cli: remove/refactor upgrade package (#2266)

* Move IAM migration client to cloudcmd package * Move Terraform Cluster upgrade client to cloudcmd package * Use hcl for creating Terraform IAM variables files * Unify terraform upgrade code * Rename some cloudcmd files for better clarity --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-08-05 21:44:15 -04:00 · 2023-08-23 10:35:42 +02:00 · 2023-08-23 10:35:42 +02:00 · 0a911806d1
commit 0a911806d1
parent 3d5d291891
29 changed files with 1197 additions and 1194 deletions
--- a/cli/internal/cloudcmd/iamupgrade.go
+++ b/cli/internal/cloudcmd/iamupgrade.go
@ -0,0 +1,78 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+package cloudcmd
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"path/filepath"
+	"strings"
+
+	"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
+	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
+	"github.com/edgelesssys/constellation/v2/internal/constants"
+	"github.com/edgelesssys/constellation/v2/internal/file"
+)
+
+// IAMUpgrader handles upgrades to IAM resources required by Constellation.
+type IAMUpgrader struct {
+	tf                tfIAMUpgradeClient
+	existingWorkspace string
+	upgradeWorkspace  string
+	fileHandler       file.Handler
+	logLevel          terraform.LogLevel
+}
+
+// NewIAMUpgrader creates and initializes a new IAMUpgrader.
+// existingWorkspace is the directory holding the existing Terraform resources.
+// upgradeWorkspace is the directory to use for holding temporary files and resources required to apply the upgrade.
+func NewIAMUpgrader(ctx context.Context, existingWorkspace, upgradeWorkspace string,
+	logLevel terraform.LogLevel, fileHandler file.Handler,
+) (*IAMUpgrader, error) {
+	tfClient, err := terraform.New(ctx, filepath.Join(upgradeWorkspace, constants.TerraformIAMUpgradeWorkingDir))
+	if err != nil {
+		return nil, fmt.Errorf("setting up terraform client: %w", err)
+	}
+
+	return &IAMUpgrader{
+		tf:                tfClient,
+		existingWorkspace: existingWorkspace,
+		upgradeWorkspace:  upgradeWorkspace,
+		fileHandler:       fileHandler,
+		logLevel:          logLevel,
+	}, nil
+}
+
+// PlanIAMUpgrade prepares the upgrade workspace and plans the possible Terraform migrations for Constellation's IAM resources (service accounts, permissions etc.).
+// In case of possible migrations, the diff is written to outWriter and this function returns true.
+func (u *IAMUpgrader) PlanIAMUpgrade(ctx context.Context, outWriter io.Writer, vars terraform.Variables, csp cloudprovider.Provider) (bool, error) {
+	return planUpgrade(
+		ctx, u.tf, u.fileHandler, outWriter, u.logLevel, vars,
+		filepath.Join("terraform", "iam", strings.ToLower(csp.String())),
+		u.existingWorkspace,
+		filepath.Join(u.upgradeWorkspace, constants.TerraformIAMUpgradeBackupDir),
+	)
+}
+
+// ApplyIAMUpgrade applies the Terraform IAM migrations planned by PlanIAMUpgrade.
+// On success, the workspace of the Upgrader replaces the existing Terraform workspace.
+func (u *IAMUpgrader) ApplyIAMUpgrade(ctx context.Context, csp cloudprovider.Provider) error {
+	if _, err := u.tf.ApplyIAM(ctx, csp, u.logLevel); err != nil {
+		return fmt.Errorf("terraform apply: %w", err)
+	}
+
+	if err := moveUpgradeToCurrent(
+		u.fileHandler,
+		u.existingWorkspace,
+		filepath.Join(u.upgradeWorkspace, constants.TerraformIAMUpgradeWorkingDir),
+	); err != nil {
+		return fmt.Errorf("promoting upgrade workspace to current workspace: %w", err)
+	}
+
+	return nil
+}