cli: upgrade uses same helm releases as init (#2177)

cli/internal/cmd/init.go

@@ -40,10 +40,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/cli/internal/cmd/pathprefix"
 	"github.com/edgelesssys/constellation/v2/cli/internal/helm"
 	"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
-	"github.com/edgelesssys/constellation/v2/internal/cloud/azureshared"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
-	"github.com/edgelesssys/constellation/v2/internal/cloud/gcpshared"
-	"github.com/edgelesssys/constellation/v2/internal/cloud/openstack"
 	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/crypto"
@@ -195,7 +192,7 @@ func (i *initCmd) initialize(cmd *cobra.Command, newDialer func(validator atls.V
 		return fmt.Errorf("creating new validator: %w", err)
 	}
 	i.log.Debugf("Created a new validator")
-	serviceAccURI, err := i.getMarshaledServiceAccountURI(provider, conf)
+	serviceAccURI, err := cloudcmd.GetMarshaledServiceAccountURI(provider, conf, i.pf, i.log, i.fileHandler)
 	if err != nil {
 		return err
 	}
@@ -211,7 +208,7 @@ func (i *initCmd) initialize(cmd *cobra.Command, newDialer func(validator atls.V
 	if err != nil {
 		return fmt.Errorf("generating measurement salt: %w", err)
 	}
-	i.log.Debugf("Measurement salt: %x", measurementSalt)
+	idFile.MeasurementSalt = measurementSalt
 
 	clusterName := clusterid.GetClusterName(conf, idFile)
 	i.log.Debugf("Setting cluster name to %s", clusterName)
@@ -258,7 +255,7 @@ func (i *initCmd) initialize(cmd *cobra.Command, newDialer func(validator atls.V
 	if err != nil {
 		return fmt.Errorf("getting Terraform output: %w", err)
 	}
-	releases, err := helmLoader.LoadReleases(conf, flags.conformance, flags.helmWaitMode, masterSecret, measurementSalt, serviceAccURI, idFile, output)
+	releases, err := helmLoader.LoadReleases(conf, flags.conformance, flags.helmWaitMode, masterSecret, serviceAccURI, idFile, output)
 	if err != nil {
 		return fmt.Errorf("loading Helm charts: %w", err)
 	}
@@ -510,7 +507,7 @@ type initFlags struct {
 	mergeConfigs bool
 }
 
-// readOrGenerateMasterSecret reads a base64 encoded master secret from file or generates a new 32 byte secret.
+// generateMasterSecret reads a base64 encoded master secret from file or generates a new 32 byte secret.
 func (i *initCmd) generateMasterSecret(outWriter io.Writer) (uri.MasterSecret, error) {
 	// No file given, generate a new secret, and save it to disk
 	i.log.Debugf("Generating new master secret")
@@ -534,59 +531,6 @@ func (i *initCmd) generateMasterSecret(outWriter io.Writer) (uri.MasterSecret, e
 	return secret, nil
 }
 
-func (i *initCmd) getMarshaledServiceAccountURI(provider cloudprovider.Provider, config *config.Config,
-) (string, error) {
-	i.log.Debugf("Getting service account URI")
-	switch provider {
-	case cloudprovider.GCP:
-		i.log.Debugf("Handling case for GCP")
-		i.log.Debugf("GCP service account key path %s", i.pf.PrefixPath(config.Provider.GCP.ServiceAccountKeyPath))
-
-		var key gcpshared.ServiceAccountKey
-		if err := i.fileHandler.ReadJSON(config.Provider.GCP.ServiceAccountKeyPath, &key); err != nil {
-			return "", fmt.Errorf("reading service account key from path %q: %w", i.pf.PrefixPath(config.Provider.GCP.ServiceAccountKeyPath), err)
-		}
-		i.log.Debugf("Read GCP service account key from path")
-		return key.ToCloudServiceAccountURI(), nil
-
-	case cloudprovider.AWS:
-		i.log.Debugf("Handling case for AWS")
-		return "", nil // AWS does not need a service account URI
-	case cloudprovider.Azure:
-		i.log.Debugf("Handling case for Azure")
-
-		authMethod := azureshared.AuthMethodUserAssignedIdentity
-
-		creds := azureshared.ApplicationCredentials{
-			TenantID:            config.Provider.Azure.TenantID,
-			Location:            config.Provider.Azure.Location,
-			PreferredAuthMethod: authMethod,
-			UamiResourceID:      config.Provider.Azure.UserAssignedIdentity,
-		}
-		return creds.ToCloudServiceAccountURI(), nil
-
-	case cloudprovider.OpenStack:
-		creds := openstack.AccountKey{
-			AuthURL:           config.Provider.OpenStack.AuthURL,
-			Username:          config.Provider.OpenStack.Username,
-			Password:          config.Provider.OpenStack.Password,
-			ProjectID:         config.Provider.OpenStack.ProjectID,
-			ProjectName:       config.Provider.OpenStack.ProjectName,
-			UserDomainName:    config.Provider.OpenStack.UserDomainName,
-			ProjectDomainName: config.Provider.OpenStack.ProjectDomainName,
-			RegionName:        config.Provider.OpenStack.RegionName,
-		}
-		return creds.ToCloudServiceAccountURI(), nil
-
-	case cloudprovider.QEMU:
-		i.log.Debugf("Handling case for QEMU")
-		return "", nil // QEMU does not use service account keys
-
-	default:
-		return "", fmt.Errorf("unsupported cloud provider %q", provider)
-	}
-}
-
 type configMerger interface {
 	mergeConfigs(configPath string, fileHandler file.Handler) error
 	kubeconfigEnvVar() string