terraform-provider: fix parsing api_server_cert_sans (#2758)

* tf: don't double quote cert sans * tf: improve provider examples
2024-10-01 01:36:09 -04:00 · 2023-12-27 17:04:35 +01:00 · 2023-12-27 17:04:35 +01:00 · 2f10223682
commit 2f10223682
parent 2ce73c19dc
4 changed files with 30 additions and 14 deletions
--- a/terraform-provider-constellation/examples/full/aws_cluster.tf
+++ b/terraform-provider-constellation/examples/full/aws_cluster.tf
@ -53,7 +53,7 @@ module "aws_infrastructure" {
      instance_type = "m6a.xlarge"
      disk_size     = 30
      disk_type     = "gp3"
-      initial_count = 2
+      initial_count = 3
      zone          = local.zone
    },
    worker_default = {
@ -70,6 +70,7 @@ module "aws_infrastructure" {
  image_id                                = data.constellation_image.bar.image.reference
  region                                  = local.region
  zone                                    = local.zone
+  internal_load_balancer                  = false
  debug                                   = false
  enable_snp                              = true
  custom_endpoint                         = ""
@ -100,6 +101,7 @@ resource "constellation_cluster" "aws_example" {
  measurement_salt        = local.measurement_salt
  out_of_cluster_endpoint = module.aws_infrastructure.out_of_cluster_endpoint
  in_cluster_endpoint     = module.aws_infrastructure.in_cluster_endpoint
+  api_server_cert_sans    = module.aws_infrastructure.api_server_cert_sans
  network_config = {
    ip_cidr_node    = module.aws_infrastructure.ip_cidr_node
    ip_cidr_service = "10.96.0.0/12"
--- a/terraform-provider-constellation/examples/full/azure_cluster.tf
+++ b/terraform-provider-constellation/examples/full/azure_cluster.tf
@ -64,10 +64,11 @@ module "azure_infrastructure" {
      initial_count = 2
    }
  }
-  location       = local.location
-  image_id       = data.constellation_image.bar.image.reference
-  resource_group = module.azure_iam.base_resource_group
-  create_maa     = true
+  location               = local.location
+  image_id               = data.constellation_image.bar.image.reference
+  resource_group         = module.azure_iam.base_resource_group
+  internal_load_balancer = false
+  create_maa             = true
 }

 data "constellation_attestation" "foo" {
@ -95,6 +96,7 @@ resource "constellation_cluster" "azure_example" {
  measurement_salt        = local.measurement_salt
  out_of_cluster_endpoint = module.azure_infrastructure.out_of_cluster_endpoint
  in_cluster_endpoint     = module.azure_infrastructure.in_cluster_endpoint
+  api_server_cert_sans    = module.azure_infrastructure.api_server_cert_sans
  azure = {
    tenant_id                   = module.azure_iam.tenant_id
    subscription_id             = module.azure_iam.subscription_id
--- a/terraform-provider-constellation/examples/full/gcp_cluster.tf
+++ b/terraform-provider-constellation/examples/full/gcp_cluster.tf
@ -56,7 +56,7 @@ module "gcp_infrastructure" {
      instance_type = "n2d-standard-4"
      disk_size     = 30
      disk_type     = "pd-ssd"
-      initial_count = 2
+      initial_count = 3
      zone          = local.zone
    },
    worker_default = {
@ -68,11 +68,12 @@ module "gcp_infrastructure" {
      zone          = local.zone
    }
  }
-  image_id = data.constellation_image.bar.image.reference
-  debug    = false
-  zone     = local.zone
-  region   = local.region
-  project  = local.project_id
+  image_id               = data.constellation_image.bar.image.reference
+  debug                  = false
+  zone                   = local.zone
+  region                 = local.region
+  project                = local.project_id
+  internal_load_balancer = false
 }

 data "constellation_attestation" "foo" {
@ -99,6 +100,7 @@ resource "constellation_cluster" "gcp_example" {
  measurement_salt        = local.measurement_salt
  out_of_cluster_endpoint = module.gcp_infrastructure.out_of_cluster_endpoint
  in_cluster_endpoint     = module.gcp_infrastructure.in_cluster_endpoint
+  api_server_cert_sans    = module.gcp_infrastructure.api_server_cert_sans
  gcp = {
    project_id          = module.gcp_infrastructure.project
    service_account_key = module.gcp_iam.service_account_key
--- a/terraform-provider-constellation/internal/provider/cluster_resource.go
+++ b/terraform-provider-constellation/internal/provider/cluster_resource.go
@ -685,9 +685,10 @@ func (r *ClusterResource) apply(ctx context.Context, data *ClusterResourceModel,
 	}

 	// parse API server certificate SANs
-	apiServerCertSANs := make([]string, 0, len(data.APIServerCertSANs.Elements()))
-	for _, san := range data.APIServerCertSANs.Elements() {
-		apiServerCertSANs = append(apiServerCertSANs, san.String())
+	apiServerCertSANs, convertDiags := r.getAPIServerCertSANs(ctx, data)
+	diags.Append(convertDiags...)
+	if diags.HasError() {
+		return diags
 	}

 	// parse network config
@ -1210,6 +1211,15 @@ func (r *ClusterResource) getNetworkConfig(ctx context.Context, data *ClusterRes
 	return networkCfg, diags
 }

+func (r *ClusterResource) getAPIServerCertSANs(ctx context.Context, data *ClusterResourceModel) ([]string, diag.Diagnostics) {
+	if data.APIServerCertSANs.IsNull() {
+		return nil, nil
+	}
+	apiServerCertSANs := make([]string, 0, len(data.APIServerCertSANs.Elements()))
+	diags := data.APIServerCertSANs.ElementsAs(ctx, &apiServerCertSANs, false)
+	return apiServerCertSANs, diags
+}
+
 // tfContextLogger is a logging adapter between the tflog package and
 // Constellation's logger.
 type tfContextLogger struct {