constellation/cli/internal/cmd/maapatch.go

71 lines
1.6 KiB
Go
Raw Normal View History

terraform: add Terraform module for Azure (#2566) * add Azure Terraform module * add maa-patching command to cli * refactor release process * factor out image fetching to own action * add CI * generate * fix some unnecessary changes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use `constellation maa-patch` in ci * insecure flag when using debug image Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only update maa url if existing Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make node group zone optional on aws and gcp Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register updated workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Revert "[remove] register updated workflow" This reverts commit e70b9515b7eabbcbe0d41fa1296c48750cd02ace. * create MAA Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make maa-patching only run on azure Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add comment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * require node group zone for GCP and AWS * remove unnecessary bazel action * stamp version to correct file * refer to `maa-patch` command in docs * run Azure test in weekly e2e * comment / naming improvements * remove sa_account resource * disable spellcheck ot use "URL" * `create_maa` variable * don't write maa url to config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * default to nightly image * use input ref and stream * fix command check * don't set region in weekly e2e call * patch maa if url is not empty Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove `create_maa` variable * remove binaries Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove undefined input * replace invalid attestation URL error message Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * fix punctuation Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * skip hidden commands in clidocgen Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * enable spellcheck before code block * move spellcheck trigger out of info block Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix workflow dependencies * let image default to CLI version --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-11-13 12:46:20 -05:00
/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
package cmd
import (
"context"
"fmt"
"net/url"
"github.com/edgelesssys/constellation/v2/internal/maa"
"github.com/spf13/cobra"
)
// NewMaaPatchCmd returns a new cobra.Command for the maa-patch command.
func NewMaaPatchCmd() *cobra.Command {
cmd := &cobra.Command{
Use: "maa-patch <attestation-url>",
Short: "Patch the MAA's attestation policy",
Long: "Patch the MAA's attestation policy.",
Args: cobra.MatchAll(
cobra.ExactArgs(1),
func(cmd *cobra.Command, args []string) error {
if _, err := url.Parse(args[0]); err != nil {
return fmt.Errorf("argument %s is not a valid URL: %w", args[0], err)
}
return nil
},
),
RunE: runPatchMAA,
Hidden: true, // we don't want to show this command to the user directly.
}
return cmd
}
type maaPatchCmd struct {
log debugLog
patcher patcher
}
func runPatchMAA(cmd *cobra.Command, args []string) error {
log, err := newCLILogger(cmd)
if err != nil {
return fmt.Errorf("creating logger: %w", err)
}
p := maa.NewAzurePolicyPatcher()
c := &maaPatchCmd{log: log, patcher: p}
return c.patchMAA(cmd, args[0])
}
func (c *maaPatchCmd) patchMAA(cmd *cobra.Command, attestationURL string) error {
2024-02-08 09:20:01 -05:00
c.log.Debug(fmt.Sprintf("Using attestation URL %s", attestationURL))
terraform: add Terraform module for Azure (#2566) * add Azure Terraform module * add maa-patching command to cli * refactor release process * factor out image fetching to own action * add CI * generate * fix some unnecessary changes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use `constellation maa-patch` in ci * insecure flag when using debug image Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only update maa url if existing Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make node group zone optional on aws and gcp Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register updated workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Revert "[remove] register updated workflow" This reverts commit e70b9515b7eabbcbe0d41fa1296c48750cd02ace. * create MAA Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make maa-patching only run on azure Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add comment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * require node group zone for GCP and AWS * remove unnecessary bazel action * stamp version to correct file * refer to `maa-patch` command in docs * run Azure test in weekly e2e * comment / naming improvements * remove sa_account resource * disable spellcheck ot use "URL" * `create_maa` variable * don't write maa url to config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * default to nightly image * use input ref and stream * fix command check * don't set region in weekly e2e call * patch maa if url is not empty Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove `create_maa` variable * remove binaries Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove undefined input * replace invalid attestation URL error message Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * fix punctuation Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * skip hidden commands in clidocgen Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * enable spellcheck before code block * move spellcheck trigger out of info block Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix workflow dependencies * let image default to CLI version --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-11-13 12:46:20 -05:00
if err := c.patcher.Patch(cmd.Context(), attestationURL); err != nil {
return fmt.Errorf("patching MAA attestation policy: %w", err)
}
return nil
}
type patcher interface {
Patch(ctx context.Context, attestationURL string) error
}