siderolabs · talos-bot · Jan 22, 2025 · Jan 21, 2025 · Jan 21, 2025 · Jan 22, 2025
diff --git a/.conform.yaml b/.conform.yaml
@@ -13,7 +13,7 @@ policies:
         gitHubOrganization: siderolabs
     spellcheck:
       locale: US
-    maximumOfOneCommit: true
+    maximumOfOneCommit: false
     header:
       length: 89
       imperative: true
@@ -23,4 +23,4 @@ policies:
       required: true
     conventional:
       types: ["chore","docs","perf","refactor","style","test","release"]
-      scopes: [".*"]
+      scopes: [".*"]
diff --git a/go.mod b/go.mod
@@ -20,8 +20,8 @@ require (
 	github.com/siderolabs/go-blockdevice v0.4.8
 	github.com/siderolabs/image-factory v0.6.4
 	github.com/siderolabs/net v0.4.0
-	github.com/siderolabs/talos v1.9.0
-	github.com/siderolabs/talos/pkg/machinery v1.9.0
+	github.com/siderolabs/talos v1.9.2
+	github.com/siderolabs/talos/pkg/machinery v1.9.2
 	github.com/stretchr/testify v1.10.0
 	golang.org/x/mod v0.22.0
 	google.golang.org/grpc v1.69.0
@@ -174,13 +174,13 @@ require (
 	github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/siderolabs/go-blockdevice/v2 v2.0.7 // indirect
+	github.com/siderolabs/go-blockdevice/v2 v2.0.11 // indirect
 	github.com/siderolabs/go-circular v0.2.1 // indirect
 	github.com/siderolabs/go-kubernetes v0.2.17 // indirect
 	github.com/siderolabs/go-pointer v1.0.0 // indirect
 	github.com/siderolabs/go-procfs v0.1.2 // indirect
 	github.com/siderolabs/go-retry v0.3.3 // indirect
-	github.com/siderolabs/go-talos-support v0.1.1 // indirect
+	github.com/siderolabs/go-talos-support v0.1.2 // indirect
 	github.com/sigstore/cosign/v2 v2.4.1 // indirect
 	github.com/sigstore/protobuf-specs v0.3.2 // indirect
 	github.com/sigstore/rekor v1.3.6 // indirect

diff --git a/go.sum b/go.sum
@@ -213,8 +213,8 @@ github.com/cosi-project/runtime v0.7.6/go.mod h1:AmDu/IfE/Q0YYzWRnAkDw2GNuMazpNp
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h1:2Dx4IHfC1yHWI12AxQDJM1QbRCDfk6M+blLzlZCXdrc=
 github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw=
-github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8=
-github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM=
+github.com/cyphar/filepath-securejoin v0.3.5 h1:L81NHjquoQmcPgXcttUS9qTSR/+bXry6pbSINQGpjj4=
+github.com/cyphar/filepath-securejoin v0.3.5/go.mod h1:edhVd3c6OXKjUmSrVa/tGJRS9joFTxlslFCAyaxigkE=
 github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE=
 github.com/danieljoos/wincred v1.2.0/go.mod h1:FzQLLMKBFdvu+osBrnFODiv32YGwCfx0SkRa/eYHgec=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -655,8 +655,8 @@ github.com/siderolabs/go-api-signature v0.3.6 h1:wDIsXbpl7Oa/FXvxB6uz4VL9INA9fmr
 github.com/siderolabs/go-api-signature v0.3.6/go.mod h1:hoH13AfunHflxbXfh+NoploqV13ZTDfQ1mQJWNVSW9U=
 github.com/siderolabs/go-blockdevice v0.4.8 h1:KfdWvIx0Jft5YVuCsFIJFwjWEF1oqtzkgX9PeU9cX4c=
 github.com/siderolabs/go-blockdevice v0.4.8/go.mod h1:4PeOuk71pReJj1JQEXDE7kIIQJPVe8a+HZQa+qjxSEA=
-github.com/siderolabs/go-blockdevice/v2 v2.0.7 h1:OCxxA7W1xVqbEP3MrCttqhKpuV4t1KkBTzNeboYDTmc=
-github.com/siderolabs/go-blockdevice/v2 v2.0.7/go.mod h1:74htzCV913UzaLZ4H+NBXkwWlYnBJIq5m/379ZEcu8w=
+github.com/siderolabs/go-blockdevice/v2 v2.0.11 h1:r7mbbXMn8OZmJA2fJJdomjlZKexRi66ELVZGXJUaNU8=
+github.com/siderolabs/go-blockdevice/v2 v2.0.11/go.mod h1:74htzCV913UzaLZ4H+NBXkwWlYnBJIq5m/379ZEcu8w=
 github.com/siderolabs/go-circular v0.2.1 h1:a++iVCn9jyhICX3POQZZX8n72p2h5JGdGU6w1ulmpcA=
 github.com/siderolabs/go-circular v0.2.1/go.mod h1:ZDItzVyXK+B/XuqTBV5MtQtSv06VI+oCmWGRnNCATo8=
 github.com/siderolabs/go-kubernetes v0.2.17 h1:xxwDtoPQx032Ot6zAhDyOssfMazZG57gjzDGkpaVJuE=
@@ -667,18 +667,18 @@ github.com/siderolabs/go-procfs v0.1.2 h1:bDs9hHyYGE2HO1frpmUsD60yg80VIEDrx31fkb
 github.com/siderolabs/go-procfs v0.1.2/go.mod h1:dBzQXobsM7+TWRRI3DS9X7vAuj8Nkfgu3Z/U9iY3ZTY=
 github.com/siderolabs/go-retry v0.3.3 h1:zKV+S1vumtO72E6sYsLlmIdV/G/GcYSBLiEx/c9oCEg=
 github.com/siderolabs/go-retry v0.3.3/go.mod h1:Ff/VGc7v7un4uQg3DybgrmOWHEmJ8BzZds/XNn/BqMI=
-github.com/siderolabs/go-talos-support v0.1.1 h1:g51J0WQssQAycU/0cDliC2l4uX2H02yUs2+fa5pCvHg=
-github.com/siderolabs/go-talos-support v0.1.1/go.mod h1:o4woiYS+2J3djCQgyHZRVZQm8XpazQr+XPcTXAZvamo=
+github.com/siderolabs/go-talos-support v0.1.2 h1:xKFwT8emzxpmamIe3W35QlmadC54OaPNO9/Y+fL7WwM=
+github.com/siderolabs/go-talos-support v0.1.2/go.mod h1:o9zRfWJQhW5j3PQxs7v0jmG4igD4peDatqbAGQFe4oo=
 github.com/siderolabs/image-factory v0.6.4 h1:BMirVs99OODjjzjfMyGblvF/OrXqOwAACfp++ipfriM=
 github.com/siderolabs/image-factory v0.6.4/go.mod h1:KY9UkMRqzC+dVVy3z8sWpN/Jg6Ce+I8cVJb97SR32SI=
 github.com/siderolabs/net v0.4.0 h1:1bOgVay/ijPkJz4qct98nHsiB/ysLQU0KLoBC4qLm7I=
 github.com/siderolabs/net v0.4.0/go.mod h1:/ibG+Hm9HU27agp5r9Q3eZicEfjquzNzQNux5uEk0kM=
 github.com/siderolabs/protoenc v0.2.1 h1:BqxEmeWQeMpNP3R6WrPqDatX8sM/r4t97OP8mFmg6GA=
 github.com/siderolabs/protoenc v0.2.1/go.mod h1:StTHxjet1g11GpNAWiATgc8K0HMKiFSEVVFOa/H0otc=
-github.com/siderolabs/talos v1.9.0 h1:hfQA/YKgT7zUvEsHfxNaOmWtl3kaXfogdjLdUQyEkTE=
-github.com/siderolabs/talos v1.9.0/go.mod h1:tfpH28CTBURTF68lf97xUEFZt/p4TKzCMzhd7JgU054=
-github.com/siderolabs/talos/pkg/machinery v1.9.0 h1:9WWhu6yOlnbGousV6E8StwSntI3+JJf0debXEJZCAkg=
-github.com/siderolabs/talos/pkg/machinery v1.9.0/go.mod h1:0EnV+wg+qr86sR+riUgutxaOZqWFSnrC/mx52TpNyIQ=
+github.com/siderolabs/talos v1.9.2 h1:TT3MAoeh6v/pcAXkiu5Dd7XLutz2NH34DxLqCGvX0ek=
+github.com/siderolabs/talos v1.9.2/go.mod h1:oCHfobIOBITDvOFavqI6CcFalVk4Pa/dXmHed+MYKP8=
+github.com/siderolabs/talos/pkg/machinery v1.9.2 h1:Y1MuXHUHOHikxF7IG76HniOo8tJvC8JoBlDfZ8URjpM=
+github.com/siderolabs/talos/pkg/machinery v1.9.2/go.mod h1:AESzrVUMVMbrGiVdCQ5af7qYtL4ykCyee7dAgOTia3s=
 github.com/sigstore/cosign/v2 v2.4.1 h1:b8UXEfJFks3hmTwyxrRNrn6racpmccUycBHxDMkEPvU=
 github.com/sigstore/cosign/v2 v2.4.1/go.mod h1:GvzjBeUKigI+XYnsoVQDmMAsMMc6engxztRSuxE+x9I=
 github.com/sigstore/fulcio v1.6.3 h1:Mvm/bP6ELHgazqZehL8TANS1maAkRoM23CRAdkM4xQI=

diff --git a/pkg/talos/talos_image_factory_versions_data_source_test.go b/pkg/talos/talos_image_factory_versions_data_source_test.go
@@ -26,7 +26,7 @@ func TestAccTalosImageFactoryVersionsDataSource(t *testing.T) {
 			{
 				Config: testAccTalosImageFactoryVersionsDataSourceWithFilterConfig(),
 				ConfigStateChecks: []statecheck.StateCheck{
-					statecheck.ExpectKnownOutputValue("talos_version", knownvalue.StringExact("v1.9.0")),
+					statecheck.ExpectKnownOutputValue("talos_version", knownvalue.StringExact("v1.9.2")),
 				},
 			},
 		},

diff --git a/pkg/talos/talos_machine_configuration_data_source.go b/pkg/talos/talos_machine_configuration_data_source.go
@@ -6,7 +6,6 @@ package talos
 
 import (
 	"context"
-	"strings"
 	"time"
 
 	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
@@ -16,8 +15,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/hashicorp/terraform-plugin-framework/types/basetypes"
 	"github.com/siderolabs/crypto/x509"
-	machineapi "github.com/siderolabs/talos/pkg/machinery/api/machine"
-	"github.com/siderolabs/talos/pkg/machinery/compatibility"
 	"github.com/siderolabs/talos/pkg/machinery/config/configpatcher"
 	"github.com/siderolabs/talos/pkg/machinery/config/generate/secrets"
 	"github.com/siderolabs/talos/pkg/machinery/config/machine"
@@ -333,47 +330,6 @@ func (d *talosMachineConfigurationDataSource) ValidateConfig(ctx context.Context
 
 		return
 	}
-
-	if !state.KubernetesVersion.IsUnknown() && !state.KubernetesVersion.IsNull() && !state.TalosVersion.IsUnknown() {
-		k8sVersionCompatibility, err := compatibility.ParseKubernetesVersion(strings.TrimPrefix(state.KubernetesVersion.ValueString(), "v"))
-		if err != nil {
-			resp.Diagnostics.AddError(
-				"kubernetes_version is invalid",
-				err.Error(),
-			)
-
-			return
-		}
-
-		talosVersionInfo := &machineapi.VersionInfo{}
-
-		if state.TalosVersion.IsNull() {
-			talosVersionInfo.Tag = gendata.VersionTag
-		}
-
-		if !state.TalosVersion.IsNull() {
-			talosVersionInfo.Tag = state.TalosVersion.ValueString()
-		}
-
-		talosVersionCompatibility, err := compatibility.ParseTalosVersion(talosVersionInfo)
-		if err != nil {
-			resp.Diagnostics.AddError(
-				"talos_version is invalid",
-				err.Error(),
-			)
-
-			return
-		}
-
-		if err := k8sVersionCompatibility.SupportedWith(talosVersionCompatibility); err != nil {
-			resp.Diagnostics.AddError(
-				"talos_version is not compatible with kubernetes_version",
-				err.Error(),
-			)
-
-			return
-		}
-	}
 }
 
 func certSchemaInput() schema.SingleNestedAttribute {

diff --git a/pkg/talos/talos_machine_configuration_data_source_test.go b/pkg/talos/talos_machine_configuration_data_source_test.go
@@ -191,26 +191,12 @@ func TestAccTalosMachineConfigurationDataSource(t *testing.T) {
 				Config:      testAccTalosMachineConfigurationDataSourceConfig("", "example-cluster-6", "control", "https://cluster.local", "", false, false, true, true),
 				ExpectError: regexp.MustCompile("Attribute machine_type value must be one of:"),
 			},
-			// test validating kubernetes compatibility with the default talos version
-			{
-				Config:      testAccTalosMachineConfigurationDataSourceConfig("", "example-cluster-7", "controlplane", "https://cluster.local", "v1.23.0", false, false, true, true),
-				ExpectError: regexp.MustCompile(fmt.Sprintf("version of Kubernetes 1.23.0 is too old to be used with Talos %s", strings.TrimPrefix(gendata.VersionTag, "v"))),
-			},
-			// test validating kubernetes compatibility with a specific talos version
-			{
-				Config:      testAccTalosMachineConfigurationDataSourceConfig("v1.3", "example-cluster-8", "controlplane", "https://cluster.local", "v1.23.0", false, false, true, true),
-				ExpectError: regexp.MustCompile("version of Kubernetes 1.23.0 is too old to be used with Talos 1.3.0"),
-			},
 			// test validating config patches at plan time
 			{
 				PlanOnly:    true,
 				Config:      testAccTalosMachineConfigurationDataSourceConfig("v1.3", "example-cluster-8", "controlplane", "https://cluster.local", "v1.23.0", true, true, true, true),
 				ExpectError: regexp.MustCompile("unknown keys found during decoding:"),
 			},
-			{ // this is just added so that the plan only test above doesn't fail
-				PlanOnly: true,
-				Config:   testAccTalosMachineConfigurationDataSourceConfig("v1.3", "example-cluster-8", "controlplane", "https://cluster.local", "", false, false, true, true),
-			},
 		},
 	})
 }

diff --git a/pkg/talos/util.go b/pkg/talos/util.go
@@ -154,10 +154,6 @@ func secretsBundleTomachineSecrets(secretsBundle *secrets.Bundle) (talosMachineS
 					Cert: types.StringValue(bytesToBase64(secretsBundle.Certs.K8s.Crt)),
 					Key:  types.StringValue(bytesToBase64(secretsBundle.Certs.K8s.Key)),
 				},
-				K8sAggregator: machineSecretsCertKeyPair{
-					Cert: types.StringValue(bytesToBase64(secretsBundle.Certs.K8sAggregator.Crt)),
-					Key:  types.StringValue(bytesToBase64(secretsBundle.Certs.K8sAggregator.Key)),
-				},
 				K8sServiceAccount: machineSecretsCertsK8sServiceAccount{
 					Key: types.StringValue(bytesToBase64(secretsBundle.Certs.K8sServiceAccount.Key)),
 				},
@@ -169,6 +165,11 @@ func secretsBundleTomachineSecrets(secretsBundle *secrets.Bundle) (talosMachineS
 		},
 	}
 
+	if secretsBundle.Certs.K8sAggregator.Crt != nil {
+		model.MachineSecrets.Certs.K8sAggregator.Cert = types.StringValue(bytesToBase64(secretsBundle.Certs.K8sAggregator.Crt))
+		model.MachineSecrets.Certs.K8sAggregator.Key = types.StringValue(bytesToBase64(secretsBundle.Certs.K8sAggregator.Key))
+	}
+
 	// support for talos < 1.3
 	if secretsBundle.Secrets.AESCBCEncryptionSecret != "" {
 		model.MachineSecrets.Secrets.AESCBCEncryptionSecret = types.StringValue(secretsBundle.Secrets.AESCBCEncryptionSecret)