open-edge-platform · jkossak · Nov 5, 2025 · Oct 29, 2025 · Oct 29, 2025 · Oct 30, 2025
@@ -1 +1 @@
-1.38.12-dev
+1.38.12
@@ -8,7 +8,7 @@ go 1.24.6
 require (
 	github.com/envoyproxy/protoc-gen-validate v1.2.1
 	github.com/google/uuid v1.6.0
-	github.com/open-edge-platform/infra-core/inventory/v2 v2.31.3
+	github.com/open-edge-platform/infra-core/inventory/v2 v2.32.0
 	github.com/open-edge-platform/infra-onboarding/dkam v1.32.6
 	github.com/open-edge-platform/orch-library/go v0.6.1
 	github.com/pkg/errors v0.9.1

@@ -293,8 +293,8 @@ github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg
 github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
 github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw=
 github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
-github.com/open-edge-platform/infra-core/inventory/v2 v2.31.3 h1:O9+rM7RkNtOC7VW22jgn7IEymAjc451aezO6PEcEXM8=
-github.com/open-edge-platform/infra-core/inventory/v2 v2.31.3/go.mod h1:7bHaRxSL+e5XFt2cGCFS3DuI405Nz2u6q0vlMv6/twY=
+github.com/open-edge-platform/infra-core/inventory/v2 v2.32.0 h1:u5hVoEpTiD5JL4jTYA1DJ5iXM4t4WULd8Rwn7mfPqSQ=
+github.com/open-edge-platform/infra-core/inventory/v2 v2.32.0/go.mod h1:7bHaRxSL+e5XFt2cGCFS3DuI405Nz2u6q0vlMv6/twY=
 github.com/open-edge-platform/infra-onboarding/dkam v1.32.6 h1:ZH5twyB9ZtoSaL1Q/z1wLKhPJsprjtJYvxdOslRuIHs=
 github.com/open-edge-platform/infra-onboarding/dkam v1.32.6/go.mod h1:ECt5d/ZAIOlLRiS/Psm+orYL31/YCeLV5V4rqRnPjRk=
 github.com/open-edge-platform/orch-library/go v0.6.1 h1:IGR2ic73f3obnhlxTRfHcyYMbPbYu7BSqa9UYyEZ78Q=

@@ -239,7 +239,6 @@ func (ir *InstanceReconciler) updateInstanceStatuses(
 		newInstance.GetInstanceStatusDetail(),
 		inv_status.New(newInstance.GetProvisioningStatus(), newInstance.GetProvisioningStatusIndicator()),
 		inv_status.New(newInstance.GetUpdateStatus(), newInstance.GetUpdateStatusIndicator()),
-		newInstance.GetUpdateStatusDetail(),
 		inv_status.New(newInstance.GetTrustedAttestationStatus(), newInstance.GetTrustedAttestationStatusIndicator()),
 	); err != nil {
 		zlogInst.InfraSec().InfraErr(err).Msgf("Failed to update instance status")
@@ -274,14 +273,14 @@ func (ir *InstanceReconciler) updateHostInstanceStatusAndCurrentState(
 		newInstance.GetResourceId(), newInstance.GetCurrentState(),
 		newInstance.GetProvisioningStatus())
 
-	if !util.IsSameInstanceStatusAndState(oldInstance, newInstance) || oldInstance.CurrentOs != newInstance.CurrentOs {
+	if !util.IsSameInstanceStatusAndState(oldInstance, newInstance) || oldInstance.Os != newInstance.Os {
 		if err := ir.invClient.UpdateInstance(
 			ctx,
 			newInstance.GetTenantId(),
 			newInstance.GetResourceId(),
 			newInstance.GetCurrentState(),
 			inv_status.New(newInstance.GetProvisioningStatus(), newInstance.GetProvisioningStatusIndicator()),
-			newInstance.GetCurrentOs(),
+			newInstance.GetOs(),
 		); err != nil {
 			zlogInst.InfraSec().InfraErr(err).Msgf("Failed to update instance status")
 		}
@@ -356,37 +355,37 @@ func convertInstanceToDeviceInfo(instance *computev1.InstanceResource,
 ) (onboarding_types.DeviceInfo, error) {
 	host := instance.GetHost() // eager-loaded
 
-	if instance.GetDesiredOs() == nil {
+	if instance.GetOs() == nil {
 		// this should not happen but just in case
 		return onboarding_types.DeviceInfo{}, inv_errors.Errorfc(codes.InvalidArgument,
 			"Instance %s doesn't have any OS associated", instance.GetResourceId())
 	}
 
-	desiredOs := instance.GetDesiredOs()
+	os := instance.GetOs()
 
 	zlogInst.Debug().Msgf("Converting Instance %s to device info. OS resource: %s",
-		instance.GetResourceId(), desiredOs)
+		instance.GetResourceId(), os)
 
 	localHostIP := "127.0.0.1"
 	var osLocationURL string
 	// OS and Installer location returned to EN points to a local server that proxies requests to Provisioning Nginx
-	switch desiredOs.GetOsType() {
+	switch os.GetOsType() {
 	case osv1.OsType_OS_TYPE_MUTABLE:
-		zlogInst.Debug().Msgf("Pulling %s image from %s", desiredOs.GetProfileName(), desiredOs.GetImageUrl())
-		osLocationURL = desiredOs.GetImageUrl()
+		zlogInst.Debug().Msgf("Pulling %s image from %s", os.GetProfileName(), os.GetImageUrl())
+		osLocationURL = os.GetImageUrl()
 	case osv1.OsType_OS_TYPE_IMMUTABLE:
-		osLocationURL = desiredOs.GetImageUrl()
+		osLocationURL = os.GetImageUrl()
 		_, err := url.ParseRequestURI(osLocationURL)
 		if err != nil {
 			// Microvisor can be pulled drirectly from Release Server or CDN Server
-			zlogInst.Debug().Msgf("Pulling %s image from CDN/RS Servers", desiredOs.GetProfileName())
+			zlogInst.Debug().Msgf("Pulling %s image from CDN/RS Servers", os.GetProfileName())
 			osLocationURL = fmt.Sprintf("http://%s/%s", localHostIP, osLocationURL)
 		} else {
-			zlogInst.Debug().Msgf("Pulling %s image from %s", desiredOs.GetProfileName(), osLocationURL)
+			zlogInst.Debug().Msgf("Pulling %s image from %s", os.GetProfileName(), osLocationURL)
 		}
 	default:
 		invErr := inv_errors.Errorf("Unsupported OS type %v, may result in wrong installation artifacts path",
-			desiredOs.GetOsType())
+			os.GetOsType())
 		zlogInst.InfraSec().Error().Err(invErr).Msg("")
 		return onboarding_types.DeviceInfo{}, invErr
 	}
@@ -409,30 +408,30 @@ func convertInstanceToDeviceInfo(instance *computev1.InstanceResource,
 		Hostname:         host.GetResourceId(), // we use resource ID as hostname to uniquely identify a host
 		SecurityFeature:  instance.GetSecurityFeature(),
 		OSImageURL:       osLocationURL,
-		OsImageSHA256:    desiredOs.GetSha256(),
+		OsImageSHA256:    os.GetSha256(),
 		TinkerVersion:    tinkerVersion,
-		OsType:           desiredOs.GetOsType(),
-		OSResourceID:     desiredOs.GetResourceId(),
-		PlatformBundle:   desiredOs.GetPlatformBundle(),
+		OsType:           os.GetOsType(),
+		OSResourceID:     os.GetResourceId(),
+		PlatformBundle:   os.GetPlatformBundle(),
 		IsStandaloneNode: isStandalone,
 	}
 
 	zlogInst.Debug().Msgf("DeviceInfo generated from OS resource (%s): %+v",
-		instance.GetDesiredOs().GetResourceId(), deviceInfo)
+		instance.GetOs().GetResourceId(), deviceInfo)
 
 	return deviceInfo, nil
 }
 
 func (ir *InstanceReconciler) tryProvisionInstance(ctx context.Context, instance *computev1.InstanceResource) error {
-	if instance.GetDesiredOs() == nil {
-		zlogInst.Warn().Msgf("No desired OS specified for instance %s, skipping provisioning.",
+	if instance.GetOs() == nil {
+		zlogInst.Warn().Msgf("No OS specified for instance %s, skipping provisioning.",
 			instance.GetResourceId())
 		return nil
 	}
 
-	if instance.GetDesiredOs().GetOsProvider() != osv1.OsProviderKind_OS_PROVIDER_KIND_INFRA {
+	if instance.GetOs().GetOsProvider() != osv1.OsProviderKind_OS_PROVIDER_KIND_INFRA {
 		zlogInst.Debug().Msgf("Skipping OS provisioning for %s due to OS provider kind: %s",
-			instance.GetResourceId(), instance.GetDesiredOs().GetOsProvider().String())
+			instance.GetResourceId(), instance.GetOs().GetOsProvider().String())
 		return nil
 	}
 
@@ -447,7 +446,7 @@ func (ir *InstanceReconciler) tryProvisionInstance(ctx context.Context, instance
 	oldInstance := proto.Clone(instance).(*computev1.InstanceResource)
 
 	zlogInst.Debug().Msgf("Trying to provision Instance %s with OS %s",
-		instance.GetResourceId(), instance.GetDesiredOs().GetName())
+		instance.GetResourceId(), instance.GetOs().GetName())
 
 	defer func() {
 		// if unrecoverable error, report error provisioning status

@@ -61,7 +61,6 @@ func createOsWithArgs(tb testing.TB, doCleanup bool,
 	defer cancel()
 	osr = &osv1.OperatingSystemResource{
 		Name:              "test-os-" + getFirstNChars(getMD5Hash(fmt.Sprintf("%d", time.Now().UnixNano())), 8),
-		UpdateSources:     []string{"test entries"},
 		ImageUrl:          "example.raw.gz",
 		ProfileName:       inv_testing.GenerateRandomProfileName(),
 		Sha256:            inv_testing.GenerateRandomSha256(),

@@ -741,7 +741,7 @@ func (s *InventoryClientService) checkNCreateInstance(ctx context.Context, tenan
 			Host: &computev1.HostResource{
 				ResourceId: host.ResourceId,
 			},
-			DesiredOs: &osv1.OperatingSystemResource{
+			Os: &osv1.OperatingSystemResource{
 				ResourceId: pconf.DefaultOs,
 			},
 			SecurityFeature: desiredSecurityFeature,

@@ -20,6 +20,7 @@ func TestSBHandler_Stop(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Failed to listen: %v", err)
 	}
+	// nosemgrep: go.grpc.security.grpc-server-insecure-connection.grpc-server-insecure-connection // test scenario
 	grpcServer := grpc.NewServer()
 	//nolint:staticcheck // Ignoring SA2002 and SA1019 as these are valid in this test scenario.
 	go func() {
@@ -29,7 +30,8 @@ func TestSBHandler_Stop(t *testing.T) {
 			t.Fatalf("Failed to serve: %v", err)
 		}
 	}()
-	//nolint:staticcheck // Ignoring SA2002 and SA1019 as these are valid in this test scenario.
+	//nolint:staticcheck // Ignoring SA1019 as these are valid in this test scenario
+	// nosemgrep: go.grpc.security.grpc-client-insecure-connection.grpc-client-insecure-connection // test scenario
 	conn, conErr := grpc.Dial("localhost:13051", grpc.WithInsecure())
 	if conErr != nil {
 		t.Fatalf("Failed to dial server: %v", conErr)

@@ -562,7 +562,6 @@ func (c *OnboardingInventoryClient) UpdateInstanceStatuses(ctx context.Context,
 	instanceStatusDetail string,
 	provisioningStatus inv_status.ResourceStatus,
 	updateStatus inv_status.ResourceStatus,
-	updateStatusDetail string,
 	trustedAttestationStatus inv_status.ResourceStatus,
 ) error {
 	updateInstance := &computev1.InstanceResource{
@@ -576,7 +575,6 @@ func (c *OnboardingInventoryClient) UpdateInstanceStatuses(ctx context.Context,
 		UpdateStatus:                      updateStatus.Status,
 		UpdateStatusIndicator:             updateStatus.StatusIndicator,
 		UpdateStatusTimestamp:             uint64(time.Now().Unix()), // #nosec G115
-		UpdateStatusDetail:                updateStatusDetail,
 		TrustedAttestationStatus:          trustedAttestationStatus.Status,
 		TrustedAttestationStatusIndicator: trustedAttestationStatus.StatusIndicator,
 		TrustedAttestationStatusTimestamp: uint64(time.Now().Unix()), // #nosec G115
@@ -593,7 +591,6 @@ func (c *OnboardingInventoryClient) UpdateInstanceStatuses(ctx context.Context,
 		computev1.InstanceResourceFieldUpdateStatus,
 		computev1.InstanceResourceFieldUpdateStatusIndicator,
 		computev1.InstanceResourceFieldUpdateStatusTimestamp,
-		computev1.InstanceResourceFieldUpdateStatusDetail,
 		computev1.InstanceResourceFieldTrustedAttestationStatus,
 		computev1.InstanceResourceFieldTrustedAttestationStatusIndicator,
 		computev1.InstanceResourceFieldTrustedAttestationStatusTimestamp,
@@ -604,23 +601,23 @@ func (c *OnboardingInventoryClient) UpdateInstanceStatuses(ctx context.Context,
 func (c *OnboardingInventoryClient) UpdateInstance(ctx context.Context, tenantID string, instanceID string,
 	currentState computev1.InstanceState,
 	provisioningStatus inv_status.ResourceStatus,
-	currentOS *osv1.OperatingSystemResource,
+	os *osv1.OperatingSystemResource,
 ) error {
 	updateInstance := &computev1.InstanceResource{
 		ResourceId:                  instanceID,
 		CurrentState:                currentState,
 		ProvisioningStatus:          provisioningStatus.Status,
 		ProvisioningStatusIndicator: provisioningStatus.StatusIndicator,
 		ProvisioningStatusTimestamp: uint64(time.Now().Unix()), // #nosec G115
-		CurrentOs:                   currentOS,
+		Os:                          os,
 	}
 
 	return c.UpdateInvResourceFields(ctx, tenantID, updateInstance, []string{
 		computev1.InstanceResourceFieldCurrentState,
 		computev1.InstanceResourceFieldProvisioningStatus,
 		computev1.InstanceResourceFieldProvisioningStatusIndicator,
 		computev1.InstanceResourceFieldProvisioningStatusTimestamp,
-		computev1.InstanceResourceEdgeCurrentOs,
+		computev1.InstanceResourceEdgeOs,
 	})
 }
 

@@ -805,9 +805,7 @@ func TestOnboardingInventoryClient_GetInstanceResourceByResourceID(t *testing.T)
 	host := inv_testing.CreateHost(t, nil, nil)
 	osRes := inv_testing.CreateOs(t)
 	inst := inv_testing.CreateInstance(t, host, osRes)
-	inst.DesiredOs = osRes
 	inst.Os = osRes
-	inst.CurrentOs = osRes
 	inst.Host = host
 	type args struct {
 		tenantID         string
@@ -1817,7 +1815,7 @@ func TestOnboardingInventoryClient_SetInstanceStatusAndCurrentState(t *testing.T
 		instanceID         string
 		currentState       computev1.InstanceState
 		provisioningStatus inv_status.ResourceStatus
-		currentOS          *osv1.OperatingSystemResource
+		os                 *osv1.OperatingSystemResource
 	}
 	tests := []struct {
 		name    string
@@ -1835,7 +1833,7 @@ func TestOnboardingInventoryClient_SetInstanceStatusAndCurrentState(t *testing.T
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			if err := invClient.UpdateInstance(tt.args.ctx, tt.args.tenantID, tt.args.instanceID, tt.args.currentState,
-				tt.args.provisioningStatus, tt.args.currentOS); (err != nil) != tt.wantErr {
+				tt.args.provisioningStatus, tt.args.os); (err != nil) != tt.wantErr {
 				t.Errorf("OnboardingInventoryClient.UpdateInstance() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})

@@ -305,14 +305,6 @@ func handleWorkflowStatus(instance *computev1.InstanceResource, workflow *tink.W
 			instance, computev1.InstanceState_INSTANCE_STATE_RUNNING,
 			om_status.NewStatusWithDetails(onSuccessProvisioningStatus, intermediateWorkflowState))
 
-		// FIXME: We retrieve original desired OS from workflow's template parameters (hardware map).
-		//  This is temporary, until we implement Day2 refactoring.
-		osResourceID, exists := workflow.Spec.HardwareMap["DeviceInfoOSResourceID"]
-		if !exists {
-			return inv_errors.Errorf("OS resource ID not found in Tinkerbell workflow %s", workflow.Name)
-		}
-
-		util.PopulateCurrentOS(instance, osResourceID)
 		// don't set Rebooting for Standalone ENs as we don't have agents that will converge to Running eventually
 		isStandalone, err := util.IsStandalone(instance)
 		if err != nil {

@@ -55,7 +55,7 @@ func TestCheckStatusOrRunProdWorkflow(t *testing.T) {
 					Host: &computev1.HostResource{
 						ResourceId: "host-084d9b08",
 					},
-					DesiredOs: &osv1.OperatingSystemResource{},
+					Os: &osv1.OperatingSystemResource{},
 				},
 			},
 			wantErr: true,
@@ -68,7 +68,7 @@ func TestCheckStatusOrRunProdWorkflow(t *testing.T) {
 					Host: &computev1.HostResource{
 						ResourceId: "host-084d9b08",
 					},
-					DesiredOs: &osv1.OperatingSystemResource{},
+					Os: &osv1.OperatingSystemResource{},
 				},
 			},
 			wantErr: true,

@@ -146,7 +146,6 @@ func AssertInstanceStatuses(
 	assert.Equal(tb, expectedProvisioningStatus.StatusIndicator, instance.GetProvisioningStatusIndicator())
 	assert.Equal(tb, expectedUpdateStatus.Status, instance.GetUpdateStatus())
 	assert.Equal(tb, expectedUpdateStatus.StatusIndicator, instance.GetUpdateStatusIndicator())
-	assert.Equal(tb, "", instance.GetUpdateStatusDetail())
 	assert.Equal(tb, expectedTrustedAttestationStatus.Status, instance.GetTrustedAttestationStatus())
 	assert.Equal(tb, expectedTrustedAttestationStatus.StatusIndicator, instance.GetTrustedAttestationStatusIndicator())
 }
@@ -96,7 +96,6 @@ func PopulateInstanceUpdateStatus(
 ) {
 	instance.UpdateStatus = updateStatus.Status
 	instance.UpdateStatusIndicator = updateStatus.StatusIndicator
-	instance.UpdateStatusDetail = ""
 }
 
 func PopulateInstanceTrustedAttestationStatus(
@@ -116,21 +115,17 @@ func PopulateInstanceIdleStatus(
 	PopulateInstanceTrustedAttestationStatus(instance, om_status.TrustedAttestationStatusUnknown)
 }
 
-func PopulateCurrentOS(instance *computev1.InstanceResource, osResourceID string) {
-	instance.CurrentOs = &osv1.OperatingSystemResource{ResourceId: osResourceID}
-}
-
 func IsStandalone(instance *computev1.InstanceResource) (bool, error) {
-	if instance.GetDesiredOs() == nil {
+	if instance.GetOs() == nil {
 		return false, nil
 	}
 
-	if instance.GetDesiredOs().GetOsType() == osv1.OsType_OS_TYPE_MUTABLE {
+	if instance.GetOs().GetOsType() == osv1.OsType_OS_TYPE_MUTABLE {
 		// We don't support Standalone ENs for mutable OSes yet
 		return false, nil
 	}
 
-	osMetadata := instance.GetDesiredOs().GetMetadata()
+	osMetadata := instance.GetOs().GetMetadata()
 
 	if osMetadata == "" {
 		return false, nil