From 94c24ca64e70f227da29cd02bd367d3c2701b96c Mon Sep 17 00:00:00 2001
From: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Date: Mon, 27 Mar 2023 18:09:21 +0400
Subject: [PATCH] chore: add machine config version contract for v1.4

No changes vs. v1.3, so mostly no-op change just to keep things
consistent.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
---
 pkg/machinery/config/contract.go      |  1 +
 pkg/machinery/config/contract_test.go | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/pkg/machinery/config/contract.go b/pkg/machinery/config/contract.go
index f5868b180..e70fb681c 100644
--- a/pkg/machinery/config/contract.go
+++ b/pkg/machinery/config/contract.go
@@ -24,6 +24,7 @@ type VersionContract struct {
 // Well-known Talos version contracts.
 var (
 	TalosVersionCurrent = (*VersionContract)(nil)
+	TalosVersion1_4     = &VersionContract{1, 4}
 	TalosVersion1_3     = &VersionContract{1, 3}
 	TalosVersion1_2     = &VersionContract{1, 2}
 	TalosVersion1_1     = &VersionContract{1, 1}
diff --git a/pkg/machinery/config/contract_test.go b/pkg/machinery/config/contract_test.go
index d74ee772f..1fd120e3f 100644
--- a/pkg/machinery/config/contract_test.go
+++ b/pkg/machinery/config/contract_test.go
@@ -67,6 +67,29 @@ func TestContractCurrent(t *testing.T) {
 	assert.True(t, contract.SecretboxEncryptionSupported())
 }
 
+func TestContract1_4(t *testing.T) {
+	contract := config.TalosVersion1_4
+
+	assert.True(t, contract.SupportsAggregatorCA())
+	assert.True(t, contract.SupportsECDSAKeys())
+	assert.True(t, contract.SupportsServiceAccount())
+	assert.True(t, contract.SupportsRBACFeature())
+	assert.True(t, contract.SupportsDynamicCertSANs())
+	assert.True(t, contract.SupportsECDSASHA256())
+	assert.True(t, contract.ClusterDiscoveryEnabled())
+	assert.False(t, contract.PodSecurityPolicyEnabled())
+	assert.True(t, contract.PodSecurityAdmissionEnabled())
+	assert.True(t, contract.StableHostnameEnabled())
+	assert.True(t, contract.KubeletDefaultRuntimeSeccompProfileEnabled())
+	assert.False(t, contract.KubernetesAlternateImageRegistries())
+	assert.True(t, contract.KubernetesAllowSchedulingOnControlPlanes())
+	assert.True(t, contract.KubernetesDiscoveryBackendDisabled())
+	assert.True(t, contract.ApidExtKeyUsageCheckEnabled())
+	assert.True(t, contract.APIServerAuditPolicySupported())
+	assert.True(t, contract.KubeletManifestsDirectoryDisabled())
+	assert.True(t, contract.SecretboxEncryptionSupported())
+}
+
 func TestContract1_3(t *testing.T) {
 	contract := config.TalosVersion1_3