2022-09-05 03:06:08 -04:00
/ *
Copyright ( c ) Edgeless Systems GmbH
SPDX - License - Identifier : AGPL - 3.0 - only
* /
2022-08-12 04:20:19 -04:00
package helm
import (
"bytes"
"embed"
2022-10-21 06:01:28 -04:00
"encoding/base64"
2022-08-12 04:20:19 -04:00
"encoding/json"
"fmt"
"io/fs"
2022-10-21 06:01:28 -04:00
"os"
2022-08-12 04:20:19 -04:00
"path/filepath"
"strings"
2022-09-21 07:47:57 -04:00
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
2023-01-31 06:12:19 -05:00
"github.com/edgelesssys/constellation/v2/internal/compatibility"
2022-11-18 04:05:02 -05:00
"github.com/edgelesssys/constellation/v2/internal/config"
2022-10-18 07:15:54 -04:00
"github.com/edgelesssys/constellation/v2/internal/constants"
2022-09-21 07:47:57 -04:00
"github.com/edgelesssys/constellation/v2/internal/deploy/helm"
2022-10-18 07:15:54 -04:00
"github.com/edgelesssys/constellation/v2/internal/versions"
2022-08-12 04:20:19 -04:00
"github.com/pkg/errors"
"helm.sh/helm/pkg/ignore"
"helm.sh/helm/v3/pkg/chart"
"helm.sh/helm/v3/pkg/chart/loader"
2022-10-21 06:01:28 -04:00
"helm.sh/helm/v3/pkg/chartutil"
2022-08-12 04:20:19 -04:00
)
2022-11-21 04:35:40 -05:00
// Run `go generate` to download (and patch) upstream helm charts.
2022-08-12 04:20:19 -04:00
//go:generate ./generateCilium.sh
2022-11-18 04:05:02 -05:00
//go:generate ./update-csi-charts.sh
2022-11-21 04:35:40 -05:00
//go:generate ./generateCertManager.sh
2022-08-12 04:20:19 -04:00
2022-10-18 07:15:54 -04:00
//go:embed all:charts/*
2022-11-09 09:57:54 -05:00
var helmFS embed . FS
2022-08-12 04:20:19 -04:00
2022-12-19 10:52:15 -05:00
const (
ciliumReleaseName = "cilium"
conServicesReleaseName = "constellation-services"
conOperatorsReleaseName = "constellation-operators"
certManagerReleaseName = "cert-manager"
conServicesPath = "charts/edgeless/constellation-services"
conOperatorsPath = "charts/edgeless/operators"
certManagerPath = "charts/cert-manager"
ciliumPath = "charts/cilium"
)
2022-11-09 09:57:54 -05:00
// ChartLoader loads embedded helm charts.
2022-10-31 14:25:02 -04:00
type ChartLoader struct {
2023-02-14 12:00:36 -05:00
csp cloudprovider . Provider
2022-11-28 03:15:39 -05:00
joinServiceImage string
2023-01-20 12:51:06 -05:00
keyServiceImage string
2022-11-28 03:15:39 -05:00
ccmImage string
cnmImage string
autoscalerImage string
verificationServiceImage string
gcpGuestAgentImage string
konnectivityImage string
constellationOperatorImage string
nodeMaintenanceOperatorImage string
2022-11-21 11:06:41 -05:00
}
2022-11-24 10:39:33 -05:00
// NewLoader creates a new ChartLoader.
func NewLoader ( csp cloudprovider . Provider , k8sVersion versions . ValidK8sVersion ) * ChartLoader {
2022-11-02 12:47:10 -04:00
var ccmImage , cnmImage string
2022-10-31 14:25:02 -04:00
switch csp {
case cloudprovider . AWS :
ccmImage = versions . VersionConfigs [ k8sVersion ] . CloudControllerManagerImageAWS
case cloudprovider . Azure :
ccmImage = versions . VersionConfigs [ k8sVersion ] . CloudControllerManagerImageAzure
2022-11-02 12:47:10 -04:00
cnmImage = versions . VersionConfigs [ k8sVersion ] . CloudNodeManagerImageAzure
2022-10-31 14:25:02 -04:00
case cloudprovider . GCP :
ccmImage = versions . VersionConfigs [ k8sVersion ] . CloudControllerManagerImageGCP
}
2022-08-12 04:20:19 -04:00
2022-10-31 14:25:02 -04:00
return & ChartLoader {
2023-02-14 12:00:36 -05:00
csp : csp ,
2022-11-28 03:15:39 -05:00
joinServiceImage : versions . JoinImage ,
2023-01-20 12:51:06 -05:00
keyServiceImage : versions . KeyServiceImage ,
2022-11-28 03:15:39 -05:00
ccmImage : ccmImage ,
cnmImage : cnmImage ,
autoscalerImage : versions . VersionConfigs [ k8sVersion ] . ClusterAutoscalerImage ,
verificationServiceImage : versions . VerificationImage ,
gcpGuestAgentImage : versions . GcpGuestImage ,
konnectivityImage : versions . KonnectivityAgentImage ,
constellationOperatorImage : versions . ConstellationOperatorImage ,
nodeMaintenanceOperatorImage : versions . NodeMaintenanceOperatorImage ,
2022-10-31 14:25:02 -04:00
}
}
2023-01-31 06:12:19 -05:00
// AvailableServiceVersions returns the chart version number of the bundled service versions.
func AvailableServiceVersions ( ) ( string , error ) {
servicesChart , err := loadChartsDir ( helmFS , conServicesPath )
if err != nil {
return "" , fmt . Errorf ( "loading constellation-services chart: %w" , err )
}
return compatibility . EnsurePrefixV ( servicesChart . Metadata . Version ) , nil
}
2022-11-09 09:57:54 -05:00
// Load the embedded helm charts.
2022-11-18 04:05:02 -05:00
func ( i * ChartLoader ) Load ( config * config . Config , conformanceMode bool , masterSecret , salt [ ] byte ) ( [ ] byte , error ) {
2023-02-14 12:00:36 -05:00
ciliumRelease , err := i . loadCilium ( )
2022-08-12 04:20:19 -04:00
if err != nil {
2022-10-21 11:09:43 -04:00
return nil , fmt . Errorf ( "loading cilium: %w" , err )
2022-08-12 04:20:19 -04:00
}
2023-02-14 10:41:19 -05:00
extendCiliumValues ( ciliumRelease . Values , conformanceMode )
2022-10-18 07:15:54 -04:00
2022-11-21 04:35:40 -05:00
certManagerRelease , err := i . loadCertManager ( )
if err != nil {
return nil , fmt . Errorf ( "loading cilium: %w" , err )
}
2023-02-14 12:00:36 -05:00
operatorRelease , err := i . loadOperators ( )
2022-11-21 04:35:40 -05:00
if err != nil {
return nil , fmt . Errorf ( "loading operators: %w" , err )
}
2023-02-14 12:00:36 -05:00
conServicesRelease , err := i . loadConstellationServices ( )
2022-08-12 04:20:19 -04:00
if err != nil {
2022-10-21 11:09:43 -04:00
return nil , fmt . Errorf ( "loading constellation-services: %w" , err )
2022-08-12 04:20:19 -04:00
}
2023-02-14 10:41:19 -05:00
if err := extendConstellationServicesValues ( conServicesRelease . Values , config , masterSecret , salt ) ; err != nil {
return nil , fmt . Errorf ( "extending constellation-services values: %w" , err )
}
2022-11-21 04:35:40 -05:00
releases := helm . Releases { Cilium : ciliumRelease , CertManager : certManagerRelease , Operators : operatorRelease , ConstellationServices : conServicesRelease }
2022-10-21 06:01:28 -04:00
2022-10-18 07:15:54 -04:00
rel , err := json . Marshal ( releases )
if err != nil {
return nil , err
}
return rel , nil
2022-08-12 04:20:19 -04:00
}
2023-02-14 10:41:19 -05:00
// loadCilium prepares a helm release for use in a helm install action.
2023-02-14 12:00:36 -05:00
func ( i * ChartLoader ) loadCilium ( ) ( helm . Release , error ) {
2022-12-19 10:52:15 -05:00
chart , err := loadChartsDir ( helmFS , ciliumPath )
if err != nil {
return helm . Release { } , fmt . Errorf ( "loading cilium chart: %w" , err )
}
2023-02-14 12:00:36 -05:00
values , err := i . loadCiliumValues ( )
2022-08-12 04:20:19 -04:00
if err != nil {
2023-02-14 12:00:36 -05:00
return helm . Release { } , fmt . Errorf ( "loading cilium values: %w" , err )
2022-10-21 06:01:28 -04:00
}
chartRaw , err := i . marshalChart ( chart )
if err != nil {
2022-11-21 04:35:40 -05:00
return helm . Release { } , fmt . Errorf ( "packaging cilium chart: %w" , err )
2022-08-12 04:20:19 -04:00
}
2022-10-21 06:01:28 -04:00
2022-12-19 10:52:15 -05:00
return helm . Release { Chart : chartRaw , Values : values , ReleaseName : ciliumReleaseName , Wait : false } , nil
2022-11-21 04:35:40 -05:00
}
2023-02-14 10:41:19 -05:00
// loadCiliumValues is used to separate the marshalling step from the loading step.
2022-11-21 04:35:40 -05:00
// This reduces the time unit tests take to execute.
2023-02-14 12:00:36 -05:00
func ( i * ChartLoader ) loadCiliumValues ( ) ( map [ string ] any , error ) {
2022-11-21 04:35:40 -05:00
var values map [ string ] any
2023-02-14 12:00:36 -05:00
switch i . csp {
2022-10-21 08:41:31 -04:00
case cloudprovider . AWS :
2022-11-21 04:35:40 -05:00
values = awsVals
2022-08-24 03:45:02 -04:00
case cloudprovider . Azure :
2022-11-21 04:35:40 -05:00
values = azureVals
2022-10-21 08:41:31 -04:00
case cloudprovider . GCP :
2022-11-21 04:35:40 -05:00
values = gcpVals
2022-08-24 03:45:02 -04:00
case cloudprovider . QEMU :
2022-11-21 04:35:40 -05:00
values = qemuVals
2022-08-12 04:20:19 -04:00
default :
2023-02-14 12:00:36 -05:00
return nil , fmt . Errorf ( "unknown csp: %s" , i . csp )
2022-08-12 04:20:19 -04:00
}
2023-02-14 10:41:19 -05:00
return values , nil
}
// extendCiliumValues extends the given values map by some values depending on user input.
// This extra step of separating the application of user input is necessary since service upgrades should
// reuse user input from the init step. However, we can't rely on reuse-values, because
// during upgrades we all values need to be set locally as they might have changed.
// Also, the charts are not rendered correctly without all of these values.
func extendCiliumValues ( in map [ string ] any , conformanceMode bool ) {
2022-09-20 04:07:55 -04:00
if conformanceMode {
2023-02-14 10:41:19 -05:00
in [ "kubeProxyReplacementHealthzBindAddr" ] = ""
in [ "kubeProxyReplacement" ] = "partial"
in [ "sessionAffinity" ] = true
in [ "cni" ] = map [ string ] any {
2022-09-20 04:07:55 -04:00
"chainingMode" : "portmap" ,
}
}
2022-11-21 04:35:40 -05:00
}
func ( i * ChartLoader ) loadCertManager ( ) ( helm . Release , error ) {
2022-12-19 10:52:15 -05:00
chart , err := loadChartsDir ( helmFS , certManagerPath )
2022-11-21 04:35:40 -05:00
if err != nil {
2022-12-19 10:52:15 -05:00
return helm . Release { } , fmt . Errorf ( "loading cert-manager chart: %w" , err )
2022-11-21 04:35:40 -05:00
}
2022-12-19 10:52:15 -05:00
values := i . loadCertManagerValues ( )
2022-11-21 04:35:40 -05:00
chartRaw , err := i . marshalChart ( chart )
if err != nil {
return helm . Release { } , fmt . Errorf ( "packaging cert-manager chart: %w" , err )
}
2022-12-19 10:52:15 -05:00
return helm . Release { Chart : chartRaw , Values : values , ReleaseName : certManagerReleaseName , Wait : false } , nil
2022-11-21 04:35:40 -05:00
}
// loadCertManagerHelper is used to separate the marshalling step from the loading step.
// This reduces the time unit tests take to execute.
2022-12-19 10:52:15 -05:00
func ( i * ChartLoader ) loadCertManagerValues ( ) map [ string ] any {
return map [ string ] any {
2022-11-21 04:35:40 -05:00
"installCRDs" : true ,
"prometheus" : map [ string ] any {
"enabled" : false ,
} ,
"tolerations" : [ ] map [ string ] any {
{
"key" : "node-role.kubernetes.io/control-plane" ,
"effect" : "NoSchedule" ,
"operator" : "Exists" ,
} ,
{
"key" : "node-role.kubernetes.io/master" ,
"effect" : "NoSchedule" ,
"operator" : "Exists" ,
} ,
} ,
"webhook" : map [ string ] any {
"tolerations" : [ ] map [ string ] any {
{
"key" : "node-role.kubernetes.io/control-plane" ,
"effect" : "NoSchedule" ,
"operator" : "Exists" ,
} ,
{
"key" : "node-role.kubernetes.io/master" ,
"effect" : "NoSchedule" ,
"operator" : "Exists" ,
} ,
} ,
} ,
"cainjector" : map [ string ] any {
"tolerations" : [ ] map [ string ] any {
{
"key" : "node-role.kubernetes.io/control-plane" ,
"effect" : "NoSchedule" ,
"operator" : "Exists" ,
} ,
{
"key" : "node-role.kubernetes.io/master" ,
"effect" : "NoSchedule" ,
"operator" : "Exists" ,
} ,
} ,
} ,
"startupapicheck" : map [ string ] any {
2022-11-23 10:40:37 -05:00
"timeout" : "5m" ,
"extraArgs" : [ ] string {
"--verbose" ,
} ,
2022-11-21 04:35:40 -05:00
"tolerations" : [ ] map [ string ] any {
{
"key" : "node-role.kubernetes.io/control-plane" ,
"effect" : "NoSchedule" ,
"operator" : "Exists" ,
} ,
{
"key" : "node-role.kubernetes.io/master" ,
"effect" : "NoSchedule" ,
"operator" : "Exists" ,
} ,
} ,
} ,
}
}
2023-02-14 12:00:36 -05:00
func ( i * ChartLoader ) loadOperators ( ) ( helm . Release , error ) {
2022-12-19 10:52:15 -05:00
chart , err := loadChartsDir ( helmFS , conOperatorsPath )
if err != nil {
return helm . Release { } , fmt . Errorf ( "loading operators chart: %w" , err )
}
2023-02-21 05:55:49 -05:00
2023-03-01 05:55:12 -05:00
updateVersions ( chart , compatibility . EnsurePrefixV ( constants . VersionInfo ( ) ) )
2023-02-21 05:55:49 -05:00
2023-02-14 12:00:36 -05:00
values , err := i . loadOperatorsValues ( )
2022-11-21 04:35:40 -05:00
if err != nil {
return helm . Release { } , err
}
chartRaw , err := i . marshalChart ( chart )
if err != nil {
return helm . Release { } , fmt . Errorf ( "packaging operators chart: %w" , err )
}
2022-12-19 10:52:15 -05:00
return helm . Release { Chart : chartRaw , Values : values , ReleaseName : conOperatorsReleaseName , Wait : false } , nil
2022-11-21 04:35:40 -05:00
}
// loadOperatorsHelper is used to separate the marshalling step from the loading step.
// This reduces the time unit tests take to execute.
2023-02-14 12:00:36 -05:00
func ( i * ChartLoader ) loadOperatorsValues ( ) ( map [ string ] any , error ) {
2022-11-21 04:35:40 -05:00
values := map [ string ] any {
"constellation-operator" : map [ string ] any {
"controllerManager" : map [ string ] any {
"manager" : map [ string ] any {
2022-11-28 03:15:39 -05:00
"image" : i . constellationOperatorImage ,
2022-11-21 04:35:40 -05:00
} ,
} ,
} ,
"node-maintenance-operator" : map [ string ] any {
"controllerManager" : map [ string ] any {
"manager" : map [ string ] any {
2022-11-28 03:15:39 -05:00
"image" : i . nodeMaintenanceOperatorImage ,
2022-11-21 04:35:40 -05:00
} ,
} ,
} ,
}
2023-02-14 12:00:36 -05:00
switch i . csp {
2022-11-21 04:35:40 -05:00
case cloudprovider . Azure :
conOpVals , ok := values [ "constellation-operator" ] . ( map [ string ] any )
if ! ok {
2022-12-19 10:52:15 -05:00
return nil , errors . New ( "invalid constellation-operator values" )
2022-11-21 04:35:40 -05:00
}
conOpVals [ "csp" ] = "Azure"
values [ "tags" ] = map [ string ] any {
"Azure" : true ,
}
case cloudprovider . GCP :
conOpVals , ok := values [ "constellation-operator" ] . ( map [ string ] any )
if ! ok {
2022-12-19 10:52:15 -05:00
return nil , errors . New ( "invalid constellation-operator values" )
2022-11-21 04:35:40 -05:00
}
conOpVals [ "csp" ] = "GCP"
values [ "tags" ] = map [ string ] any {
"GCP" : true ,
}
case cloudprovider . QEMU :
conOpVals , ok := values [ "constellation-operator" ] . ( map [ string ] any )
if ! ok {
2022-12-19 10:52:15 -05:00
return nil , errors . New ( "invalid constellation-operator values" )
2022-11-21 04:35:40 -05:00
}
conOpVals [ "csp" ] = "QEMU"
values [ "tags" ] = map [ string ] any {
"QEMU" : true ,
}
case cloudprovider . AWS :
conOpVals , ok := values [ "constellation-operator" ] . ( map [ string ] any )
if ! ok {
2022-12-19 10:52:15 -05:00
return nil , errors . New ( "invalid constellation-operator values" )
2022-11-21 04:35:40 -05:00
}
conOpVals [ "csp" ] = "AWS"
values [ "tags" ] = map [ string ] any {
"AWS" : true ,
}
}
2022-09-20 04:07:55 -04:00
2022-12-19 10:52:15 -05:00
return values , nil
2022-10-18 07:15:54 -04:00
}
2023-02-14 10:41:19 -05:00
// loadConstellationServices prepares a helm release for use in a helm install action.
2023-02-14 12:00:36 -05:00
func ( i * ChartLoader ) loadConstellationServices ( ) ( helm . Release , error ) {
2022-12-19 10:52:15 -05:00
chart , err := loadChartsDir ( helmFS , conServicesPath )
if err != nil {
return helm . Release { } , fmt . Errorf ( "loading constellation-services chart: %w" , err )
}
2023-02-21 05:55:49 -05:00
2023-03-01 05:55:12 -05:00
updateVersions ( chart , compatibility . EnsurePrefixV ( constants . VersionInfo ( ) ) )
2023-02-21 05:55:49 -05:00
2023-02-14 12:00:36 -05:00
values , err := i . loadConstellationServicesValues ( )
2022-10-18 07:15:54 -04:00
if err != nil {
2022-11-21 04:35:40 -05:00
return helm . Release { } , err
2022-10-18 07:15:54 -04:00
}
2022-10-21 06:01:28 -04:00
chartRaw , err := i . marshalChart ( chart )
if err != nil {
2022-11-21 04:35:40 -05:00
return helm . Release { } , fmt . Errorf ( "packaging constellation-services chart: %w" , err )
}
2022-12-19 10:52:15 -05:00
return helm . Release { Chart : chartRaw , Values : values , ReleaseName : conServicesReleaseName , Wait : false } , nil
2022-11-21 04:35:40 -05:00
}
// loadConstellationServicesHelper is used to separate the marshalling step from the loading step.
// This reduces the time unit tests take to execute.
2023-02-14 12:00:36 -05:00
func ( i * ChartLoader ) loadConstellationServicesValues ( ) ( map [ string ] any , error ) {
2022-11-21 04:35:40 -05:00
values := map [ string ] any {
2022-10-25 09:51:23 -04:00
"global" : map [ string ] any {
2023-01-20 12:51:06 -05:00
"keyServicePort" : constants . KeyServicePort ,
"keyServiceNamespace" : "" , // empty namespace means we use the release namespace
2023-01-11 04:08:57 -05:00
"serviceBasePath" : constants . ServiceBasePath ,
"joinConfigCMName" : constants . JoinConfigMap ,
"internalCMName" : constants . InternalConfigMap ,
2022-10-24 06:23:18 -04:00
} ,
2023-01-20 12:51:06 -05:00
"key-service" : map [ string ] any {
"image" : i . keyServiceImage ,
2022-10-24 06:23:18 -04:00
"saltKeyName" : constants . ConstellationSaltKey ,
"masterSecretKeyName" : constants . ConstellationMasterSecretKey ,
"masterSecretName" : constants . ConstellationMasterSecretStoreName ,
"measurementsFilename" : constants . MeasurementsFilename ,
} ,
2022-10-25 09:51:23 -04:00
"join-service" : map [ string ] any {
2023-02-14 12:00:36 -05:00
"csp" : i . csp . String ( ) ,
2022-11-24 04:57:58 -05:00
"image" : i . joinServiceImage ,
2022-10-21 06:01:28 -04:00
} ,
2022-11-02 12:47:10 -04:00
"ccm" : map [ string ] any {
2023-02-14 12:00:36 -05:00
"csp" : i . csp . String ( ) ,
2022-10-26 04:37:10 -04:00
} ,
2022-11-03 11:42:19 -04:00
"autoscaler" : map [ string ] any {
2023-02-14 12:00:36 -05:00
"csp" : i . csp . String ( ) ,
2022-11-03 11:42:19 -04:00
"image" : i . autoscalerImage ,
} ,
2022-11-21 11:06:41 -05:00
"verification-service" : map [ string ] any {
"image" : i . verificationServiceImage ,
} ,
2022-11-23 02:25:50 -05:00
"gcp-guest-agent" : map [ string ] any {
"image" : i . gcpGuestAgentImage ,
} ,
2022-11-23 02:26:09 -05:00
"konnectivity" : map [ string ] any {
"image" : i . konnectivityImage ,
} ,
2022-10-21 06:01:28 -04:00
}
2023-02-14 12:00:36 -05:00
switch i . csp {
2022-10-26 04:37:10 -04:00
case cloudprovider . Azure :
2022-11-21 04:35:40 -05:00
ccmVals , ok := values [ "ccm" ] . ( map [ string ] any )
2022-11-18 04:05:02 -05:00
if ! ok {
2022-12-19 10:52:15 -05:00
return nil , errors . New ( "invalid ccm values" )
2022-11-18 04:05:02 -05:00
}
ccmVals [ "Azure" ] = map [ string ] any {
"image" : i . ccmImage ,
}
2022-11-21 04:35:40 -05:00
values [ "cnm" ] = map [ string ] any {
2022-11-18 04:05:02 -05:00
"image" : i . cnmImage ,
}
2022-11-21 04:35:40 -05:00
values [ "tags" ] = map [ string ] any {
2022-11-18 04:05:02 -05:00
"Azure" : true ,
2022-10-26 04:37:10 -04:00
}
2022-11-18 04:05:02 -05:00
2022-10-26 04:37:10 -04:00
case cloudprovider . GCP :
2022-11-21 04:35:40 -05:00
ccmVals , ok := values [ "ccm" ] . ( map [ string ] any )
2022-11-18 04:05:02 -05:00
if ! ok {
2022-12-19 10:52:15 -05:00
return nil , errors . New ( "invalid ccm values" )
2022-11-18 04:05:02 -05:00
}
ccmVals [ "GCP" ] = map [ string ] any {
"image" : i . ccmImage ,
}
2022-11-21 04:35:40 -05:00
values [ "tags" ] = map [ string ] any {
2022-11-18 04:05:02 -05:00
"GCP" : true ,
}
2022-10-26 04:37:10 -04:00
case cloudprovider . QEMU :
2023-03-08 04:31:20 -05:00
values [ "tags" ] = map [ string ] any {
2022-11-18 04:05:02 -05:00
"QEMU" : true ,
2022-10-26 04:37:10 -04:00
}
2022-11-18 04:05:02 -05:00
2022-10-26 04:37:10 -04:00
case cloudprovider . AWS :
2022-11-21 04:35:40 -05:00
ccmVals , ok := values [ "ccm" ] . ( map [ string ] any )
2022-10-25 10:29:28 -04:00
if ! ok {
2022-12-19 10:52:15 -05:00
return nil , errors . New ( "invalid ccm values" )
2022-10-26 04:37:10 -04:00
}
ccmVals [ "AWS" ] = map [ string ] any {
2022-10-31 14:25:02 -04:00
"image" : i . ccmImage ,
2022-10-26 04:37:10 -04:00
}
2022-11-21 04:35:40 -05:00
values [ "tags" ] = map [ string ] any {
2022-10-26 04:37:10 -04:00
"AWS" : true ,
2022-10-25 10:29:28 -04:00
}
2022-10-24 06:23:18 -04:00
}
2022-12-19 10:52:15 -05:00
return values , nil
2022-10-21 06:01:28 -04:00
}
2023-02-14 10:41:19 -05:00
// extendConstellationServicesValues extends the given values map by some values depending on user input.
// This extra step of separating the application of user input is necessary since service upgrades should
// reuse user input from the init step. However, we can't rely on reuse-values, because
// during upgrades all values need to be set locally as they might have changed.
// Also, the charts are not rendered correctly without all of these values.
func extendConstellationServicesValues ( in map [ string ] any , config * config . Config , masterSecret , salt [ ] byte ) error {
keyServiceValues , ok := in [ "key-service" ] . ( map [ string ] any )
if ! ok {
return errors . New ( "missing 'key-service' key" )
}
keyServiceValues [ "masterSecret" ] = base64 . StdEncoding . EncodeToString ( masterSecret )
keyServiceValues [ "salt" ] = base64 . StdEncoding . EncodeToString ( salt )
2023-03-14 06:46:27 -04:00
joinServiceVals , ok := in [ "join-service" ] . ( map [ string ] any )
if ! ok {
return errors . New ( "invalid join-service values" )
}
joinServiceVals [ "attestationVariant" ] = config . AttestationVariant
verifyServiceVals , ok := in [ "verification-service" ] . ( map [ string ] any )
if ! ok {
return errors . New ( "invalid verification-service values" )
}
verifyServiceVals [ "attestationVariant" ] = config . AttestationVariant
2023-02-14 10:41:19 -05:00
csp := config . GetProvider ( )
switch csp {
case cloudprovider . Azure :
joinServiceVals , ok := in [ "join-service" ] . ( map [ string ] any )
if ! ok {
return errors . New ( "invalid join-service values" )
}
joinServiceVals [ "enforceIdKeyDigest" ] = config . EnforcesIDKeyDigest ( )
marshalledDigests , err := json . Marshal ( config . IDKeyDigests ( ) )
if err != nil {
return fmt . Errorf ( "marshalling id key digests: %w" , err )
}
joinServiceVals [ "idkeydigests" ] = string ( marshalledDigests )
in [ "azure" ] = map [ string ] any {
"deployCSIDriver" : config . DeployCSIDriver ( ) ,
}
case cloudprovider . GCP :
in [ "gcp" ] = map [ string ] any {
"deployCSIDriver" : config . DeployCSIDriver ( ) ,
}
}
return nil
}
2023-02-21 05:55:49 -05:00
// updateVersions changes all versions of direct dependencies that are set to "0.0.0" to newVersion.
func updateVersions ( chart * chart . Chart , newVersion string ) {
chart . Metadata . Version = newVersion
selectedDeps := chart . Metadata . Dependencies
for i := range selectedDeps {
if selectedDeps [ i ] . Version == "0.0.0" {
selectedDeps [ i ] . Version = newVersion
}
}
deps := chart . Dependencies ( )
for i := range deps {
if deps [ i ] . Metadata . Version == "0.0.0" {
deps [ i ] . Metadata . Version = newVersion
}
}
}
2022-10-21 06:01:28 -04:00
// marshalChart takes a Chart object, packages it to a temporary file and returns the content of that file.
// We currently need to take this approach of marshaling as dependencies are not marshaled correctly with json.Marshal.
// This stems from the fact that chart.Chart does not export the dependencies property.
func ( i * ChartLoader ) marshalChart ( chart * chart . Chart ) ( [ ] byte , error ) {
2022-10-31 14:25:02 -04:00
// A separate tmpdir path is necessary since during unit testing multiple go routines are accessing the same path, possibly deleting files for other routines.
tmpDirPath , err := os . MkdirTemp ( "" , "*" )
defer os . Remove ( tmpDirPath )
if err != nil {
return nil , fmt . Errorf ( "creating tmp dir: %w" , err )
}
path , err := chartutil . Save ( chart , tmpDirPath )
2022-10-21 06:01:28 -04:00
defer os . Remove ( path )
if err != nil {
2022-10-31 14:25:02 -04:00
return nil , fmt . Errorf ( "chartutil save: %w" , err )
2022-10-21 06:01:28 -04:00
}
chartRaw , err := os . ReadFile ( path )
if err != nil {
return nil , fmt . Errorf ( "reading packaged chart: %w" , err )
}
return chartRaw , nil
2022-08-12 04:20:19 -04:00
}
// taken from loader.LoadDir from the helm go module
// loadChartsDir loads from a directory.
//
// This loads charts only from directories.
func loadChartsDir ( efs embed . FS , dir string ) ( * chart . Chart , error ) {
utf8bom := [ ] byte { 0xEF , 0xBB , 0xBF }
// Just used for errors.
c := & chart . Chart { }
rules := ignore . Empty ( )
ifile , err := efs . ReadFile ( filepath . Join ( dir , ignore . HelmIgnore ) )
if err == nil {
r , err := ignore . Parse ( bytes . NewReader ( ifile ) )
if err != nil {
return c , err
}
rules = r
}
rules . AddDefaults ( )
files := [ ] * loader . BufferedFile { }
walk := func ( path string , d fs . DirEntry , err error ) error {
n := strings . TrimPrefix ( path , dir )
if n == "" {
// No need to process top level. Avoid bug with helmignore .* matching
// empty names. See issue https://github.com/kubernetes/helm/issues/1776.
return nil
}
// Normalize to / since it will also work on Windows
n = filepath . ToSlash ( n )
// Check input err
if err != nil {
return err
}
fi , err := d . Info ( )
if err != nil {
return err
}
if d . IsDir ( ) {
// Directory-based ignore rules should involve skipping the entire
// contents of that directory.
if rules . Ignore ( n , fi ) {
return filepath . SkipDir
}
return nil
}
// If a .helmignore file matches, skip this file.
if rules . Ignore ( n , fi ) {
return nil
}
// Irregular files include devices, sockets, and other uses of files that
// are not regular files. In Go they have a file mode type bit set.
// See https://golang.org/pkg/os/#FileMode for examples.
if ! fi . Mode ( ) . IsRegular ( ) {
return fmt . Errorf ( "cannot load irregular file %s as it has file mode type bits set" , path )
}
data , err := efs . ReadFile ( path )
if err != nil {
return errors . Wrapf ( err , "error reading %s" , n )
}
data = bytes . TrimPrefix ( data , utf8bom )
n = strings . TrimPrefix ( n , "/" )
files = append ( files , & loader . BufferedFile { Name : n , Data : data } )
return nil
}
if err := fs . WalkDir ( efs , dir , walk ) ; err != nil {
return c , err
}
return loader . LoadFiles ( files )
}