cli: state file validation (#2523)

* re-use `ReadFromFile` in `CreateOrRead` Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [wip]: add constraints Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [wip] error formatting Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * formatted error messages Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * state file validation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * linter fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * allow overriding the constraints Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * dont validate on read Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add pre-create constraints Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [wip] Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * finish pre-init validation test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * finish post-init validation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use state file validation in CLI Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix apply tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update internal/validation/errors.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * use transformator for tests * tidy * use empty check directly Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update cli/internal/state/state.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/state/state.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/state/state.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update cli/internal/state/state.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * conditional validation per CSP Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix rebase Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add default case Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * validate state-file as last input Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2025-08-06 05:54:28 -04:00 · 2023-11-03 15:47:03 +01:00 · 2023-11-03 15:47:03 +01:00 · 744a605602
commit 744a605602
parent eaec73cca4
21 changed files with 1779 additions and 247 deletions
--- a/cli/internal/cmd/apply_test.go
+++ b/cli/internal/cmd/apply_test.go
@ -14,6 +14,7 @@ import (
 	"time"

 	"github.com/edgelesssys/constellation/v2/cli/internal/helm"
+	"github.com/edgelesssys/constellation/v2/cli/internal/state"
 	"github.com/edgelesssys/constellation/v2/internal/file"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/spf13/afero"
@ -22,6 +23,54 @@ import (
 	"github.com/stretchr/testify/require"
 )

+// defaultStateFile returns a valid default state for testing.
+func defaultStateFile() *state.State {
+	return &state.State{
+		Version: "v1",
+		Infrastructure: state.Infrastructure{
+			UID:               "123",
+			Name:              "test-cluster",
+			ClusterEndpoint:   "192.0.2.1",
+			InClusterEndpoint: "192.0.2.1",
+			InitSecret:        []byte{0x41},
+			APIServerCertSANs: []string{
+				"127.0.0.1",
+				"www.example.com",
+			},
+			IPCidrNode: "0.0.0.0/24",
+			Azure: &state.Azure{
+				ResourceGroup:            "test-rg",
+				SubscriptionID:           "test-sub",
+				NetworkSecurityGroupName: "test-nsg",
+				LoadBalancerName:         "test-lb",
+				UserAssignedIdentity:     "test-uami",
+				AttestationURL:           "test-maaUrl",
+			},
+			GCP: &state.GCP{
+				ProjectID: "test-project",
+				IPCidrPod: "0.0.0.0/24",
+			},
+		},
+		ClusterValues: state.ClusterValues{
+			ClusterID:       "deadbeef",
+			OwnerID:         "deadbeef",
+			MeasurementSalt: []byte{0x41},
+		},
+	}
+}
+
+func defaultAzureStateFile() *state.State {
+	s := defaultStateFile()
+	s.Infrastructure.GCP = nil
+	return s
+}
+
+func defaultGCPStateFile() *state.State {
+	s := defaultStateFile()
+	s.Infrastructure.Azure = nil
+	return s
+}
+
 func TestParseApplyFlags(t *testing.T) {
 	require := require.New(t)
 	defaultFlags := func() *pflag.FlagSet {