2022-09-05 03:06:08 -04:00
/ *
Copyright ( c ) Edgeless Systems GmbH
SPDX - License - Identifier : AGPL - 3.0 - only
* /
2022-05-16 12:54:25 -04:00
// This binary can be build from siderolabs/talos projects. Located at:
// https://github.com/siderolabs/talos/tree/master/hack/docgen
2022-08-05 09:30:23 -04:00
//
//go:generate docgen ./config.go ./config_doc.go Configuration
2023-01-19 09:57:50 -05:00
/ *
Definitions for Constellation ' s user config file .
The config file is used by the CLI to create and manage a Constellation cluster .
All config relevant definitions , parsing and validation functions should go here .
* /
2022-03-22 11:03:15 -04:00
package config
import (
2022-05-13 05:56:43 -04:00
"errors"
2022-03-22 11:03:15 -04:00
"fmt"
2022-05-13 05:56:43 -04:00
"io/fs"
2022-11-15 09:40:49 -05:00
"os"
2022-11-22 12:47:08 -05:00
"strings"
2022-03-22 11:03:15 -04:00
2023-01-18 10:49:55 -05:00
"github.com/edgelesssys/constellation/v2/internal/attestation/idkeydigest"
2022-11-15 09:40:49 -05:00
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
2022-09-21 07:47:57 -04:00
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
2023-01-31 06:12:19 -05:00
"github.com/edgelesssys/constellation/v2/internal/compatibility"
2022-11-15 09:40:49 -05:00
"github.com/edgelesssys/constellation/v2/internal/constants"
2022-09-21 07:47:57 -04:00
"github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/versions"
2022-05-23 09:01:39 -04:00
"github.com/go-playground/locales/en"
ut "github.com/go-playground/universal-translator"
"github.com/go-playground/validator/v10"
en_translations "github.com/go-playground/validator/v10/translations/en"
2022-03-22 11:03:15 -04:00
)
2022-11-15 09:40:49 -05:00
// Measurements is a required alias since docgen is not able to work with
// types in other packages.
type Measurements = measurements . M
2023-01-18 10:49:55 -05:00
// Digests is a required alias since docgen is not able to work with
// types in other packages.
type Digests = idkeydigest . IDKeyDigests
2022-05-18 12:10:57 -04:00
const (
2022-11-22 09:53:39 -05:00
// Version2 is the second version number for Constellation config file.
Version2 = "v2"
2023-02-17 03:05:42 -05:00
defaultName = "constell"
2022-05-18 12:10:57 -04:00
)
2022-05-16 12:54:25 -04:00
// Config defines configuration used by CLI.
type Config struct {
2022-05-18 12:10:57 -04:00
// description: |
// Schema version of this configuration file.
2022-11-22 09:53:39 -05:00
Version string ` yaml:"version" validate:"eq=v2" `
2022-05-16 12:54:25 -04:00
// description: |
2023-02-10 07:27:22 -05:00
// Machine image version used to create Constellation nodes.
2023-01-31 05:45:31 -05:00
Image string ` yaml:"image" validate:"required,version_compatibility" `
2022-11-22 12:47:08 -05:00
// description: |
2023-02-10 07:27:22 -05:00
// Name of the cluster.
2023-02-17 03:05:42 -05:00
Name string ` yaml:"name" validate:"valid_name" ` // TODO: v2.7: Use "required" validation for name
2023-02-10 07:27:22 -05:00
// description: |
2022-05-24 05:57:48 -04:00
// Size (in GB) of a node's disk to store the non-volatile state.
StateDiskSizeGB int ` yaml:"stateDiskSizeGB" validate:"min=0" `
2022-05-16 12:54:25 -04:00
// description: |
2023-01-31 06:12:19 -05:00
// Kubernetes version to be installed into the cluster.
2023-02-20 04:50:55 -05:00
KubernetesVersion string ` yaml:"kubernetesVersion" validate:"required,supported_k8s_version" `
2022-09-11 10:09:05 -04:00
// description: |
2023-01-31 06:12:19 -05:00
// Microservice version to be installed into the cluster. Setting this value is optional until v2.7. Defaults to the version of the CLI.
MicroserviceVersion string ` yaml:"microserviceVersion" validate:"omitempty,version_compatibility" `
// description: |
2022-09-11 10:09:05 -04:00
// DON'T USE IN PRODUCTION: enable debug mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md
2022-09-05 10:53:37 -04:00
DebugCluster * bool ` yaml:"debugCluster" validate:"required" `
2022-05-16 12:54:25 -04:00
// description: |
2023-03-14 06:46:27 -04:00
// Attestation variant used to verify the integrity of a node.
AttestationVariant string ` yaml:"attestationVariant" validate:"valid_attestation_variant" ` // TODO: v2.8: Mark required
// description: |
2022-05-24 05:57:48 -04:00
// Supported cloud providers and their specific configurations.
2022-05-23 09:01:39 -04:00
Provider ProviderConfig ` yaml:"provider" validate:"dive" `
2022-05-16 12:54:25 -04:00
// description: |
2022-08-29 10:49:44 -04:00
// Configuration to apply during constellation upgrade.
// examples:
// - value: 'UpgradeConfig{ Image: "", Measurements: Measurements{} }'
2023-01-31 06:12:19 -05:00
Upgrade UpgradeConfig ` yaml:"upgrade,omitempty" validate:"required" `
2022-08-29 10:49:44 -04:00
}
// UpgradeConfig defines configuration used during constellation upgrade.
type UpgradeConfig struct {
// description: |
2022-11-22 12:47:08 -05:00
// Updated Constellation machine image to install on all nodes.
2022-08-29 10:49:44 -04:00
Image string ` yaml:"image" `
// description: |
// Measurements of the updated image.
Measurements Measurements ` yaml:"measurements" `
2022-11-28 04:27:33 -05:00
// description: |
// temporary field for upgrade migration
// TODO(AB#2654): Remove with refactoring upgrade plan command
CSP cloudprovider . Provider ` yaml:"csp" `
2022-05-17 04:52:37 -04:00
}
2022-05-16 12:54:25 -04:00
// ProviderConfig are cloud-provider specific configuration values used by the CLI.
// Fields should remain pointer-types so custom specific configs can nil them
// if not required.
type ProviderConfig struct {
2022-10-21 06:24:18 -04:00
// description: |
// Configuration for AWS as provider.
AWS * AWSConfig ` yaml:"aws,omitempty" validate:"omitempty,dive" `
2022-05-16 12:54:25 -04:00
// description: |
// Configuration for Azure as provider.
2022-05-24 05:57:48 -04:00
Azure * AzureConfig ` yaml:"azure,omitempty" validate:"omitempty,dive" `
2022-05-16 12:54:25 -04:00
// description: |
// Configuration for Google Cloud as provider.
2022-05-24 05:57:48 -04:00
GCP * GCPConfig ` yaml:"gcp,omitempty" validate:"omitempty,dive" `
2022-05-16 12:54:25 -04:00
// description: |
2023-02-27 12:19:52 -05:00
// Configuration for OpenStack as provider.
OpenStack * OpenStackConfig ` yaml:"openstack,omitempty" validate:"omitempty,dive" `
// description: |
2022-05-16 12:54:25 -04:00
// Configuration for QEMU as provider.
2022-05-24 05:57:48 -04:00
QEMU * QEMUConfig ` yaml:"qemu,omitempty" validate:"omitempty,dive" `
2022-05-16 12:54:25 -04:00
}
2022-10-21 06:24:18 -04:00
// AWSConfig are AWS specific configuration values used by the CLI.
type AWSConfig struct {
// description: |
// AWS data center region. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions
Region string ` yaml:"region" validate:"required" `
// description: |
// AWS data center zone name in defined region. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones
Zone string ` yaml:"zone" validate:"required" `
// description: |
// VM instance type to use for Constellation nodes. Needs to support NitroTPM. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html
InstanceType string ` yaml:"instanceType" validate:"lowercase,aws_instance_type" `
// description: |
// Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html
StateDiskType string ` yaml:"stateDiskType" validate:"oneof=standard gp2 gp3 st1 sc1 io1" `
// description: |
// Name of the IAM profile to use for the control plane nodes.
IAMProfileControlPlane string ` yaml:"iamProfileControlPlane" validate:"required" `
// description: |
// Name of the IAM profile to use for the worker nodes.
IAMProfileWorkerNodes string ` yaml:"iamProfileWorkerNodes" validate:"required" `
// description: |
// Expected VM measurements.
2022-11-24 04:57:58 -05:00
Measurements Measurements ` yaml:"measurements" validate:"required,no_placeholders" `
2022-10-21 06:24:18 -04:00
}
2022-05-16 12:54:25 -04:00
// AzureConfig are Azure specific configuration values used by the CLI.
type AzureConfig struct {
// description: |
// Subscription ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription
2022-05-23 09:01:39 -04:00
SubscriptionID string ` yaml:"subscription" validate:"uuid" `
2022-05-16 12:54:25 -04:00
// description: |
// Tenant ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-ad-tenant
2022-05-23 09:01:39 -04:00
TenantID string ` yaml:"tenant" validate:"uuid" `
2022-05-16 12:54:25 -04:00
// description: |
// Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones
2022-05-23 09:01:39 -04:00
Location string ` yaml:"location" validate:"required" `
2022-05-16 12:54:25 -04:00
// description: |
2022-09-11 10:09:05 -04:00
// Resource group for the cluster's resources. Must already exist.
2022-08-25 09:12:08 -04:00
ResourceGroup string ` yaml:"resourceGroup" validate:"required" `
// description: |
2022-09-02 11:11:06 -04:00
// Authorize spawned VMs to access Azure API.
UserAssignedIdentity string ` yaml:"userAssignedIdentity" validate:"required" `
// description: |
2022-08-29 08:18:05 -04:00
// Application client ID of the Active Directory app registration.
2022-09-11 10:09:05 -04:00
AppClientID string ` yaml:"appClientID" validate:"uuid" `
2022-08-29 08:18:05 -04:00
// description: |
2022-11-15 09:40:49 -05:00
// Client secret value of the Active Directory app registration credentials. Alternatively leave empty and pass value via CONSTELL_AZURE_CLIENT_SECRET_VALUE environment variable.
2022-08-29 08:18:05 -04:00
ClientSecretValue string ` yaml:"clientSecretValue" validate:"required" `
// description: |
2022-09-11 10:09:05 -04:00
// VM instance type to use for Constellation nodes.
InstanceType string ` yaml:"instanceType" validate:"azure_instance_type" `
// description: |
// Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison
StateDiskType string ` yaml:"stateDiskType" validate:"oneof=Premium_LRS Premium_ZRS Standard_LRS StandardSSD_LRS StandardSSD_ZRS" `
// description: |
2022-11-18 04:05:02 -05:00
// Deploy Azure Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage
DeployCSIDriver * bool ` yaml:"deployCSIDriver" validate:"required" `
2022-08-29 08:18:05 -04:00
// description: |
2022-11-29 06:36:43 -05:00
// Use Confidential VMs. Always needs to be true.
2022-11-18 04:05:02 -05:00
ConfidentialVM * bool ` yaml:"confidentialVM" validate:"required" `
// description: |
// Enable secure boot for VMs. If enabled, the OS image has to include a virtual machine guest state (VMGS) blob.
SecureBoot * bool ` yaml:"secureBoot" validate:"required" `
2022-08-29 08:18:05 -04:00
// description: |
2023-01-18 10:49:55 -05:00
// List of accepted values for the field 'idkeydigest' in the AMD SEV-SNP attestation report. Only usable with ConfidentialVMs. See 4.6 and 7.3 in: https://www.amd.com/system/files/TechDocs/56860.pdf
2023-01-24 16:20:10 -05:00
IDKeyDigest Digests ` yaml:"idKeyDigest" validate:"required_if=EnforceIdKeyDigest true,omitempty" `
2022-08-29 10:41:09 -04:00
// description: |
// Enforce the specified idKeyDigest value during remote attestation.
2023-03-21 07:46:49 -04:00
EnforceIDKeyDigest idkeydigest . EnforceIDKeyDigest ` yaml:"enforceIdKeyDigest" validate:"required" `
2022-08-29 10:41:09 -04:00
// description: |
2022-11-18 04:05:02 -05:00
// Expected confidential VM measurements.
2022-11-24 04:57:58 -05:00
Measurements Measurements ` yaml:"measurements" validate:"required,no_placeholders" `
2022-05-16 12:54:25 -04:00
}
// GCPConfig are GCP specific configuration values used by the CLI.
type GCPConfig struct {
// description: |
// GCP project. See: https://support.google.com/googleapi/answer/7014113?hl=en
2022-05-23 09:01:39 -04:00
Project string ` yaml:"project" validate:"required" `
2022-05-16 12:54:25 -04:00
// description: |
// GCP datacenter region. See: https://cloud.google.com/compute/docs/regions-zones#available
2022-05-23 09:01:39 -04:00
Region string ` yaml:"region" validate:"required" `
2022-05-16 12:54:25 -04:00
// description: |
// GCP datacenter zone. See: https://cloud.google.com/compute/docs/regions-zones#available
2022-05-23 09:01:39 -04:00
Zone string ` yaml:"zone" validate:"required" `
2022-05-16 12:54:25 -04:00
// description: |
2022-09-11 10:09:05 -04:00
// Path of service account key file. For required service account roles, see https://docs.edgeless.systems/constellation/getting-started/install#authorization
ServiceAccountKeyPath string ` yaml:"serviceAccountKeyPath" validate:"required" `
// description: |
// VM instance type to use for Constellation nodes.
2022-08-31 11:35:33 -04:00
InstanceType string ` yaml:"instanceType" validate:"gcp_instance_type" `
// description: |
2022-08-02 06:24:55 -04:00
// Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types
StateDiskType string ` yaml:"stateDiskType" validate:"oneof=pd-standard pd-balanced pd-ssd" `
// description: |
2022-11-18 04:05:02 -05:00
// Deploy Persistent Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage
DeployCSIDriver * bool ` yaml:"deployCSIDriver" validate:"required" `
// description: |
2022-05-24 05:57:48 -04:00
// Expected confidential VM measurements.
2022-11-24 04:57:58 -05:00
Measurements Measurements ` yaml:"measurements" validate:"required,no_placeholders" `
2022-05-16 12:54:25 -04:00
}
2023-02-27 12:19:52 -05:00
// OpenStackConfig holds config information for OpenStack based Constellation deployments.
type OpenStackConfig struct {
// description: |
// OpenStack cloud name to select from "clouds.yaml". Only required if config file for OpenStack is used. Fallback authentication uses environment variables. For details see: https://docs.openstack.org/openstacksdk/latest/user/config/configuration.html.
Cloud string ` yaml:"cloud" `
// description: |
// Availability zone to place the VMs in. For details see: https://docs.openstack.org/nova/latest/admin/availability-zones.html
AvailabilityZone string ` yaml:"availabilityZone" validate:"required" `
// description: |
// Flavor ID (machine type) to use for the VMs. For details see: https://docs.openstack.org/nova/latest/admin/flavors.html
FlavorID string ` yaml:"flavorID" validate:"required" `
// description: |
// Floating IP pool to use for the VMs. For details see: https://docs.openstack.org/ocata/user-guide/cli-manage-ip-addresses.html
FloatingIPPoolID string ` yaml:"floatingIPPoolID" validate:"required" `
// description: |
2023-03-17 04:34:25 -04:00
// AuthURL is the OpenStack Identity endpoint to use inside the cluster.
AuthURL string ` yaml:"authURL" validate:"required" `
// description: |
// ProjectID is the ID of the project where a user resides.
ProjectID string ` yaml:"projectID" validate:"required" `
// description: |
// ProjectName is the name of the project where a user resides.
ProjectName string ` yaml:"projectName" validate:"required" `
// description: |
2023-03-03 09:28:28 -05:00
// UserDomainName is the name of the domain where a user resides.
UserDomainName string ` yaml:"userDomainName" validate:"required" `
// description: |
2023-03-17 04:34:25 -04:00
// ProjectDomainName is the name of the domain where a project resides.
ProjectDomainName string ` yaml:"projectDomainName" validate:"required" `
// description: |
// RegionName is the name of the region to use inside the cluster.
RegionName string ` yaml:"regionName" validate:"required" `
// description: |
2023-03-03 09:28:28 -05:00
// Username to use inside the cluster.
Username string ` yaml:"username" validate:"required" `
// description: |
// Password to use inside the cluster. You can instead use the environment variable "CONSTELL_OS_PASSWORD".
Password string ` yaml:"password" `
2023-03-03 04:10:36 -05:00
// description: |
2023-02-27 12:19:52 -05:00
// If enabled, downloads OS image directly from source URL to OpenStack. Otherwise, downloads image to local machine and uploads to OpenStack.
DirectDownload * bool ` yaml:"directDownload" validate:"required" `
}
2022-11-09 09:57:54 -05:00
// QEMUConfig holds config information for QEMU based Constellation deployments.
2022-05-16 12:54:25 -04:00
type QEMUConfig struct {
2022-09-26 09:52:31 -04:00
// description: |
// Format of the image to use for the VMs. Should be either qcow2 or raw.
ImageFormat string ` yaml:"imageFormat" validate:"oneof=qcow2 raw" `
// description: |
// vCPU count for the VMs.
VCPUs int ` yaml:"vcpus" validate:"required" `
// description: |
// Amount of memory per instance (MiB).
Memory int ` yaml:"memory" validate:"required" `
// description: |
// Container image to use for the QEMU metadata server.
MetadataAPIImage string ` yaml:"metadataAPIServer" validate:"required" `
2022-05-16 12:54:25 -04:00
// description: |
2022-10-05 03:11:30 -04:00
// Libvirt connection URI. Leave empty to start a libvirt instance in Docker.
LibvirtURI string ` yaml:"libvirtSocket" `
// description: |
// Container image to use for launching a containerized libvirt daemon. Only relevant if `libvirtSocket = ""`.
LibvirtContainerImage string ` yaml:"libvirtContainerImage" `
// description: |
2022-10-19 07:10:15 -04:00
// NVRAM template to be used for secure boot. Can be sentinel value "production", "testing" or a path to a custom NVRAM template
NVRAM string ` yaml:"nvram" validate:"required" `
// description: |
// Path to the OVMF firmware. Leave empty for auto selection.
Firmware string ` yaml:"firmware" `
2022-10-21 10:08:52 -04:00
// description: |
// Measurement used to enable measured boot.
2022-11-24 04:57:58 -05:00
Measurements Measurements ` yaml:"measurements" validate:"required,no_placeholders" `
2022-03-22 11:03:15 -04:00
}
// Default returns a struct with the default config.
func Default ( ) * Config {
return & Config {
2023-01-31 06:12:19 -05:00
Version : Version2 ,
Image : defaultImage ,
2023-02-17 03:05:42 -05:00
Name : defaultName ,
2023-03-01 05:55:12 -05:00
MicroserviceVersion : compatibility . EnsurePrefixV ( constants . VersionInfo ( ) ) ,
2023-01-31 06:12:19 -05:00
KubernetesVersion : string ( versions . Default ) ,
StateDiskSizeGB : 30 ,
2023-02-28 12:44:21 -05:00
DebugCluster : toPtr ( false ) ,
2022-05-16 12:54:25 -04:00
Provider : ProviderConfig {
2022-10-21 06:24:18 -04:00
AWS : & AWSConfig {
Region : "" ,
InstanceType : "m6a.xlarge" ,
StateDiskType : "gp3" ,
IAMProfileControlPlane : "" ,
IAMProfileWorkerNodes : "" ,
2022-11-15 09:40:49 -05:00
Measurements : measurements . DefaultsFor ( cloudprovider . AWS ) ,
2022-10-21 06:24:18 -04:00
} ,
2022-03-22 11:03:15 -04:00
Azure : & AzureConfig {
2022-08-08 05:04:17 -04:00
SubscriptionID : "" ,
TenantID : "" ,
Location : "" ,
UserAssignedIdentity : "" ,
2022-08-25 09:12:08 -04:00
ResourceGroup : "" ,
2022-08-31 11:35:33 -04:00
InstanceType : "Standard_DC4as_v5" ,
2022-08-31 04:33:33 -04:00
StateDiskType : "Premium_LRS" ,
2023-02-28 12:44:21 -05:00
DeployCSIDriver : toPtr ( true ) ,
2023-01-24 16:20:10 -05:00
IDKeyDigest : idkeydigest . DefaultsFor ( cloudprovider . Azure ) ,
2023-03-21 07:46:49 -04:00
EnforceIDKeyDigest : idkeydigest . MAAFallback ,
2023-02-28 12:44:21 -05:00
ConfidentialVM : toPtr ( true ) ,
SecureBoot : toPtr ( false ) ,
2022-11-18 04:05:02 -05:00
Measurements : measurements . DefaultsFor ( cloudprovider . Azure ) ,
2022-03-22 11:03:15 -04:00
} ,
GCP : & GCPConfig {
2022-08-23 11:49:55 -04:00
Project : "" ,
Region : "" ,
Zone : "" ,
2022-11-18 04:05:02 -05:00
ServiceAccountKeyPath : "" ,
2022-08-31 11:35:33 -04:00
InstanceType : "n2d-standard-4" ,
2022-08-23 11:49:55 -04:00
StateDiskType : "pd-ssd" ,
2023-02-28 12:44:21 -05:00
DeployCSIDriver : toPtr ( true ) ,
2022-11-15 09:40:49 -05:00
Measurements : measurements . DefaultsFor ( cloudprovider . GCP ) ,
2022-03-22 11:03:15 -04:00
} ,
2023-02-27 12:19:52 -05:00
OpenStack : & OpenStackConfig {
2023-02-28 12:44:21 -05:00
DirectDownload : toPtr ( true ) ,
2023-02-27 12:19:52 -05:00
} ,
2022-05-02 04:54:54 -04:00
QEMU : & QEMUConfig {
2022-11-08 12:32:59 -05:00
ImageFormat : "raw" ,
2022-10-05 03:11:30 -04:00
VCPUs : 2 ,
Memory : 2048 ,
2022-10-07 03:38:43 -04:00
MetadataAPIImage : versions . QEMUMetadataImage ,
2022-10-05 03:11:30 -04:00
LibvirtURI : "" ,
2022-10-07 03:38:43 -04:00
LibvirtContainerImage : versions . LibvirtImage ,
2022-11-18 04:05:02 -05:00
NVRAM : "production" ,
2022-11-15 09:40:49 -05:00
Measurements : measurements . DefaultsFor ( cloudprovider . QEMU ) ,
2022-05-02 04:54:54 -04:00
} ,
2022-03-22 11:03:15 -04:00
} ,
}
}
2023-01-31 06:12:19 -05:00
// fromFile returns config file with `name` read from `fileHandler` by parsing
2022-11-15 09:40:49 -05:00
// it as YAML. You should prefer config.New to read env vars and validate
// config in a consistent manner.
2023-01-31 06:12:19 -05:00
func fromFile ( fileHandler file . Handler , name string ) ( * Config , error ) {
2022-11-15 09:40:49 -05:00
var conf Config
if err := fileHandler . ReadYAMLStrict ( name , & conf ) ; err != nil {
if errors . Is ( err , fs . ErrNotExist ) {
return nil , fmt . Errorf ( "unable to find %s - use `constellation config generate` to generate it first" , name )
}
return nil , fmt . Errorf ( "could not load config from file %s: %w" , name , err )
2022-09-07 05:53:44 -04:00
}
2022-11-15 09:40:49 -05:00
return & conf , nil
2022-09-07 05:53:44 -04:00
}
2022-11-15 09:40:49 -05:00
// New creates a new config by:
// 1. Reading config file via provided fileHandler from file with name.
// 2. Read secrets from environment variables.
2023-01-31 06:12:19 -05:00
// 3. Validate config. If `--force` is set the version validation will be disabled and any version combination is allowed.
2023-01-31 05:45:31 -05:00
func New ( fileHandler file . Handler , name string , force bool ) ( * Config , error ) {
2022-11-15 09:40:49 -05:00
// Read config file
2023-01-31 06:12:19 -05:00
c , err := fromFile ( fileHandler , name )
2022-11-15 09:40:49 -05:00
if err != nil {
2022-08-31 11:35:33 -04:00
return nil , err
}
2022-11-15 09:40:49 -05:00
// Read secrets from env-vars.
clientSecretValue := os . Getenv ( constants . EnvVarAzureClientSecretValue )
if clientSecretValue != "" && c . Provider . Azure != nil {
c . Provider . Azure . ClientSecretValue = clientSecretValue
2022-05-23 09:01:39 -04:00
}
2023-03-03 09:28:28 -05:00
openstackPassword := os . Getenv ( constants . EnvVarOpenStackPassword )
if openstackPassword != "" && c . Provider . OpenStack != nil {
c . Provider . OpenStack . Password = openstackPassword
2023-03-03 04:10:36 -05:00
}
2023-01-31 06:12:19 -05:00
// Backwards compatibility: configs without the field `microserviceVersion` are valid in version 2.6.
// In case the field is not set in an old config we prefil it with the default value.
2023-02-15 05:34:13 -05:00
if c . MicroserviceVersion == "" {
c . MicroserviceVersion = Default ( ) . MicroserviceVersion
}
2023-01-31 06:12:19 -05:00
2023-01-31 05:45:31 -05:00
return c , c . Validate ( force )
2022-09-07 05:53:44 -04:00
}
2022-05-23 09:01:39 -04:00
// HasProvider checks whether the config contains the provider.
func ( c * Config ) HasProvider ( provider cloudprovider . Provider ) bool {
switch provider {
2022-10-21 06:24:18 -04:00
case cloudprovider . AWS :
return c . Provider . AWS != nil
2022-05-23 09:01:39 -04:00
case cloudprovider . Azure :
return c . Provider . Azure != nil
case cloudprovider . GCP :
return c . Provider . GCP != nil
case cloudprovider . QEMU :
return c . Provider . QEMU != nil
}
return false
}
2022-11-09 09:57:54 -05:00
// UpdateMeasurements overwrites measurements in config with the provided ones.
2022-08-01 03:37:05 -04:00
func ( c * Config ) UpdateMeasurements ( newMeasurements Measurements ) {
2022-10-21 06:24:18 -04:00
if c . Provider . AWS != nil {
c . Provider . AWS . Measurements . CopyFrom ( newMeasurements )
}
2022-08-01 03:37:05 -04:00
if c . Provider . Azure != nil {
c . Provider . Azure . Measurements . CopyFrom ( newMeasurements )
}
if c . Provider . GCP != nil {
c . Provider . GCP . Measurements . CopyFrom ( newMeasurements )
}
if c . Provider . QEMU != nil {
c . Provider . QEMU . Measurements . CopyFrom ( newMeasurements )
}
}
2022-05-18 05:39:14 -04:00
// RemoveProviderExcept removes all provider specific configurations, i.e.,
// sets them to nil, except the one specified.
// If an unknown provider is passed, the same configuration is returned.
func ( c * Config ) RemoveProviderExcept ( provider cloudprovider . Provider ) {
currentProviderConfigs := c . Provider
c . Provider = ProviderConfig { }
switch provider {
2022-10-21 06:24:18 -04:00
case cloudprovider . AWS :
c . Provider . AWS = currentProviderConfigs . AWS
2022-05-18 05:39:14 -04:00
case cloudprovider . Azure :
c . Provider . Azure = currentProviderConfigs . Azure
case cloudprovider . GCP :
c . Provider . GCP = currentProviderConfigs . GCP
2023-02-27 12:19:52 -05:00
case cloudprovider . OpenStack :
c . Provider . OpenStack = currentProviderConfigs . OpenStack
2022-05-18 05:39:14 -04:00
case cloudprovider . QEMU :
c . Provider . QEMU = currentProviderConfigs . QEMU
default :
c . Provider = currentProviderConfigs
}
}
2022-11-15 09:40:49 -05:00
// IsAzureNonCVM checks whether the chosen provider is azure and confidential VMs are disabled.
func ( c * Config ) IsAzureNonCVM ( ) bool {
return c . Provider . Azure != nil && c . Provider . Azure . ConfidentialVM != nil && ! * c . Provider . Azure . ConfidentialVM
}
// IsDebugCluster checks whether the cluster is configured as a debug cluster.
func ( c * Config ) IsDebugCluster ( ) bool {
if c . DebugCluster != nil && * c . DebugCluster {
return true
}
return false
}
2022-11-22 12:47:08 -05:00
// IsReleaseImage checks whether image name looks like a release image.
func ( c * Config ) IsReleaseImage ( ) bool {
return strings . HasPrefix ( c . Image , "v" )
2022-08-16 09:53:54 -04:00
}
2022-08-31 05:59:07 -04:00
// GetProvider returns the configured cloud provider.
func ( c * Config ) GetProvider ( ) cloudprovider . Provider {
2022-10-21 06:24:18 -04:00
if c . Provider . AWS != nil {
return cloudprovider . AWS
}
2022-08-31 05:59:07 -04:00
if c . Provider . Azure != nil {
return cloudprovider . Azure
}
if c . Provider . GCP != nil {
return cloudprovider . GCP
}
2023-02-27 12:19:52 -05:00
if c . Provider . OpenStack != nil {
return cloudprovider . OpenStack
}
2022-08-31 05:59:07 -04:00
if c . Provider . QEMU != nil {
return cloudprovider . QEMU
}
return cloudprovider . Unknown
}
2023-02-20 04:32:33 -05:00
// GetMeasurements returns the configured measurements or nil if no provder is set.
func ( c * Config ) GetMeasurements ( ) measurements . M {
if c . Provider . AWS != nil {
return c . Provider . AWS . Measurements
}
if c . Provider . Azure != nil {
return c . Provider . Azure . Measurements
}
if c . Provider . GCP != nil {
return c . Provider . GCP . Measurements
}
if c . Provider . QEMU != nil {
return c . Provider . QEMU . Measurements
}
return nil
}
2023-03-21 07:46:49 -04:00
// IDKeyDigestPolicy returns the IDKeyDigest checking policy for a cloud provider.
func ( c * Config ) IDKeyDigestPolicy ( ) idkeydigest . EnforceIDKeyDigest {
if c . Provider . Azure != nil {
return c . Provider . Azure . EnforceIDKeyDigest
}
return idkeydigest . Unknown
2022-08-31 14:10:49 -04:00
}
2022-11-24 04:57:58 -05:00
// EnforcedPCRs returns the list of enforced PCRs for the configured cloud provider.
func ( c * Config ) EnforcedPCRs ( ) [ ] uint32 {
2022-11-18 04:05:02 -05:00
provider := c . GetProvider ( )
switch provider {
case cloudprovider . AWS :
2022-11-24 04:57:58 -05:00
return c . Provider . AWS . Measurements . GetEnforced ( )
2022-11-18 04:05:02 -05:00
case cloudprovider . Azure :
2022-11-24 04:57:58 -05:00
return c . Provider . Azure . Measurements . GetEnforced ( )
2022-11-18 04:05:02 -05:00
case cloudprovider . GCP :
2022-11-24 04:57:58 -05:00
return c . Provider . GCP . Measurements . GetEnforced ( )
2022-11-18 04:05:02 -05:00
case cloudprovider . QEMU :
2022-11-24 04:57:58 -05:00
return c . Provider . QEMU . Measurements . GetEnforced ( )
2022-11-18 04:05:02 -05:00
default :
return nil
}
}
2023-01-18 10:49:55 -05:00
// IDKeyDigests returns the ID Key Digests for the configured cloud provider.
func ( c * Config ) IDKeyDigests ( ) idkeydigest . IDKeyDigests {
if c . Provider . Azure != nil {
2023-01-24 16:20:10 -05:00
return c . Provider . Azure . IDKeyDigest
2023-01-18 10:49:55 -05:00
}
return nil
}
2022-11-18 04:05:02 -05:00
// DeployCSIDriver returns whether the CSI driver should be deployed for a given cloud provider.
func ( c * Config ) DeployCSIDriver ( ) bool {
return c . Provider . Azure != nil && c . Provider . Azure . DeployCSIDriver != nil && * c . Provider . Azure . DeployCSIDriver ||
c . Provider . GCP != nil && c . Provider . GCP . DeployCSIDriver != nil && * c . Provider . GCP . DeployCSIDriver
}
2022-11-15 09:40:49 -05:00
// Validate checks the config values and returns validation errors.
2023-01-31 05:45:31 -05:00
func ( c * Config ) Validate ( force bool ) error {
2022-11-15 09:40:49 -05:00
trans := ut . New ( en . New ( ) ) . GetFallback ( )
validate := validator . New ( )
if err := en_translations . RegisterDefaultTranslations ( validate , trans ) ; err != nil {
return err
2022-03-22 11:03:15 -04:00
}
2022-08-12 09:59:45 -04:00
2022-11-15 09:40:49 -05:00
// Register AWS, Azure & GCP InstanceType validation error types
if err := validate . RegisterTranslation ( "aws_instance_type" , trans , registerTranslateAWSInstanceTypeError , translateAWSInstanceTypeError ) ; err != nil {
return err
}
2022-08-31 11:35:33 -04:00
2022-11-15 09:40:49 -05:00
if err := validate . RegisterTranslation ( "azure_instance_type" , trans , registerTranslateAzureInstanceTypeError , c . translateAzureInstanceTypeError ) ; err != nil {
return err
2022-08-31 11:35:33 -04:00
}
2022-09-05 10:53:37 -04:00
2022-11-15 09:40:49 -05:00
if err := validate . RegisterTranslation ( "gcp_instance_type" , trans , registerTranslateGCPInstanceTypeError , translateGCPInstanceTypeError ) ; err != nil {
return err
2022-10-21 06:24:18 -04:00
}
2022-11-15 09:40:49 -05:00
// Register Provider validation error types
if err := validate . RegisterTranslation ( "no_provider" , trans , registerNoProviderError , translateNoProviderError ) ; err != nil {
return err
2022-10-21 06:24:18 -04:00
}
2022-11-15 09:40:49 -05:00
if err := validate . RegisterTranslation ( "more_than_one_provider" , trans , registerMoreThanOneProviderError , c . translateMoreThanOneProviderError ) ; err != nil {
return err
2022-10-21 06:24:18 -04:00
}
2022-11-24 04:57:58 -05:00
if err := validate . RegisterTranslation ( "no_placeholders" , trans , registerContainsPlaceholderError , translateContainsPlaceholderError ) ; err != nil {
return err
}
2023-01-23 05:21:06 -05:00
if err := validate . RegisterTranslation ( "supported_k8s_version" , trans , registerInvalidK8sVersionError , translateInvalidK8sVersionError ) ; err != nil {
return err
}
2023-01-31 05:45:31 -05:00
if err := validate . RegisterTranslation ( "version_compatibility" , trans , registerVersionCompatibilityError , translateVersionCompatibilityError ) ; err != nil {
return err
}
2023-03-14 06:46:27 -04:00
2023-02-10 07:27:22 -05:00
if err := validate . RegisterTranslation ( "valid_name" , trans , registerValidateNameError , c . translateValidateNameError ) ; err != nil {
return err
}
2023-03-14 06:46:27 -04:00
if err := validate . RegisterTranslation ( "valid_attestation_variant" , trans , registerValidAttestVariantError , c . translateValidAttestVariantError ) ; err != nil {
return err
}
2023-02-10 07:27:22 -05:00
if err := validate . RegisterValidation ( "valid_name" , c . validateName ) ; err != nil {
return err
}
2023-01-31 05:45:31 -05:00
2022-11-24 04:57:58 -05:00
if err := validate . RegisterValidation ( "no_placeholders" , validateNoPlaceholder ) ; err != nil {
return err
}
2022-11-15 09:40:49 -05:00
// register custom validator with label supported_k8s_version to validate version based on available versionConfigs.
2023-02-20 04:50:55 -05:00
if err := validate . RegisterValidation ( "supported_k8s_version" , c . validateK8sVersion ) ; err != nil {
2022-11-15 09:40:49 -05:00
return err
}
2022-10-21 06:24:18 -04:00
2023-01-31 05:45:31 -05:00
versionCompatibilityValidator := validateVersionCompatibility
if force {
versionCompatibilityValidator = returnsTrue
}
if err := validate . RegisterValidation ( "version_compatibility" , versionCompatibilityValidator ) ; err != nil {
return err
}
2022-11-15 09:40:49 -05:00
// register custom validator with label aws_instance_type to validate the AWS instance type from config input.
if err := validate . RegisterValidation ( "aws_instance_type" , validateAWSInstanceType ) ; err != nil {
return err
2022-10-21 06:24:18 -04:00
}
2022-11-15 09:40:49 -05:00
// register custom validator with label azure_instance_type to validate the Azure instance type from config input.
if err := validate . RegisterValidation ( "azure_instance_type" , validateAzureInstanceType ) ; err != nil {
return err
}
2022-10-21 06:24:18 -04:00
2022-11-15 09:40:49 -05:00
// register custom validator with label gcp_instance_type to validate the GCP instance type from config input.
if err := validate . RegisterValidation ( "gcp_instance_type" , validateGCPInstanceType ) ; err != nil {
return err
2022-10-21 06:24:18 -04:00
}
2023-03-14 06:46:27 -04:00
if err := validate . RegisterValidation ( "valid_attestation_variant" , c . validAttestVariant ) ; err != nil {
return err
}
2022-11-15 09:40:49 -05:00
// Register provider validation
validate . RegisterStructValidation ( validateProvider , ProviderConfig { } )
2023-01-31 06:12:19 -05:00
// register custom validator that prints a deprecation warning.
validate . RegisterStructValidation ( validateUpgradeConfig , UpgradeConfig { } )
2022-11-15 09:40:49 -05:00
err := validate . Struct ( c )
if err == nil {
return nil
2022-10-21 06:24:18 -04:00
}
2023-02-07 09:19:59 -05:00
var validationErrs validator . ValidationErrors
if ! errors . As ( err , & validationErrs ) {
2022-11-15 09:40:49 -05:00
return err
}
2022-10-21 06:24:18 -04:00
2023-02-07 06:56:25 -05:00
var validationErrMsgs [ ] string
2023-02-07 09:19:59 -05:00
for _ , e := range validationErrs {
2023-02-07 06:56:25 -05:00
validationErrMsgs = append ( validationErrMsgs , e . Translate ( trans ) )
2022-09-05 10:53:37 -04:00
}
2023-02-07 06:56:25 -05:00
return & ValidationError { validationErrMsgs : validationErrMsgs }
2022-09-05 10:53:37 -04:00
}
2023-02-28 12:44:21 -05:00
func toPtr [ T any ] ( v T ) * T {
return & v
}