
Provide version substitutions %<variant>_version% for every variant.
semver.NewVersion() returns a pointer, which helps distinguish between
a nil return (with error) and a real struct. Once we have the pointer,
though, dereference it rather than continuing to pass it around.
Butane needs this to allow base specs to add sugar fields to Ignition
structs.
The "after" field specifies the existing field that should precede the
new one, or "^" to add the new field at the beginning of the struct, or
"$" to add it at the end.
Butane needs a way to merge two Components objects together, with child
fields overriding the parent. Implement this here to keep the API
together. The merge happens component-by-component, without merging
components together into a unified tree.
Allow the caller to retrieve parsed Components and generate the output doc
by calling .Generate() on it. This will allow Butane to perform
additional processing on the docs tree.
As a convenience to Butane, also export the Components parsing code.
When the package was internal, they were public to signal that they were
meant to be used outside their source file, though still within the same
package. Now that the package has to care about an external stable API,
make the methods private.
Expand schema for 3_4_exp with an advertisement field to allow for
Ignition to support Tang offline provisioning by passing the supplied
advertisement field during first boot's device bind. Fixes #1474
There are other options that can be stored in the LUKS header with
--persistent, including notably --perf-no_read_workqueue and
--perf-no_write_workqueue, which can improve performance. We usually
provide options arrays to support advanced features, so add one here.
Since this is an escape hatch feature, we don't try to implement full
option matching in the volume reuse semantics; we just update any reused
volume to use the currently specified open options.
Discard improves performance and longevity on SSDs and space utilization
on thinly-provisioned SAN devices, but also leaks information. It's an
open-time option, not a create-time one, so it can't be enabled via the
options field. Add a spec field to enable it.
For https://github.com/coreos/fedora-coreos-tracker/issues/1392.
Fixes #1397, a common configuration error is to create a filesystem over
a whole-disk device rather than a partition. Add a warning for a
filesystem device matching the disk device.
Additionally, another configuration error was identified for a way to
recreate the filesystem on every provision, while the configuration to
do so is valid, it might be done unitionally. Add a warning when
wipeTable is true but wipeFilesystem is false.
We've decided to support the special mode bits for specs >= 3.4.0,
so if the user provides special mode bits in their Ignition config
with the version < 3.4.0, then we need to mask those details out
while copying the file/dir mode during translation.
Support S3 access point URLs in ARN format as a source.
This allows valid, opaque S3 URLs such as
`s3:arn:aws:s3:us-west-2:123456789012:accesspoint/test/object`
Being able to use this format will allow S3 URLs on different
partitions and lays the foundation to potentially support
multi-region access points in the future.
Fixes https://github.com/coreos/ignition/issues/1091
Signed-off-by: Zeleena Kearney <zeleenak@lyft.com>
