2023-08-23 10:35:42 +02:00
/ *
Copyright ( c ) Edgeless Systems GmbH
SPDX - License - Identifier : AGPL - 3.0 - only
* /
package cloudcmd
import (
"context"
"fmt"
"io"
"path/filepath"
"strings"
"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
"github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/file"
)
2023-09-07 12:10:36 +02:00
// UpgradeRequiresIAMMigration returns true if the given cloud provider requires an IAM migration.
func UpgradeRequiresIAMMigration ( provider cloudprovider . Provider ) bool {
switch provider {
default :
return false
}
}
2023-08-23 10:35:42 +02:00
// IAMUpgrader handles upgrades to IAM resources required by Constellation.
type IAMUpgrader struct {
tf tfIAMUpgradeClient
existingWorkspace string
upgradeWorkspace string
fileHandler file . Handler
logLevel terraform . LogLevel
}
// NewIAMUpgrader creates and initializes a new IAMUpgrader.
// existingWorkspace is the directory holding the existing Terraform resources.
// upgradeWorkspace is the directory to use for holding temporary files and resources required to apply the upgrade.
func NewIAMUpgrader ( ctx context . Context , existingWorkspace , upgradeWorkspace string ,
logLevel terraform . LogLevel , fileHandler file . Handler ,
) ( * IAMUpgrader , error ) {
2023-10-26 10:55:50 +02:00
tfClient , err := terraform . New ( ctx , existingWorkspace )
2023-08-23 10:35:42 +02:00
if err != nil {
return nil , fmt . Errorf ( "setting up terraform client: %w" , err )
}
return & IAMUpgrader {
tf : tfClient ,
existingWorkspace : existingWorkspace ,
upgradeWorkspace : upgradeWorkspace ,
fileHandler : fileHandler ,
logLevel : logLevel ,
} , nil
}
// PlanIAMUpgrade prepares the upgrade workspace and plans the possible Terraform migrations for Constellation's IAM resources (service accounts, permissions etc.).
// In case of possible migrations, the diff is written to outWriter and this function returns true.
func ( u * IAMUpgrader ) PlanIAMUpgrade ( ctx context . Context , outWriter io . Writer , vars terraform . Variables , csp cloudprovider . Provider ) ( bool , error ) {
2023-10-31 12:46:40 +01:00
return plan (
2023-08-23 10:35:42 +02:00
ctx , u . tf , u . fileHandler , outWriter , u . logLevel , vars ,
2023-10-26 10:55:50 +02:00
filepath . Join ( constants . TerraformEmbeddedDir , "iam" , strings . ToLower ( csp . String ( ) ) ) ,
u . existingWorkspace ,
2023-08-23 10:35:42 +02:00
filepath . Join ( u . upgradeWorkspace , constants . TerraformIAMUpgradeBackupDir ) ,
)
}
2023-09-14 11:51:20 +02:00
// RestoreIAMWorkspace rolls back the existing workspace to the backup directory created when planning an upgrade,
// when the user decides to not apply an upgrade after planning it.
// Note that this will not apply the restored state from the backup.
func ( u * IAMUpgrader ) RestoreIAMWorkspace ( ) error {
return restoreBackup ( u . fileHandler , u . existingWorkspace , filepath . Join ( u . upgradeWorkspace , constants . TerraformIAMUpgradeBackupDir ) )
}
2023-08-23 10:35:42 +02:00
// ApplyIAMUpgrade applies the Terraform IAM migrations planned by PlanIAMUpgrade.
// On success, the workspace of the Upgrader replaces the existing Terraform workspace.
func ( u * IAMUpgrader ) ApplyIAMUpgrade ( ctx context . Context , csp cloudprovider . Provider ) error {
if _ , err := u . tf . ApplyIAM ( ctx , csp , u . logLevel ) ; err != nil {
return fmt . Errorf ( "terraform apply: %w" , err )
}
return nil
}