terraform: Terraform module for GCP (#2553)

terraform/aws-constellation/fetch-ami/main.tf

@@ -1,28 +0,0 @@
-locals {
-
-  image_ref         = startswith(var.image, "v") ? "ref/-/stream/stable/${var.image}" : var.image
-  fetch_ami_command = <<EOT
-    curl -s https://cdn.confidential.cloud/constellation/v2/${local.image_ref}/image/info.json | \
-    ./yq eval '.list[] | select(.csp == "aws" and .attestationVariant == "${var.attestation_variant}" and .region == "${var.region}") | .reference' - | tr -d '\n' > "${path.module}/ami.txt"
-    echo -n "AMI: "
-    cat "${path.module}/ami.txt"
-  EOT
-}
-
-resource "null_resource" "fetch_ami" {
-  provisioner "local-exec" {
-    command = local.fetch_ami_command
-
-    environment = {
-      attestation_variant = var.attestation_variant
-    }
-  }
-  triggers = {
-    always_run = "${timestamp()}"
-  }
-}
-
-data "local_file" "ami" {
-  filename   = "${path.module}/ami.txt"
-  depends_on = [null_resource.fetch_ami]
-}

terraform/aws-constellation/fetch-ami/output.tf

@@ -1,4 +0,0 @@
-output "ami" {
-  description = "The fetched AMI."
-  value       = data.local_file.ami.content
-}

terraform/aws-constellation/fetch-ami/variables.tf

@@ -1,14 +0,0 @@
-variable "attestation_variant" {
-  description = "The attestation variant to fetch AMI data for."
-  type        = string
-}
-
-variable "region" {
-  description = "The AWS region to fetch AMI data for."
-  type        = string
-}
-
-variable "image" {
-  description = "The image reference or semantical release version to fetch AMI data for."
-  type        = string
-}

terraform/aws-constellation/install-yq.sh

@@ -1,43 +0,0 @@
-#!/usr/bin/env bash
-VERSION="v4.35.2"
-if [[ -f ./yq ]] && ./yq --version | grep -q "${VERSION}"; then
-  echo "yq is already available and up to date."
-  exit 0
-fi
-if [[ -f ./yq ]]; then
-  echo "yq is already available but not at the required version. Replacing with ${VERSION}."
-  rm -f yq
-fi
-
-echo "Fetching yq ${VERSION}"
-OS=$(uname -s)
-ARCH=$(uname -m)
-URL=""
-
-if [[ ${OS} == "Darwin" ]]; then
-  if [[ ${ARCH} == "arm64" ]]; then
-    URL="https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_darwin_arm64"
-  elif [[ ${ARCH} == "x86_64" ]]; then
-    URL="https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_darwin_amd64"
-  fi
-elif [[ ${OS} == "Linux" ]]; then
-  if [[ ${ARCH} == "x86_64" ]]; then
-    URL="https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_linux_amd64"
-  elif [[ ${ARCH} == "arm64" ]]; then
-    URL="https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_linux_arm64"
-  fi
-fi
-
-if [[ -z ${URL} ]]; then
-  echo "OS \"${OS}\" and/or architecture \"${ARCH}\" is not supported."
-  exit 1
-else
-  echo "Downloading yq from ${URL}"
-  curl -o yq -L "${URL}"
-  chmod +x ./yq
-  ./yq --version
-  if ! ./yq --version | grep -q "${VERSION}"; then # check that yq was installed correctly
-    echo "Version is incorrect"
-    exit 1
-  fi
-fi

terraform/aws-constellation/main.tf

@@ -12,7 +12,7 @@ module "aws_iam" {
 resource "null_resource" "ensure_yq" {
   provisioner "local-exec" {
     command = <<EOT
-         ${path.module}/install-yq.sh
+         ../constellation-cluster/install-yq.sh
     EOT
   }
   triggers = {
@@ -20,8 +20,9 @@ resource "null_resource" "ensure_yq" {
   }
 }
 
-module "fetch_ami" {
-  source              = "./fetch-ami"
+module "fetch_image" {
+  source              = "../fetch-image"
+  csp                 = "aws"
   attestation_variant = var.enable_snp ? "aws-sev-snp" : "aws-nitro-tpm"
   region              = local.region
   image               = var.image
@@ -35,7 +36,7 @@ module "aws" {
   node_groups                        = var.node_groups
   iam_instance_profile_worker_nodes  = module.aws_iam.worker_nodes_instance_profile
   iam_instance_profile_control_plane = module.aws_iam.control_plane_instance_profile
-  ami                                = module.fetch_ami.ami
+  ami                                = module.fetch_image.image
   region                             = local.region
   zone                               = var.zone
   debug                              = var.debug