terraform-provider: fix parsing api_server_cert_sans (#2758)

* tf: don't double quote cert sans

* tf: improve provider examples
This commit is contained in:
3u13r 2023-12-27 17:04:35 +01:00 committed by GitHub
parent 2ce73c19dc
commit 2f10223682
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 30 additions and 14 deletions

View File

@ -53,7 +53,7 @@ module "aws_infrastructure" {
instance_type = "m6a.xlarge" instance_type = "m6a.xlarge"
disk_size = 30 disk_size = 30
disk_type = "gp3" disk_type = "gp3"
initial_count = 2 initial_count = 3
zone = local.zone zone = local.zone
}, },
worker_default = { worker_default = {
@ -70,6 +70,7 @@ module "aws_infrastructure" {
image_id = data.constellation_image.bar.image.reference image_id = data.constellation_image.bar.image.reference
region = local.region region = local.region
zone = local.zone zone = local.zone
internal_load_balancer = false
debug = false debug = false
enable_snp = true enable_snp = true
custom_endpoint = "" custom_endpoint = ""
@ -100,6 +101,7 @@ resource "constellation_cluster" "aws_example" {
measurement_salt = local.measurement_salt measurement_salt = local.measurement_salt
out_of_cluster_endpoint = module.aws_infrastructure.out_of_cluster_endpoint out_of_cluster_endpoint = module.aws_infrastructure.out_of_cluster_endpoint
in_cluster_endpoint = module.aws_infrastructure.in_cluster_endpoint in_cluster_endpoint = module.aws_infrastructure.in_cluster_endpoint
api_server_cert_sans = module.aws_infrastructure.api_server_cert_sans
network_config = { network_config = {
ip_cidr_node = module.aws_infrastructure.ip_cidr_node ip_cidr_node = module.aws_infrastructure.ip_cidr_node
ip_cidr_service = "10.96.0.0/12" ip_cidr_service = "10.96.0.0/12"

View File

@ -67,6 +67,7 @@ module "azure_infrastructure" {
location = local.location location = local.location
image_id = data.constellation_image.bar.image.reference image_id = data.constellation_image.bar.image.reference
resource_group = module.azure_iam.base_resource_group resource_group = module.azure_iam.base_resource_group
internal_load_balancer = false
create_maa = true create_maa = true
} }
@ -95,6 +96,7 @@ resource "constellation_cluster" "azure_example" {
measurement_salt = local.measurement_salt measurement_salt = local.measurement_salt
out_of_cluster_endpoint = module.azure_infrastructure.out_of_cluster_endpoint out_of_cluster_endpoint = module.azure_infrastructure.out_of_cluster_endpoint
in_cluster_endpoint = module.azure_infrastructure.in_cluster_endpoint in_cluster_endpoint = module.azure_infrastructure.in_cluster_endpoint
api_server_cert_sans = module.azure_infrastructure.api_server_cert_sans
azure = { azure = {
tenant_id = module.azure_iam.tenant_id tenant_id = module.azure_iam.tenant_id
subscription_id = module.azure_iam.subscription_id subscription_id = module.azure_iam.subscription_id

View File

@ -56,7 +56,7 @@ module "gcp_infrastructure" {
instance_type = "n2d-standard-4" instance_type = "n2d-standard-4"
disk_size = 30 disk_size = 30
disk_type = "pd-ssd" disk_type = "pd-ssd"
initial_count = 2 initial_count = 3
zone = local.zone zone = local.zone
}, },
worker_default = { worker_default = {
@ -73,6 +73,7 @@ module "gcp_infrastructure" {
zone = local.zone zone = local.zone
region = local.region region = local.region
project = local.project_id project = local.project_id
internal_load_balancer = false
} }
data "constellation_attestation" "foo" { data "constellation_attestation" "foo" {
@ -99,6 +100,7 @@ resource "constellation_cluster" "gcp_example" {
measurement_salt = local.measurement_salt measurement_salt = local.measurement_salt
out_of_cluster_endpoint = module.gcp_infrastructure.out_of_cluster_endpoint out_of_cluster_endpoint = module.gcp_infrastructure.out_of_cluster_endpoint
in_cluster_endpoint = module.gcp_infrastructure.in_cluster_endpoint in_cluster_endpoint = module.gcp_infrastructure.in_cluster_endpoint
api_server_cert_sans = module.gcp_infrastructure.api_server_cert_sans
gcp = { gcp = {
project_id = module.gcp_infrastructure.project project_id = module.gcp_infrastructure.project
service_account_key = module.gcp_iam.service_account_key service_account_key = module.gcp_iam.service_account_key

View File

@ -685,9 +685,10 @@ func (r *ClusterResource) apply(ctx context.Context, data *ClusterResourceModel,
} }
// parse API server certificate SANs // parse API server certificate SANs
apiServerCertSANs := make([]string, 0, len(data.APIServerCertSANs.Elements())) apiServerCertSANs, convertDiags := r.getAPIServerCertSANs(ctx, data)
for _, san := range data.APIServerCertSANs.Elements() { diags.Append(convertDiags...)
apiServerCertSANs = append(apiServerCertSANs, san.String()) if diags.HasError() {
return diags
} }
// parse network config // parse network config
@ -1210,6 +1211,15 @@ func (r *ClusterResource) getNetworkConfig(ctx context.Context, data *ClusterRes
return networkCfg, diags return networkCfg, diags
} }
func (r *ClusterResource) getAPIServerCertSANs(ctx context.Context, data *ClusterResourceModel) ([]string, diag.Diagnostics) {
if data.APIServerCertSANs.IsNull() {
return nil, nil
}
apiServerCertSANs := make([]string, 0, len(data.APIServerCertSANs.Elements()))
diags := data.APIServerCertSANs.ElementsAs(ctx, &apiServerCertSANs, false)
return apiServerCertSANs, diags
}
// tfContextLogger is a logging adapter between the tflog package and // tfContextLogger is a logging adapter between the tflog package and
// Constellation's logger. // Constellation's logger.
type tfContextLogger struct { type tfContextLogger struct {