2022-09-05 03:06:08 -04:00
/ *
Copyright ( c ) Edgeless Systems GmbH
SPDX - License - Identifier : AGPL - 3.0 - only
* /
2022-05-16 12:54:25 -04:00
// This binary can be build from siderolabs/talos projects. Located at:
// https://github.com/siderolabs/talos/tree/master/hack/docgen
2022-08-05 09:30:23 -04:00
//
//go:generate docgen ./config.go ./config_doc.go Configuration
2022-03-22 11:03:15 -04:00
package config
import (
2022-05-13 05:56:43 -04:00
"errors"
2022-03-22 11:03:15 -04:00
"fmt"
2022-05-13 05:56:43 -04:00
"io/fs"
2022-11-15 09:40:49 -05:00
"os"
2022-08-16 09:53:54 -04:00
"regexp"
2022-03-22 11:03:15 -04:00
2022-11-15 09:40:49 -05:00
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
2022-09-21 07:47:57 -04:00
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
2022-11-15 09:40:49 -05:00
"github.com/edgelesssys/constellation/v2/internal/constants"
2022-09-21 07:47:57 -04:00
"github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/versions"
2022-05-23 09:01:39 -04:00
"github.com/go-playground/locales/en"
ut "github.com/go-playground/universal-translator"
"github.com/go-playground/validator/v10"
en_translations "github.com/go-playground/validator/v10/translations/en"
2022-11-15 09:40:49 -05:00
"go.uber.org/multierr"
2022-03-22 11:03:15 -04:00
)
2022-11-15 09:40:49 -05:00
// Measurements is a required alias since docgen is not able to work with
// types in other packages.
type Measurements = measurements . M
2022-05-18 12:10:57 -04:00
const (
2022-11-09 09:57:54 -05:00
// Version1 is the first version number for Constellation config file.
2022-05-18 12:10:57 -04:00
Version1 = "v1"
)
2022-10-21 06:24:18 -04:00
var (
2022-10-13 11:38:38 -04:00
azureReleaseImageRegex = regexp . MustCompile ( ` ^(?i)\/CommunityGalleries\/ConstellationCVM-b3782fa0-0df7-4f2f-963e-fc7fc42663df\/Images\/constellation\/Versions\/[\d]+.[\d]+.[\d]+$ ` )
2022-10-21 06:24:18 -04:00
gcpReleaseImageRegex = regexp . MustCompile ( ` ^projects\/constellation-images\/global\/images\/constellation-v[\d]+-[\d]+-[\d]+$ ` )
)
2022-05-16 12:54:25 -04:00
// Config defines configuration used by CLI.
type Config struct {
2022-05-18 12:10:57 -04:00
// description: |
// Schema version of this configuration file.
2022-05-23 09:01:39 -04:00
Version string ` yaml:"version" validate:"eq=v1" `
2022-05-16 12:54:25 -04:00
// description: |
2022-05-24 05:57:48 -04:00
// Size (in GB) of a node's disk to store the non-volatile state.
StateDiskSizeGB int ` yaml:"stateDiskSizeGB" validate:"min=0" `
2022-05-16 12:54:25 -04:00
// description: |
2022-09-11 10:09:05 -04:00
// Kubernetes version to be installed in the cluster.
KubernetesVersion string ` yaml:"kubernetesVersion" validate:"supported_k8s_version" `
// description: |
// DON'T USE IN PRODUCTION: enable debug mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md
2022-09-05 10:53:37 -04:00
DebugCluster * bool ` yaml:"debugCluster" validate:"required" `
2022-05-16 12:54:25 -04:00
// description: |
2022-05-24 05:57:48 -04:00
// Supported cloud providers and their specific configurations.
2022-05-23 09:01:39 -04:00
Provider ProviderConfig ` yaml:"provider" validate:"dive" `
2022-05-16 12:54:25 -04:00
// description: |
2022-11-11 02:44:36 -05:00
// Deprecated: Does nothing! To get node SSH access, see: https://constellation-docs.edgeless.systems/constellation/workflows/troubleshooting#connect-to-nodes-via-ssh
2022-05-17 04:52:37 -04:00
// examples:
// - value: '[]UserKey{ { Username: "Alice", PublicKey: "ssh-rsa AAAAB3NzaC...5QXHKW1rufgtJeSeJ8= alice@domain.com" } }'
2022-05-23 09:01:39 -04:00
SSHUsers [ ] UserKey ` yaml:"sshUsers,omitempty" validate:"dive" `
2022-07-18 06:28:02 -04:00
// description: |
2022-08-29 10:49:44 -04:00
// Configuration to apply during constellation upgrade.
// examples:
// - value: 'UpgradeConfig{ Image: "", Measurements: Measurements{} }'
Upgrade UpgradeConfig ` yaml:"upgrade,omitempty" `
}
// UpgradeConfig defines configuration used during constellation upgrade.
type UpgradeConfig struct {
// description: |
// Updated machine image to install on all nodes.
Image string ` yaml:"image" `
// description: |
// Measurements of the updated image.
Measurements Measurements ` yaml:"measurements" `
2022-05-17 04:52:37 -04:00
}
// UserKey describes a user that should be created with corresponding public SSH key.
2022-11-11 02:44:36 -05:00
//
// Deprecated: UserKey was used as configuration for access-manager, which was removed
// in v2.2, but config needs to retain these values for backwards compatibility and
// config validation.
2022-05-17 04:52:37 -04:00
type UserKey struct {
// description: |
// Username of new SSH user.
2022-11-11 02:44:36 -05:00
//
// Deprecated: See UserKey.
2022-05-23 09:01:39 -04:00
Username string ` yaml:"username" validate:"required" `
2022-05-17 04:52:37 -04:00
// description: |
// Public key of new SSH user.
2022-11-11 02:44:36 -05:00
//
// Deprecated: See UserKey.
2022-05-23 09:01:39 -04:00
PublicKey string ` yaml:"publicKey" validate:"required" `
2022-05-16 12:54:25 -04:00
}
2022-03-22 11:03:15 -04:00
2022-05-16 12:54:25 -04:00
// ProviderConfig are cloud-provider specific configuration values used by the CLI.
// Fields should remain pointer-types so custom specific configs can nil them
// if not required.
type ProviderConfig struct {
2022-10-21 06:24:18 -04:00
// description: |
// Configuration for AWS as provider.
AWS * AWSConfig ` yaml:"aws,omitempty" validate:"omitempty,dive" `
2022-05-16 12:54:25 -04:00
// description: |
// Configuration for Azure as provider.
2022-05-24 05:57:48 -04:00
Azure * AzureConfig ` yaml:"azure,omitempty" validate:"omitempty,dive" `
2022-05-16 12:54:25 -04:00
// description: |
// Configuration for Google Cloud as provider.
2022-05-24 05:57:48 -04:00
GCP * GCPConfig ` yaml:"gcp,omitempty" validate:"omitempty,dive" `
2022-05-16 12:54:25 -04:00
// description: |
// Configuration for QEMU as provider.
2022-05-24 05:57:48 -04:00
QEMU * QEMUConfig ` yaml:"qemu,omitempty" validate:"omitempty,dive" `
2022-05-16 12:54:25 -04:00
}
2022-10-21 06:24:18 -04:00
// AWSConfig are AWS specific configuration values used by the CLI.
type AWSConfig struct {
// description: |
// AWS data center region. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions
Region string ` yaml:"region" validate:"required" `
// description: |
// AWS data center zone name in defined region. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones
Zone string ` yaml:"zone" validate:"required" `
// description: |
// AMI ID of the machine image used to create Constellation nodes.
Image string ` yaml:"image" validate:"required" `
// description: |
// VM instance type to use for Constellation nodes. Needs to support NitroTPM. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html
InstanceType string ` yaml:"instanceType" validate:"lowercase,aws_instance_type" `
// description: |
// Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html
StateDiskType string ` yaml:"stateDiskType" validate:"oneof=standard gp2 gp3 st1 sc1 io1" `
// description: |
// Name of the IAM profile to use for the control plane nodes.
IAMProfileControlPlane string ` yaml:"iamProfileControlPlane" validate:"required" `
// description: |
// Name of the IAM profile to use for the worker nodes.
IAMProfileWorkerNodes string ` yaml:"iamProfileWorkerNodes" validate:"required" `
// description: |
// Expected VM measurements.
Measurements Measurements ` yaml:"measurements" `
// description: |
// List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning.
EnforcedMeasurements [ ] uint32 ` yaml:"enforcedMeasurements" `
}
2022-05-16 12:54:25 -04:00
// AzureConfig are Azure specific configuration values used by the CLI.
type AzureConfig struct {
// description: |
// Subscription ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription
2022-05-23 09:01:39 -04:00
SubscriptionID string ` yaml:"subscription" validate:"uuid" `
2022-05-16 12:54:25 -04:00
// description: |
// Tenant ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-ad-tenant
2022-05-23 09:01:39 -04:00
TenantID string ` yaml:"tenant" validate:"uuid" `
2022-05-16 12:54:25 -04:00
// description: |
// Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones
2022-05-23 09:01:39 -04:00
Location string ` yaml:"location" validate:"required" `
2022-05-16 12:54:25 -04:00
// description: |
2022-09-11 10:09:05 -04:00
// Resource group for the cluster's resources. Must already exist.
2022-08-25 09:12:08 -04:00
ResourceGroup string ` yaml:"resourceGroup" validate:"required" `
// description: |
2022-09-02 11:11:06 -04:00
// Authorize spawned VMs to access Azure API.
UserAssignedIdentity string ` yaml:"userAssignedIdentity" validate:"required" `
// description: |
2022-08-29 08:18:05 -04:00
// Application client ID of the Active Directory app registration.
2022-09-11 10:09:05 -04:00
AppClientID string ` yaml:"appClientID" validate:"uuid" `
2022-08-29 08:18:05 -04:00
// description: |
2022-11-15 09:40:49 -05:00
// Client secret value of the Active Directory app registration credentials. Alternatively leave empty and pass value via CONSTELL_AZURE_CLIENT_SECRET_VALUE environment variable.
2022-08-29 08:18:05 -04:00
ClientSecretValue string ` yaml:"clientSecretValue" validate:"required" `
// description: |
2022-09-11 10:09:05 -04:00
// Machine image used to create Constellation nodes.
Image string ` yaml:"image" validate:"required" `
// description: |
// VM instance type to use for Constellation nodes.
InstanceType string ` yaml:"instanceType" validate:"azure_instance_type" `
// description: |
// Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison
StateDiskType string ` yaml:"stateDiskType" validate:"oneof=Premium_LRS Premium_ZRS Standard_LRS StandardSSD_LRS StandardSSD_ZRS" `
// description: |
2022-11-18 04:05:02 -05:00
// Deploy Azure Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage
DeployCSIDriver * bool ` yaml:"deployCSIDriver" validate:"required" `
2022-08-29 08:18:05 -04:00
// description: |
2022-11-18 04:05:02 -05:00
// Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview
ConfidentialVM * bool ` yaml:"confidentialVM" validate:"required" `
// description: |
// Enable secure boot for VMs. If enabled, the OS image has to include a virtual machine guest state (VMGS) blob.
SecureBoot * bool ` yaml:"secureBoot" validate:"required" `
2022-08-29 08:18:05 -04:00
// description: |
2022-08-29 10:41:09 -04:00
// Expected value for the field 'idkeydigest' in the AMD SEV-SNP attestation report. Only usable with ConfidentialVMs. See 4.6 and 7.3 in: https://www.amd.com/system/files/TechDocs/56860.pdf
2022-10-05 09:02:46 -04:00
IDKeyDigest string ` yaml:"idKeyDigest" validate:"required_if=EnforceIdKeyDigest true,omitempty,hexadecimal,len=96" `
2022-08-29 10:41:09 -04:00
// description: |
// Enforce the specified idKeyDigest value during remote attestation.
2022-10-05 09:02:46 -04:00
EnforceIDKeyDigest * bool ` yaml:"enforceIdKeyDigest" validate:"required" `
2022-08-29 10:41:09 -04:00
// description: |
2022-11-18 04:05:02 -05:00
// Expected confidential VM measurements.
Measurements Measurements ` yaml:"measurements" `
2022-10-19 07:10:15 -04:00
// description: |
2022-11-18 04:05:02 -05:00
// List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning.
EnforcedMeasurements [ ] uint32 ` yaml:"enforcedMeasurements" `
2022-05-16 12:54:25 -04:00
}
// GCPConfig are GCP specific configuration values used by the CLI.
type GCPConfig struct {
// description: |
// GCP project. See: https://support.google.com/googleapi/answer/7014113?hl=en
2022-05-23 09:01:39 -04:00
Project string ` yaml:"project" validate:"required" `
2022-05-16 12:54:25 -04:00
// description: |
// GCP datacenter region. See: https://cloud.google.com/compute/docs/regions-zones#available
2022-05-23 09:01:39 -04:00
Region string ` yaml:"region" validate:"required" `
2022-05-16 12:54:25 -04:00
// description: |
// GCP datacenter zone. See: https://cloud.google.com/compute/docs/regions-zones#available
2022-05-23 09:01:39 -04:00
Zone string ` yaml:"zone" validate:"required" `
2022-05-16 12:54:25 -04:00
// description: |
2022-09-11 10:09:05 -04:00
// Path of service account key file. For required service account roles, see https://docs.edgeless.systems/constellation/getting-started/install#authorization
ServiceAccountKeyPath string ` yaml:"serviceAccountKeyPath" validate:"required" `
// description: |
2022-05-16 12:54:25 -04:00
// Machine image used to create Constellation nodes.
2022-05-23 09:01:39 -04:00
Image string ` yaml:"image" validate:"required" `
2022-05-16 12:54:25 -04:00
// description: |
2022-09-11 10:09:05 -04:00
// VM instance type to use for Constellation nodes.
2022-08-31 11:35:33 -04:00
InstanceType string ` yaml:"instanceType" validate:"gcp_instance_type" `
// description: |
2022-08-02 06:24:55 -04:00
// Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types
StateDiskType string ` yaml:"stateDiskType" validate:"oneof=pd-standard pd-balanced pd-ssd" `
// description: |
2022-11-18 04:05:02 -05:00
// Deploy Persistent Disk CSI driver with on-node encryption. For details see: https://docs.edgeless.systems/constellation/architecture/encrypted-storage
DeployCSIDriver * bool ` yaml:"deployCSIDriver" validate:"required" `
// description: |
2022-05-24 05:57:48 -04:00
// Expected confidential VM measurements.
2022-05-16 12:54:25 -04:00
Measurements Measurements ` yaml:"measurements" `
2022-08-12 09:59:45 -04:00
// description: |
// List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning.
EnforcedMeasurements [ ] uint32 ` yaml:"enforcedMeasurements" `
2022-05-16 12:54:25 -04:00
}
2022-11-09 09:57:54 -05:00
// QEMUConfig holds config information for QEMU based Constellation deployments.
2022-05-16 12:54:25 -04:00
type QEMUConfig struct {
2022-09-26 09:52:31 -04:00
// description: |
// Path to the image to use for the VMs.
Image string ` yaml:"image" validate:"required" `
// description: |
// Format of the image to use for the VMs. Should be either qcow2 or raw.
ImageFormat string ` yaml:"imageFormat" validate:"oneof=qcow2 raw" `
// description: |
// vCPU count for the VMs.
VCPUs int ` yaml:"vcpus" validate:"required" `
// description: |
// Amount of memory per instance (MiB).
Memory int ` yaml:"memory" validate:"required" `
// description: |
// Container image to use for the QEMU metadata server.
MetadataAPIImage string ` yaml:"metadataAPIServer" validate:"required" `
2022-05-16 12:54:25 -04:00
// description: |
2022-10-05 03:11:30 -04:00
// Libvirt connection URI. Leave empty to start a libvirt instance in Docker.
LibvirtURI string ` yaml:"libvirtSocket" `
// description: |
// Container image to use for launching a containerized libvirt daemon. Only relevant if `libvirtSocket = ""`.
LibvirtContainerImage string ` yaml:"libvirtContainerImage" `
// description: |
2022-10-19 07:10:15 -04:00
// NVRAM template to be used for secure boot. Can be sentinel value "production", "testing" or a path to a custom NVRAM template
NVRAM string ` yaml:"nvram" validate:"required" `
// description: |
// Path to the OVMF firmware. Leave empty for auto selection.
Firmware string ` yaml:"firmware" `
2022-10-21 10:08:52 -04:00
// description: |
// Measurement used to enable measured boot.
Measurements Measurements ` yaml:"measurements" `
// description: |
// List of values that should be enforced to be equal to the ones from the measurement list. Any non-equal values not in this list will only result in a warning.
EnforcedMeasurements [ ] uint32 ` yaml:"enforcedMeasurements" `
2022-03-22 11:03:15 -04:00
}
// Default returns a struct with the default config.
func Default ( ) * Config {
return & Config {
2022-09-15 10:51:07 -04:00
Version : Version1 ,
StateDiskSizeGB : 30 ,
DebugCluster : func ( ) * bool { b := false ; return & b } ( ) ,
2022-05-16 12:54:25 -04:00
Provider : ProviderConfig {
2022-10-21 06:24:18 -04:00
AWS : & AWSConfig {
Region : "" ,
Image : "" ,
InstanceType : "m6a.xlarge" ,
StateDiskType : "gp3" ,
IAMProfileControlPlane : "" ,
IAMProfileWorkerNodes : "" ,
2022-11-15 09:40:49 -05:00
Measurements : measurements . DefaultsFor ( cloudprovider . AWS ) ,
2022-11-08 12:32:59 -05:00
EnforcedMeasurements : [ ] uint32 { 4 , 8 , 9 , 11 , 12 , 13 , 15 } ,
2022-10-21 06:24:18 -04:00
} ,
2022-03-22 11:03:15 -04:00
Azure : & AzureConfig {
2022-08-08 05:04:17 -04:00
SubscriptionID : "" ,
TenantID : "" ,
Location : "" ,
UserAssignedIdentity : "" ,
2022-08-25 09:12:08 -04:00
ResourceGroup : "" ,
2022-08-25 08:06:29 -04:00
Image : DefaultImageAzure ,
2022-08-31 11:35:33 -04:00
InstanceType : "Standard_DC4as_v5" ,
2022-08-31 04:33:33 -04:00
StateDiskType : "Premium_LRS" ,
2022-11-18 04:05:02 -05:00
DeployCSIDriver : func ( ) * bool { b := true ; return & b } ( ) ,
2022-10-05 09:02:46 -04:00
IDKeyDigest : "57486a447ec0f1958002a22a06b7673b9fd27d11e1c6527498056054c5fa92d23c50f9de44072760fe2b6fb89740b696" ,
EnforceIDKeyDigest : func ( ) * bool { b := true ; return & b } ( ) ,
2022-08-25 09:24:31 -04:00
ConfidentialVM : func ( ) * bool { b := true ; return & b } ( ) ,
2022-10-19 07:10:15 -04:00
SecureBoot : func ( ) * bool { b := false ; return & b } ( ) ,
2022-11-18 04:05:02 -05:00
Measurements : measurements . DefaultsFor ( cloudprovider . Azure ) ,
EnforcedMeasurements : [ ] uint32 { 4 , 8 , 9 , 11 , 12 , 13 , 15 } ,
2022-03-22 11:03:15 -04:00
} ,
GCP : & GCPConfig {
2022-08-23 11:49:55 -04:00
Project : "" ,
Region : "" ,
Zone : "" ,
2022-11-18 04:05:02 -05:00
ServiceAccountKeyPath : "" ,
2022-08-25 08:06:29 -04:00
Image : DefaultImageGCP ,
2022-08-31 11:35:33 -04:00
InstanceType : "n2d-standard-4" ,
2022-08-23 11:49:55 -04:00
StateDiskType : "pd-ssd" ,
2022-11-18 04:05:02 -05:00
DeployCSIDriver : func ( ) * bool { b := true ; return & b } ( ) ,
2022-11-15 09:40:49 -05:00
Measurements : measurements . DefaultsFor ( cloudprovider . GCP ) ,
2022-10-13 06:34:32 -04:00
EnforcedMeasurements : [ ] uint32 { 0 , 4 , 8 , 9 , 11 , 12 , 13 , 15 } ,
2022-03-22 11:03:15 -04:00
} ,
2022-05-02 04:54:54 -04:00
QEMU : & QEMUConfig {
2022-11-08 12:32:59 -05:00
ImageFormat : "raw" ,
2022-10-05 03:11:30 -04:00
VCPUs : 2 ,
Memory : 2048 ,
2022-10-07 03:38:43 -04:00
MetadataAPIImage : versions . QEMUMetadataImage ,
2022-10-05 03:11:30 -04:00
LibvirtURI : "" ,
2022-10-07 03:38:43 -04:00
LibvirtContainerImage : versions . LibvirtImage ,
2022-11-18 04:05:02 -05:00
NVRAM : "production" ,
2022-11-15 09:40:49 -05:00
Measurements : measurements . DefaultsFor ( cloudprovider . QEMU ) ,
2022-10-19 07:10:15 -04:00
EnforcedMeasurements : [ ] uint32 { 4 , 8 , 9 , 11 , 12 , 13 , 15 } ,
2022-05-02 04:54:54 -04:00
} ,
2022-03-22 11:03:15 -04:00
} ,
2022-09-02 07:57:57 -04:00
KubernetesVersion : string ( versions . Default ) ,
2022-03-22 11:03:15 -04:00
}
}
2022-11-15 09:40:49 -05:00
// FromFile returns config file with `name` read from `fileHandler` by parsing
// it as YAML. You should prefer config.New to read env vars and validate
// config in a consistent manner.
func FromFile ( fileHandler file . Handler , name string ) ( * Config , error ) {
var conf Config
if err := fileHandler . ReadYAMLStrict ( name , & conf ) ; err != nil {
if errors . Is ( err , fs . ErrNotExist ) {
return nil , fmt . Errorf ( "unable to find %s - use `constellation config generate` to generate it first" , name )
}
return nil , fmt . Errorf ( "could not load config from file %s: %w" , name , err )
2022-09-07 05:53:44 -04:00
}
2022-11-15 09:40:49 -05:00
return & conf , nil
2022-09-07 05:53:44 -04:00
}
2022-11-15 09:40:49 -05:00
// New creates a new config by:
// 1. Reading config file via provided fileHandler from file with name.
// 2. Read secrets from environment variables.
// 3. Validate config.
func New ( fileHandler file . Handler , name string ) ( * Config , error ) {
// Read config file
c , err := FromFile ( fileHandler , name )
if err != nil {
2022-08-31 11:35:33 -04:00
return nil , err
}
2022-11-15 09:40:49 -05:00
// Read secrets from env-vars.
clientSecretValue := os . Getenv ( constants . EnvVarAzureClientSecretValue )
if clientSecretValue != "" && c . Provider . Azure != nil {
c . Provider . Azure . ClientSecretValue = clientSecretValue
2022-05-23 09:01:39 -04:00
}
2022-11-15 09:40:49 -05:00
return c , c . Validate ( )
2022-09-07 05:53:44 -04:00
}
2022-05-23 09:01:39 -04:00
// HasProvider checks whether the config contains the provider.
func ( c * Config ) HasProvider ( provider cloudprovider . Provider ) bool {
switch provider {
2022-10-21 06:24:18 -04:00
case cloudprovider . AWS :
return c . Provider . AWS != nil
2022-05-23 09:01:39 -04:00
case cloudprovider . Azure :
return c . Provider . Azure != nil
case cloudprovider . GCP :
return c . Provider . GCP != nil
case cloudprovider . QEMU :
return c . Provider . QEMU != nil
}
return false
}
2022-08-01 03:37:05 -04:00
// Image returns OS image for the configured cloud provider.
// If multiple cloud providers are configured (which is not supported)
// only a single image is returned.
func ( c * Config ) Image ( ) string {
2022-10-21 06:24:18 -04:00
if c . HasProvider ( cloudprovider . AWS ) {
return c . Provider . AWS . Image
}
2022-08-01 03:37:05 -04:00
if c . HasProvider ( cloudprovider . Azure ) {
return c . Provider . Azure . Image
}
if c . HasProvider ( cloudprovider . GCP ) {
return c . Provider . GCP . Image
}
return ""
}
2022-11-09 09:57:54 -05:00
// UpdateMeasurements overwrites measurements in config with the provided ones.
2022-08-01 03:37:05 -04:00
func ( c * Config ) UpdateMeasurements ( newMeasurements Measurements ) {
2022-10-21 06:24:18 -04:00
if c . Provider . AWS != nil {
c . Provider . AWS . Measurements . CopyFrom ( newMeasurements )
}
2022-08-01 03:37:05 -04:00
if c . Provider . Azure != nil {
c . Provider . Azure . Measurements . CopyFrom ( newMeasurements )
}
if c . Provider . GCP != nil {
c . Provider . GCP . Measurements . CopyFrom ( newMeasurements )
}
if c . Provider . QEMU != nil {
c . Provider . QEMU . Measurements . CopyFrom ( newMeasurements )
}
}
2022-05-18 05:39:14 -04:00
// RemoveProviderExcept removes all provider specific configurations, i.e.,
// sets them to nil, except the one specified.
// If an unknown provider is passed, the same configuration is returned.
func ( c * Config ) RemoveProviderExcept ( provider cloudprovider . Provider ) {
currentProviderConfigs := c . Provider
c . Provider = ProviderConfig { }
switch provider {
2022-10-21 06:24:18 -04:00
case cloudprovider . AWS :
c . Provider . AWS = currentProviderConfigs . AWS
2022-05-18 05:39:14 -04:00
case cloudprovider . Azure :
c . Provider . Azure = currentProviderConfigs . Azure
case cloudprovider . GCP :
c . Provider . GCP = currentProviderConfigs . GCP
case cloudprovider . QEMU :
c . Provider . QEMU = currentProviderConfigs . QEMU
default :
c . Provider = currentProviderConfigs
}
}
2022-11-15 09:40:49 -05:00
// IsAzureNonCVM checks whether the chosen provider is azure and confidential VMs are disabled.
func ( c * Config ) IsAzureNonCVM ( ) bool {
return c . Provider . Azure != nil && c . Provider . Azure . ConfidentialVM != nil && ! * c . Provider . Azure . ConfidentialVM
}
// IsDebugCluster checks whether the cluster is configured as a debug cluster.
func ( c * Config ) IsDebugCluster ( ) bool {
if c . DebugCluster != nil && * c . DebugCluster {
return true
}
return false
}
2022-09-06 07:06:09 -04:00
// IsDebugImage checks whether image name looks like a release image, if not it is
2022-08-16 09:53:54 -04:00
// probably a debug image. In the end we do not if bootstrapper or debugd
// was put inside an image just by looking at its name.
2022-09-06 07:06:09 -04:00
func ( c * Config ) IsDebugImage ( ) bool {
2022-08-16 09:53:54 -04:00
switch {
2022-10-21 06:24:18 -04:00
case c . Provider . AWS != nil :
2022-11-08 16:32:41 -05:00
// TODO: Add proper image name validation for AWS as part of rfc/image-discoverability.md
return false
2022-08-16 09:53:54 -04:00
case c . Provider . Azure != nil :
2022-10-21 06:24:18 -04:00
return ! azureReleaseImageRegex . MatchString ( c . Provider . Azure . Image )
case c . Provider . GCP != nil :
return ! gcpReleaseImageRegex . MatchString ( c . Provider . GCP . Image )
2022-08-16 09:53:54 -04:00
default :
return false
}
}
2022-08-31 05:59:07 -04:00
// GetProvider returns the configured cloud provider.
func ( c * Config ) GetProvider ( ) cloudprovider . Provider {
2022-10-21 06:24:18 -04:00
if c . Provider . AWS != nil {
return cloudprovider . AWS
}
2022-08-31 05:59:07 -04:00
if c . Provider . Azure != nil {
return cloudprovider . Azure
}
if c . Provider . GCP != nil {
return cloudprovider . GCP
}
if c . Provider . QEMU != nil {
return cloudprovider . QEMU
}
return cloudprovider . Unknown
}
2022-11-09 09:57:54 -05:00
// EnforcesIDKeyDigest checks whether ID Key Digest should be enforced for respective cloud provider.
2022-10-05 09:02:46 -04:00
func ( c * Config ) EnforcesIDKeyDigest ( ) bool {
return c . Provider . Azure != nil && c . Provider . Azure . EnforceIDKeyDigest != nil && * c . Provider . Azure . EnforceIDKeyDigest
2022-08-31 14:10:49 -04:00
}
2022-11-18 04:05:02 -05:00
// GetEnforcedPCRs returns the list of enforced PCRs for the configured cloud provider.
func ( c * Config ) GetEnforcedPCRs ( ) [ ] uint32 {
provider := c . GetProvider ( )
switch provider {
case cloudprovider . AWS :
return c . Provider . AWS . EnforcedMeasurements
case cloudprovider . Azure :
return c . Provider . Azure . EnforcedMeasurements
case cloudprovider . GCP :
return c . Provider . GCP . EnforcedMeasurements
case cloudprovider . QEMU :
return c . Provider . QEMU . EnforcedMeasurements
default :
return nil
}
}
// DeployCSIDriver returns whether the CSI driver should be deployed for a given cloud provider.
func ( c * Config ) DeployCSIDriver ( ) bool {
return c . Provider . Azure != nil && c . Provider . Azure . DeployCSIDriver != nil && * c . Provider . Azure . DeployCSIDriver ||
c . Provider . GCP != nil && c . Provider . GCP . DeployCSIDriver != nil && * c . Provider . GCP . DeployCSIDriver
}
2022-11-15 09:40:49 -05:00
// Validate checks the config values and returns validation errors.
func ( c * Config ) Validate ( ) error {
trans := ut . New ( en . New ( ) ) . GetFallback ( )
validate := validator . New ( )
if err := en_translations . RegisterDefaultTranslations ( validate , trans ) ; err != nil {
return err
2022-03-22 11:03:15 -04:00
}
2022-08-12 09:59:45 -04:00
2022-11-15 09:40:49 -05:00
// Register AWS, Azure & GCP InstanceType validation error types
if err := validate . RegisterTranslation ( "aws_instance_type" , trans , registerTranslateAWSInstanceTypeError , translateAWSInstanceTypeError ) ; err != nil {
return err
}
2022-08-31 11:35:33 -04:00
2022-11-15 09:40:49 -05:00
if err := validate . RegisterTranslation ( "azure_instance_type" , trans , registerTranslateAzureInstanceTypeError , c . translateAzureInstanceTypeError ) ; err != nil {
return err
2022-08-31 11:35:33 -04:00
}
2022-09-05 10:53:37 -04:00
2022-11-15 09:40:49 -05:00
if err := validate . RegisterTranslation ( "gcp_instance_type" , trans , registerTranslateGCPInstanceTypeError , translateGCPInstanceTypeError ) ; err != nil {
return err
2022-10-21 06:24:18 -04:00
}
2022-11-15 09:40:49 -05:00
// Register Provider validation error types
if err := validate . RegisterTranslation ( "no_provider" , trans , registerNoProviderError , translateNoProviderError ) ; err != nil {
return err
2022-10-21 06:24:18 -04:00
}
2022-11-15 09:40:49 -05:00
if err := validate . RegisterTranslation ( "more_than_one_provider" , trans , registerMoreThanOneProviderError , c . translateMoreThanOneProviderError ) ; err != nil {
return err
2022-10-21 06:24:18 -04:00
}
2022-11-15 09:40:49 -05:00
// register custom validator with label supported_k8s_version to validate version based on available versionConfigs.
if err := validate . RegisterValidation ( "supported_k8s_version" , validateK8sVersion ) ; err != nil {
return err
}
2022-10-21 06:24:18 -04:00
2022-11-15 09:40:49 -05:00
// register custom validator with label aws_instance_type to validate the AWS instance type from config input.
if err := validate . RegisterValidation ( "aws_instance_type" , validateAWSInstanceType ) ; err != nil {
return err
2022-10-21 06:24:18 -04:00
}
2022-11-15 09:40:49 -05:00
// register custom validator with label azure_instance_type to validate the Azure instance type from config input.
if err := validate . RegisterValidation ( "azure_instance_type" , validateAzureInstanceType ) ; err != nil {
return err
}
2022-10-21 06:24:18 -04:00
2022-11-15 09:40:49 -05:00
// register custom validator with label gcp_instance_type to validate the GCP instance type from config input.
if err := validate . RegisterValidation ( "gcp_instance_type" , validateGCPInstanceType ) ; err != nil {
return err
2022-10-21 06:24:18 -04:00
}
2022-11-15 09:40:49 -05:00
// Register provider validation
validate . RegisterStructValidation ( validateProvider , ProviderConfig { } )
err := validate . Struct ( c )
if err == nil {
return nil
2022-10-21 06:24:18 -04:00
}
2022-11-15 09:40:49 -05:00
var errs validator . ValidationErrors
if ! errors . As ( err , & errs ) {
return err
}
2022-10-21 06:24:18 -04:00
2022-11-15 09:40:49 -05:00
var validationErrors error
for _ , e := range errs {
validationErrors = multierr . Append (
validationErrors ,
errors . New ( e . Translate ( trans ) ) ,
)
2022-09-05 10:53:37 -04:00
}
2022-11-15 09:40:49 -05:00
return validationErrors
2022-09-05 10:53:37 -04:00
}