2022-05-16 16:54:25 +00:00
//go:generate docgen ./config.go ./config_doc.go Configuration
// This binary can be build from siderolabs/talos projects. Located at:
// https://github.com/siderolabs/talos/tree/master/hack/docgen
2022-03-22 15:03:15 +00:00
package config
import (
2022-05-13 09:56:43 +00:00
"errors"
2022-03-22 15:03:15 +00:00
"fmt"
2022-05-13 09:56:43 +00:00
"io/fs"
2022-03-22 15:03:15 +00:00
2022-04-06 08:36:58 +00:00
"github.com/edgelesssys/constellation/internal/constants"
2022-05-16 15:32:00 +00:00
"github.com/edgelesssys/constellation/internal/file"
2022-03-22 15:03:15 +00:00
)
2022-05-16 16:54:25 +00:00
// Config defines configuration used by CLI.
type Config struct {
// description: |
// Minimum number of nodes in autoscaling group.
// worker nodes.
AutoscalingNodeGroupsMin int ` yaml:"autoscalingNodeGroupsMin" `
// description: |
// Maximum number of nodes in autoscaling group.
// worker nodes.
AutoscalingNodeGroupsMax int ` yaml:"autoscalingNodeGroupsMax" `
// description: |
// Size (in GB) of data disk used for nodes.
StateDiskSizeGB int ` yaml:"stateDisksizeGB" `
// description: |
// Ingress firewall rules for node network.
IngressFirewall Firewall ` yaml:"ingressFirewall,omitempty" `
// description: |
// Egress firewall rules for node network.
2022-05-17 08:52:37 +00:00
// examples:
// - value: 'Firewall{
// {
// Name: "rule#1",
// Description: "the first rule",
// Protocol: "tcp",
// IPRange: "0.0.0.0/0",
// FromPort: 443,
// ToPort: 443,
// },
// }'
2022-05-16 16:54:25 +00:00
EgressFirewall Firewall ` yaml:"egressFirewall,omitempty" `
// description: |
// Supported cloud providers & their specific configurations.
Provider ProviderConfig ` yaml:"provider" `
// description: |
// Create SSH users on Constellation nodes.
2022-05-17 08:52:37 +00:00
// examples:
// - value: '[]UserKey{ { Username: "Alice", PublicKey: "ssh-rsa AAAAB3NzaC...5QXHKW1rufgtJeSeJ8= alice@domain.com" } }'
SSHUsers [ ] UserKey ` yaml:"sshUsers,omitempty" `
}
// UserKey describes a user that should be created with corresponding public SSH key.
type UserKey struct {
// description: |
// Username of new SSH user.
Username string ` yaml:"username" `
// description: |
// Public key of new SSH user.
PublicKey string ` yaml:"publicKey" `
2022-05-16 16:54:25 +00:00
}
2022-03-22 15:03:15 +00:00
2022-05-16 16:54:25 +00:00
type FirewallRule struct {
// description: |
// Name of rule.
Name string ` yaml:"name" `
// description: |
// Description for rule.
Description string ` yaml:"description" `
// description: |
// Protocol, such as 'udp' or 'tcp'.
Protocol string ` yaml:"protocol" `
// description: |
// CIDR range for which this rule is applied.
IPRange string ` yaml:"iprange" `
// description: |
// Port of start port of a range.
FromPort int ` yaml:"fromport" `
// description: |
// End port of a range, or 0 if a single port is given by FromPort.
ToPort int ` yaml:"toport" `
}
2022-05-02 08:54:54 +00:00
2022-05-16 16:54:25 +00:00
type Firewall [ ] FirewallRule
2022-03-22 15:03:15 +00:00
2022-05-16 16:54:25 +00:00
// ProviderConfig are cloud-provider specific configuration values used by the CLI.
// Fields should remain pointer-types so custom specific configs can nil them
// if not required.
type ProviderConfig struct {
// description: |
// Configuration for Azure as provider.
Azure * AzureConfig ` yaml:"azureConfig,omitempty" `
// description: |
// Configuration for Google Cloud as provider.
GCP * GCPConfig ` yaml:"gcpConfig,omitempty" `
// description: |
// Configuration for QEMU as provider.
QEMU * QEMUConfig ` yaml:"qemuConfig,omitempty" `
}
// AzureConfig are Azure specific configuration values used by the CLI.
type AzureConfig struct {
// description: |
// Subscription ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription
SubscriptionID string ` yaml:"subscription" `
// description: |
// Tenant ID of the used Azure account. See: https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-ad-tenant
TenantID string ` yaml:"tenant" `
// description: |
// Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones
Location string ` yaml:"location" `
// description: |
// Machine image used to create Constellation nodes.
Image string ` yaml:"image" `
// description: |
// Expected confidential VM measurements.
Measurements Measurements ` yaml:"measurements" `
// description: |
// Authorize spawned VMs to access Azure API. See: https://constellation-docs.edgeless.systems/6c320851-bdd2-41d5-bf10-e27427398692/#/getting-started/install?id=azure
UserAssignedIdentity string ` yaml:"userassignedIdentity" `
}
// GCPConfig are GCP specific configuration values used by the CLI.
type GCPConfig struct {
// description: |
// GCP project. See: https://support.google.com/googleapi/answer/7014113?hl=en
Project string ` yaml:"project" `
// description: |
// GCP datacenter region. See: https://cloud.google.com/compute/docs/regions-zones#available
Region string ` yaml:"region" `
// description: |
// GCP datacenter zone. See: https://cloud.google.com/compute/docs/regions-zones#available
Zone string ` yaml:"zone" `
// description: |
// Machine image used to create Constellation nodes.
Image string ` yaml:"image" `
// description: |
// Roles added to service account.
ServiceAccountRoles [ ] string ` yaml:"serviceAccountRoles" `
// description: |
// Measurement used to enable measured boot.
Measurements Measurements ` yaml:"measurements" `
}
type QEMUConfig struct {
// description: |
// Measurement used to enable measured boot.
Measurements Measurements ` yaml:"measurements" `
2022-03-22 15:03:15 +00:00
}
// Default returns a struct with the default config.
func Default ( ) * Config {
return & Config {
2022-05-16 16:54:25 +00:00
AutoscalingNodeGroupsMin : 1 ,
AutoscalingNodeGroupsMax : 10 ,
StateDiskSizeGB : 30 ,
IngressFirewall : Firewall {
{
Name : "coordinator" ,
Description : "Coordinator default port" ,
Protocol : "tcp" ,
IPRange : "0.0.0.0/0" ,
FromPort : constants . CoordinatorPort ,
} ,
{
Name : "wireguard" ,
Description : "WireGuard default port" ,
Protocol : "udp" ,
IPRange : "0.0.0.0/0" ,
FromPort : constants . WireguardPort ,
} ,
{
Name : "ssh" ,
Description : "SSH" ,
Protocol : "tcp" ,
IPRange : "0.0.0.0/0" ,
FromPort : constants . SSHPort ,
2022-03-22 15:03:15 +00:00
} ,
2022-05-16 16:54:25 +00:00
{
Name : "nodeport" ,
Description : "NodePort" ,
Protocol : "tcp" ,
IPRange : "0.0.0.0/0" ,
FromPort : constants . NodePortFrom ,
ToPort : constants . NodePortTo ,
} ,
} ,
Provider : ProviderConfig {
2022-03-22 15:03:15 +00:00
Azure : & AzureConfig {
2022-05-16 16:54:25 +00:00
SubscriptionID : "0d202bbb-4fa7-4af8-8125-58c269a05435" ,
TenantID : "adb650a8-5da3-4b15-b4b0-3daf65ff7626" ,
Location : "North Europe" ,
Image : "/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/CONSTELLATION-IMAGES/providers/Microsoft.Compute/galleries/Constellation/images/constellation-coreos/versions/0.0.1651150807" ,
Measurements : azurePCRs ,
UserAssignedIdentity : "/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.ManagedIdentity/userAssignedIdentities/constellation-dev-identity" ,
2022-03-22 15:03:15 +00:00
} ,
GCP : & GCPConfig {
2022-05-16 16:54:25 +00:00
Project : "constellation-331613" ,
Region : "europe-west3" ,
Zone : "europe-west3-b" ,
Image : "projects/constellation-images/global/images/constellation-coreos-1651150807" ,
ServiceAccountRoles : [ ] string {
2022-03-22 15:03:15 +00:00
"roles/compute.instanceAdmin.v1" ,
"roles/compute.networkAdmin" ,
"roles/compute.securityAdmin" ,
"roles/storage.admin" ,
"roles/iam.serviceAccountUser" ,
} ,
2022-05-16 16:54:25 +00:00
Measurements : gcpPCRs ,
2022-03-22 15:03:15 +00:00
} ,
2022-05-02 08:54:54 +00:00
QEMU : & QEMUConfig {
2022-05-16 16:54:25 +00:00
Measurements : qemuPCRs ,
2022-05-02 08:54:54 +00:00
} ,
2022-03-22 15:03:15 +00:00
} ,
}
}
2022-05-16 16:54:25 +00:00
// FromFile returns config file with `name` read from `fileHandler` by parsing
// it as YAML.
// If name is empty, the default configuration is returned.
2022-03-22 15:03:15 +00:00
func FromFile ( fileHandler file . Handler , name string ) ( * Config , error ) {
if name == "" {
2022-05-16 16:54:25 +00:00
return Default ( ) , nil
2022-03-22 15:03:15 +00:00
}
2022-05-16 16:54:25 +00:00
var emptyConf Config
if err := fileHandler . ReadYAML ( name , & emptyConf ) ; err != nil {
2022-05-13 09:56:43 +00:00
if errors . Is ( err , fs . ErrNotExist ) {
2022-05-16 12:20:21 +00:00
return nil , fmt . Errorf ( "unable to find %s - use `constellation config generate` to generate it first" , name )
2022-05-13 09:56:43 +00:00
}
2022-03-22 15:03:15 +00:00
return nil , fmt . Errorf ( "could not load config from file %s: %w" , name , err )
}
2022-05-16 16:54:25 +00:00
return & emptyConf , nil
2022-03-22 15:03:15 +00:00
}