cli: remove helm management from join-config (#2251)

* Replace UpdateAttestationConfig with ApplyJoinConfig * Dont set up join-config over Helm, it is now only managed by our CLI directly during init and upgrade * Remove measurementSalt and attestationConfig parsing from helm, they were only needed for the JoinConfig * Add migration step to remove join-config from Helm management * Update attestation config trouble shooting tip --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-05-02 22:34:56 -04:00 · 2023-08-23 08:14:39 +02:00 · 2023-08-23 08:14:39 +02:00 · 053aa60e47
commit 053aa60e47
parent c42e81bf23
21 changed files with 326 additions and 196 deletions
--- a/cli/internal/cmd/init.go
+++ b/cli/internal/cmd/init.go
@ -39,6 +39,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
 	"github.com/edgelesssys/constellation/v2/cli/internal/cmd/pathprefix"
 	"github.com/edgelesssys/constellation/v2/cli/internal/helm"
+	"github.com/edgelesssys/constellation/v2/cli/internal/kubecmd"
 	"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
 	"github.com/edgelesssys/constellation/v2/internal/config"
@ -129,13 +130,20 @@ func runInitialize(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("creating Helm installer: %w", err)
 	}
 	i := newInitCmd(tfClient, helmInstaller, fileHandler, spinner, &kubeconfigMerger{log: log}, log)
+
 	fetcher := attestationconfigapi.NewFetcher()
-	return i.initialize(cmd, newDialer, license.NewClient(), fetcher)
+	newAttestationApplier := func(w io.Writer, kubeConfig string, log debugLog) (attestationConfigApplier, error) {
+		return kubecmd.New(w, kubeConfig, log)
+	}
+
+	return i.initialize(cmd, newDialer, license.NewClient(), fetcher, newAttestationApplier)
 }

 // initialize initializes a Constellation.
-func (i *initCmd) initialize(cmd *cobra.Command, newDialer func(validator atls.Validator) *dialer.Dialer,
+func (i *initCmd) initialize(
+	cmd *cobra.Command, newDialer func(validator atls.Validator) *dialer.Dialer,
 	quotaChecker license.QuotaChecker, configFetcher attestationconfigapi.Fetcher,
+	newAttestationApplier func(io.Writer, string, debugLog) (attestationConfigApplier, error),
 ) error {
 	flags, err := i.evalFlagArgs(cmd)
 	if err != nil {
@ -249,6 +257,14 @@ func (i *initCmd) initialize(cmd *cobra.Command, newDialer func(validator atls.V
 		return err
 	}

+	attestationApplier, err := newAttestationApplier(cmd.OutOrStdout(), constants.AdminConfFilename, i.log)
+	if err != nil {
+		return err
+	}
+	if err := attestationApplier.ApplyJoinConfig(cmd.Context(), conf.GetAttestationConfig(), measurementSalt); err != nil {
+		return fmt.Errorf("applying attestation config: %w", err)
+	}
+
 	helmLoader := helm.NewLoader(provider, k8sVersion, clusterName)
 	i.log.Debugf("Created new Helm loader")
 	output, err := i.clusterShower.ShowCluster(cmd.Context(), conf.GetProvider())
@ -609,3 +625,7 @@ func (e *nonRetriableError) Unwrap() error {
 type initializer interface {
 	Install(ctx context.Context, releases *helm.Releases) error
 }
+
+type attestationConfigApplier interface {
+	ApplyJoinConfig(ctx context.Context, newAttestConfig config.AttestationCfg, measurementSalt []byte) error
+}