Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-06-07 14:12:57 -04:00
Code Issues Projects Releases Packages Wiki Activity

write master secret after config verification

Browse source
This commit is contained in:
Leonard Cohnen 2022-08-31 13:57:59 +02:00 committed by 3u13r
parent 6440904865
commit 00e72db5d8
2 changed files with 46 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

21
cli/internal/cmd/init.go
View file

@ -105,7 +105,7 @@ func initialize(cmd *cobra.Command, newDialer func(validator *cloudcmd.Validator
return err return err
} }
serviceAccURI, err := getMarschaledServiceAccountURI(provider, config, fileHandler) serviceAccURI, err := getMarshaledServiceAccountURI(provider, config, fileHandler)
if err != nil { if err != nil {
return err return err
} }
@ -126,11 +126,16 @@ func initialize(cmd *cobra.Command, newDialer func(validator *cloudcmd.Validator
return fmt.Errorf("loading Helm charts: %w", err) return fmt.Errorf("loading Helm charts: %w", err)
} }
masterSecret, err := readOrGenerateMasterSecret(cmd.OutOrStdout(), fileHandler, flags.masterSecretPath)
if err != nil {
return fmt.Errorf("parsing or generating master secret from file %s: %w", flags.masterSecretPath, err)
}
cmd.Println("Initializing cluster ...") cmd.Println("Initializing cluster ...")
req := &initproto.InitRequest{ req := &initproto.InitRequest{
AutoscalingNodeGroups: autoscalingNodeGroups, AutoscalingNodeGroups: autoscalingNodeGroups,
MasterSecret: flags.masterSecret.Key, MasterSecret: masterSecret.Key,
Salt: flags.masterSecret.Salt, Salt: masterSecret.Salt,
KmsUri: kms.ClusterKMSURI, KmsUri: kms.ClusterKMSURI,
StorageUri: kms.NoStoreURI, StorageUri: kms.NoStoreURI,
KeyEncryptionKeyId: "", KeyEncryptionKeyId: "",
@ -253,10 +258,6 @@ func evalFlagArgs(cmd *cobra.Command, fileHandler file.Handler) (initFlags, erro
if err != nil { if err != nil {
return initFlags{}, fmt.Errorf("parsing master-secret path flag: %w", err) return initFlags{}, fmt.Errorf("parsing master-secret path flag: %w", err)
} }
masterSecret, err := readOrGenerateMasterSecret(cmd.OutOrStdout(), fileHandler, masterSecretPath)
if err != nil {
return initFlags{}, fmt.Errorf("parsing or generating master mastersecret from file %s: %w", masterSecretPath, err)
}
endpoint, err := cmd.Flags().GetString("endpoint") endpoint, err := cmd.Flags().GetString("endpoint")
if err != nil { if err != nil {
return initFlags{}, fmt.Errorf("parsing endpoint flag: %w", err) return initFlags{}, fmt.Errorf("parsing endpoint flag: %w", err)
@ -280,14 +281,14 @@ func evalFlagArgs(cmd *cobra.Command, fileHandler file.Handler) (initFlags, erro
configPath: configPath, configPath: configPath,
endpoint: endpoint, endpoint: endpoint,
autoscale: autoscale, autoscale: autoscale,
masterSecret: masterSecret, masterSecretPath: masterSecretPath,
}, nil }, nil
} }
// initFlags are the resulting values of flag preprocessing. // initFlags are the resulting values of flag preprocessing.
type initFlags struct { type initFlags struct {
configPath string configPath string
masterSecret masterSecret masterSecretPath string
endpoint string endpoint string
autoscale bool autoscale bool
} }
@ -347,7 +348,7 @@ func readIPFromIDFile(fileHandler file.Handler) (string, error) {
return idFile.IP, nil return idFile.IP, nil
} }
func getMarschaledServiceAccountURI(provider cloudprovider.Provider, config *config.Config, fileHandler file.Handler) (string, error) { func getMarshaledServiceAccountURI(provider cloudprovider.Provider, config *config.Config, fileHandler file.Handler) (string, error) {
switch provider { switch provider {
case cloudprovider.GCP: case cloudprovider.GCP:
path := config.Provider.GCP.ServiceAccountKeyPath path := config.Provider.GCP.ServiceAccountKeyPath

20
cli/internal/cmd/init_test.go
View file

@ -75,6 +75,7 @@ func TestInitialize(t *testing.T) {
helmLoader stubHelmLoader helmLoader stubHelmLoader
initServerAPI *stubInitServer initServerAPI *stubInitServer
endpointFlag string endpointFlag string
masterSecretShouldExist bool
setAutoscaleFlag bool setAutoscaleFlag bool
wantErr bool wantErr bool
}{ }{
@ -140,11 +141,16 @@ func TestInitialize(t *testing.T) {
c.Provider.Azure.UserAssignedIdentity = "userAssignedIdentity" c.Provider.Azure.UserAssignedIdentity = "userAssignedIdentity"
}, },
initServerAPI: &stubInitServer{}, initServerAPI: &stubInitServer{},
masterSecretShouldExist: true,
wantErr: true, wantErr: true,
}, },
"fail to load helm charts": { "fail missing enforced PCR": {
state: testGcpState, state: testGcpState,
helmLoader: stubHelmLoader{loadErr: someErr}, idFile: &clusterIDsFile{IP: "192.0.2.1"},
configMutator: func(c *config.Config) {
c.Provider.GCP.EnforcedMeasurements = append(c.Provider.GCP.EnforcedMeasurements, 10)
},
serviceAccKey: gcpServiceAccKey,
initServerAPI: &stubInitServer{initResp: testInitResp}, initServerAPI: &stubInitServer{initResp: testInitResp},
wantErr: true, wantErr: true,
}, },
@ -209,6 +215,10 @@ func TestInitialize(t *testing.T) {
if tc.wantErr { if tc.wantErr {
assert.Error(err) assert.Error(err)
if !tc.masterSecretShouldExist {
_, err = fileHandler.Stat(constants.MasterSecretFilename)
assert.Error(err)
}
return return
} }
require.NoError(err) require.NoError(err)
@ -219,6 +229,10 @@ func TestInitialize(t *testing.T) {
} else { } else {
assert.Len(tc.initServerAPI.activateAutoscalingNodeGroups, 0) assert.Len(tc.initServerAPI.activateAutoscalingNodeGroups, 0)
} }
var secret masterSecret
assert.NoError(fileHandler.ReadJSON(constants.MasterSecretFilename, &secret))
assert.NotEmpty(secret.Key)
assert.NotEmpty(secret.Salt)
}) })
} }
} }
@ -303,7 +317,7 @@ func TestInitCompletion(t *testing.T) {
} }
} }
func TestReadOrGeneratedMasterSecret(t *testing.T) { func TestReadOrGenerateMasterSecret(t *testing.T) {
testCases := map[string]struct { testCases := map[string]struct {
filename string filename string
createFileFunc func(handler file.Handler) error createFileFunc func(handler file.Handler) error