2023-02-21 06:47:14 -05:00
|
|
|
name: Constellation IAM create
|
|
|
|
description: Create IAM configuration for a Constellation cluster.
|
|
|
|
|
|
|
|
inputs:
|
|
|
|
cloudProvider:
|
2023-04-13 06:02:19 -04:00
|
|
|
description: "Either 'aws', 'azure' or 'gcp'."
|
|
|
|
required: true
|
2024-01-25 09:32:19 -05:00
|
|
|
attestationVariant:
|
|
|
|
description: "The attestation variant to use."
|
|
|
|
required: true
|
2023-08-09 02:39:22 -04:00
|
|
|
kubernetesVersion:
|
|
|
|
description: "Kubernetes version to create the cluster from."
|
2023-08-09 10:22:37 -04:00
|
|
|
required: false
|
2023-04-13 06:02:19 -04:00
|
|
|
namePrefix:
|
|
|
|
description: "Name prefix to use for resources."
|
|
|
|
required: true
|
2024-04-25 08:02:23 -04:00
|
|
|
additionalTags:
|
|
|
|
description: "Additional resource tags that will be written into the constellation configuration."
|
|
|
|
default: ""
|
|
|
|
required: false
|
2023-02-21 06:47:14 -05:00
|
|
|
#
|
|
|
|
# AWS specific inputs
|
|
|
|
#
|
|
|
|
awsZone:
|
|
|
|
description: "AWS zone to deploy Constellation in."
|
|
|
|
required: false
|
|
|
|
#
|
|
|
|
# Azure specific inputs
|
|
|
|
#
|
|
|
|
azureRegion:
|
|
|
|
description: "Azure region to deploy Constellation in."
|
|
|
|
required: false
|
|
|
|
#
|
|
|
|
# GCP specific inputs
|
|
|
|
#
|
|
|
|
gcpProjectID:
|
|
|
|
description: "The GCP project ID to deploy Constellation in."
|
|
|
|
required: false
|
|
|
|
gcpZone:
|
|
|
|
description: "The GCP zone to deploy Constellation in."
|
|
|
|
required: false
|
|
|
|
|
|
|
|
runs:
|
|
|
|
using: "composite"
|
|
|
|
steps:
|
2023-08-09 02:39:22 -04:00
|
|
|
- name: Generate config
|
|
|
|
id: generate-config
|
2023-02-21 06:47:14 -05:00
|
|
|
shell: bash
|
|
|
|
run: |
|
2023-08-09 10:22:37 -04:00
|
|
|
kubernetesFlag=""
|
|
|
|
if [[ ! -z "${{ inputs.kubernetesVersion }}" ]]; then
|
|
|
|
kubernetesFlag="--kubernetes=${{ inputs.kubernetesVersion }}"
|
|
|
|
fi
|
|
|
|
|
2024-04-26 03:34:21 -04:00
|
|
|
# TODO(v2.17): Remove this fallback and always use --tags flag
|
|
|
|
tagsFlag=""
|
|
|
|
if constellation config generate --help | grep -q -- --tags; then
|
|
|
|
tagsFlag="--tags=\"${{ inputs.additionalTags }}\""
|
|
|
|
fi
|
|
|
|
|
2023-08-09 02:39:22 -04:00
|
|
|
echo "flag=--update-config" | tee -a "$GITHUB_OUTPUT"
|
2024-04-26 03:34:21 -04:00
|
|
|
constellation config generate ${{ inputs.cloudProvider }} ${kubernetesFlag} --attestation ${{ inputs.attestationVariant }} ${tagsFlag}
|
2023-08-09 02:39:22 -04:00
|
|
|
|
|
|
|
- name: Constellation iam create aws
|
|
|
|
shell: bash
|
|
|
|
if: inputs.cloudProvider == 'aws'
|
|
|
|
run: |
|
2023-02-21 06:47:14 -05:00
|
|
|
constellation iam create aws \
|
2023-10-16 10:20:32 -04:00
|
|
|
--zone="${{ inputs.awsZone }}" \
|
|
|
|
--prefix="${{ inputs.namePrefix }}" \
|
|
|
|
--update-config \
|
2023-08-28 03:01:03 -04:00
|
|
|
--tf-log=DEBUG \
|
2023-08-09 02:39:22 -04:00
|
|
|
--yes
|
2023-02-21 06:47:14 -05:00
|
|
|
|
2023-08-09 10:22:37 -04:00
|
|
|
- name: Constellation iam create azure
|
2023-02-21 06:47:14 -05:00
|
|
|
shell: bash
|
|
|
|
if: inputs.cloudProvider == 'azure'
|
|
|
|
run: |
|
|
|
|
constellation iam create azure \
|
2023-10-16 10:20:32 -04:00
|
|
|
--region="${{ inputs.azureRegion }}" \
|
2023-04-13 06:02:19 -04:00
|
|
|
--resourceGroup="${{ inputs.namePrefix }}-rg" \
|
|
|
|
--servicePrincipal="${{ inputs.namePrefix }}-sp" \
|
2023-10-16 10:20:32 -04:00
|
|
|
--update-config \
|
2023-08-28 03:01:03 -04:00
|
|
|
--tf-log=DEBUG \
|
2023-08-09 02:39:22 -04:00
|
|
|
--yes
|
2023-02-21 06:47:14 -05:00
|
|
|
|
|
|
|
- name: Constellation iam create gcp
|
|
|
|
shell: bash
|
|
|
|
if: inputs.cloudProvider == 'gcp'
|
|
|
|
run: |
|
|
|
|
constellation iam create gcp \
|
2023-10-16 10:20:32 -04:00
|
|
|
--projectID="${{ inputs.gcpProjectID }}" \
|
|
|
|
--zone="${{ inputs.gcpZone }}" \
|
2023-04-13 06:02:19 -04:00
|
|
|
--serviceAccountID="${{ inputs.namePrefix }}-sa" \
|
2023-10-16 10:20:32 -04:00
|
|
|
--update-config \
|
2023-08-28 03:01:03 -04:00
|
|
|
--tf-log=DEBUG \
|
2023-08-09 02:39:22 -04:00
|
|
|
--yes
|