Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

cli: change generate-config flag to update-config flag (#1897)

Browse Source
This commit is contained in:
miampf 2023-06-28 12:47:44 +00:00 committed by GitHub
parent 9bb91ca447
commit 77b28cb5e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 285 additions and 380 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.github/actions/constellation_iam_create/action.yml vendored
View File

@ -42,10 +42,11 @@ runs:
shell: bash
if: inputs.cloudProvider == 'aws'
run: |
constellation config generate aws
constellation iam create aws \
--zone=${{ inputs.awsZone }} \
--prefix=${{ inputs.namePrefix }} \
--generate-config --yes
--update-config --yes
- name: Constellation iam create azure
shell: bash
@ -55,21 +56,23 @@ runs:
if [[ $output == *"tf-log"* ]]; then
TFFLAG="--tf-log=DEBUG"
fi
constellation config generate azure
constellation iam create azure \
--region=${{ inputs.azureRegion }} \
--resourceGroup="${{ inputs.namePrefix }}-rg" \
--servicePrincipal="${{ inputs.namePrefix }}-sp" \
--generate-config --yes ${TFFLAG:-}
--update-config --yes ${TFFLAG:-}
- name: Constellation iam create gcp
shell: bash
if: inputs.cloudProvider == 'gcp'
run: |
constellation config generate gcp
constellation iam create gcp \
--projectID=${{ inputs.gcpProjectID }} \
--zone=${{ inputs.gcpZone }} \
--serviceAccountID="${{ inputs.namePrefix }}-sa" \
--generate-config --yes
--update-config --yes
- name: Set existing config
id: setExistingConfig

3
.github/workflows/e2e-windows.yml vendored
View File

@ -57,7 +57,8 @@ jobs:
- name: Create IAM configuration
shell: pwsh
run: |
.\constellation.exe iam create azure --region=westus --resourceGroup=e2eWindoewsRG --servicePrincipal=e2eWindoewsSP --generate-config --debug -y
.\constellation.exe config generate azure
.\constellation.exe iam create azure --region=westus --resourceGroup=e2eWindoewsRG --servicePrincipal=e2eWindoewsSP --update-config --debug -y
- name: Login to Azure (Cluster service principal)
uses: ./.github/actions/login_azure

83
cli/internal/cmd/iamcreate.go
View File

@ -22,7 +22,6 @@ import (
"github.com/edgelesssys/constellation/v2/internal/file"
"github.com/spf13/afero"
"github.com/spf13/cobra"
"golang.org/x/mod/semver"
)
var (
@ -59,8 +58,7 @@ func newIAMCreateCmd() *cobra.Command {
}
cmd.PersistentFlags().BoolP("yes", "y", false, "create the IAM configuration without further confirmation")
cmd.PersistentFlags().Bool("generate-config", false, "automatically generate a configuration file and fill in the required fields")
cmd.PersistentFlags().StringP("kubernetes", "k", semver.MajorMinor(config.Default().KubernetesVersion), "Kubernetes version to use in format MAJOR.MINOR - only usable in combination with --generate-config")
cmd.PersistentFlags().Bool("update-config", false, "automatically update the config file with the specific IAM information")
cmd.AddCommand(newIAMCreateAWSCmd())
cmd.AddCommand(newIAMCreateAzureCmd())
@ -215,16 +213,13 @@ func (c *iamCreator) create(ctx context.Context) error {
}
c.log.Debugf("Using flags: %+v", flags)
if err := c.checkWorkingDir(flags); err != nil {
if err := c.checkWorkingDir(); err != nil {
return err
}
if !flags.yesFlag {
c.cmd.Printf("The following IAM configuration will be created:\n\n")
c.providerCreator.printConfirmValues(c.cmd, flags)
if flags.generateConfig {
c.cmd.Printf("The configuration file %s will be automatically generated and populated with the IAM values.\n", flags.configPath)
}
ok, err := askToConfirm(c.cmd, "Do you want to create the configuration?")
if err != nil {
return err
@ -235,10 +230,16 @@ func (c *iamCreator) create(ctx context.Context) error {
}
}
var conf config.Config
if flags.updateConfig {
c.cmd.Printf("The configuration file %q will be automatically updated and populated with the IAM values.\n", flags.configPath)
c.log.Debugf("Parsing config %s", flags.configPath)
if err = c.fileHandler.ReadYAML(flags.configPath, &conf); err != nil {
return fmt.Errorf("error reading the configuration file: %w", err)
}
}
c.spinner.Start("Creating", false)
conf := createConfig(c.provider)
iamFile, err := c.creator.Create(ctx, c.provider, c.iamConfig)
c.spinner.Stop()
if err != nil {
@ -252,14 +253,10 @@ func (c *iamCreator) create(ctx context.Context) error {
return err
}
if flags.generateConfig {
if flags.updateConfig {
c.log.Debugf("Writing IAM configuration to %s", flags.configPath)
c.providerCreator.writeOutputValuesToConfig(conf, flags, iamFile)
// Only overwrite when --generate-config && --kubernetes. Otherwise this string is empty from parseFlagsAndSetupConfig.
if flags.k8sVersion != "" {
conf.KubernetesVersion = flags.k8sVersion
}
if err := c.fileHandler.WriteYAML(flags.configPath, conf, file.OptMkdirAll); err != nil {
c.providerCreator.writeOutputValuesToConfig(&conf, flags, iamFile)
if err := c.fileHandler.WriteYAML(flags.configPath, conf, file.OptOverwrite); err != nil {
return err
}
c.cmd.Printf("Your IAM configuration was created and filled into %s successfully.\n", flags.configPath)
@ -282,35 +279,15 @@ func (c *iamCreator) parseFlagsAndSetupConfig() (iamFlags, error) {
if err != nil {
return iamFlags{}, fmt.Errorf("parsing yes bool: %w", err)
}
generateConfig, err := c.cmd.Flags().GetBool("generate-config")
updateConfig, err := c.cmd.Flags().GetBool("update-config")
if err != nil {
return iamFlags{}, fmt.Errorf("parsing generate-config bool: %w", err)
}
k8sVersion, err := c.cmd.Flags().GetString("kubernetes")
if err != nil {
return iamFlags{}, fmt.Errorf("parsing kubernetes string: %w", err)
}
// This is implemented slightly differently compared to "config generate", since this flag is only respected in combination with --generate-config.
// Even if an invalid version is set, in case --generate-config is false, we don't overwrite the default value of the config.
// So we only need to validate the input to the flag when --generate-config is set.
// Otherwise, we return an empty string. Later, we only overwrite the value in the config when we haven't passed an empty string.
// Instead, we should have our validated K8s version parameter then.
var resolvedVersion string
if generateConfig {
resolvedVersion, err = resolveK8sVersion(k8sVersion)
if err != nil {
return iamFlags{}, fmt.Errorf("resolving kubernetes version: %w", err)
}
} else if c.cmd.Flag("kubernetes").Changed {
c.cmd.Println("Warning: --generate-config is not set, ignoring --kubernetes flag.")
return iamFlags{}, fmt.Errorf("parsing update-config bool: %w", err)
}
flags := iamFlags{
configPath: configPath,
yesFlag: yesFlag,
generateConfig: generateConfig,
k8sVersion: resolvedVersion,
configPath: configPath,
yesFlag: yesFlag,
updateConfig: updateConfig,
}
flags, err = c.providerCreator.parseFlagsAndSetupConfig(c.cmd, flags, c.iamConfig)
@ -321,28 +298,22 @@ func (c *iamCreator) parseFlagsAndSetupConfig() (iamFlags, error) {
return flags, nil
}
// checkWorkingDir checks if the current working directory already contains a Terraform dir or a Constellation config file.
func (c *iamCreator) checkWorkingDir(flags iamFlags) error {
// checkWorkingDir checks if the current working directory already contains a Terraform dir.
func (c *iamCreator) checkWorkingDir() error {
if _, err := c.fileHandler.Stat(constants.TerraformIAMWorkingDir); err == nil {
return fmt.Errorf("the current working directory already contains the Terraform workspace directory %q. Please run the command in a different directory or destroy the existing workspace", constants.TerraformIAMWorkingDir)
}
if flags.generateConfig {
if _, err := c.fileHandler.Stat(flags.configPath); err == nil {
return fmt.Errorf("the flag --generate-config is set, but %q already exists. Please either run the command in a different directory, define another config path, or delete or move the existing configuration", flags.configPath)
}
}
return nil
}
// iamFlags contains the parsed flags of the iam create command, including the parsed flags of the selected cloud provider.
type iamFlags struct {
aws awsFlags
azure azureFlags
gcp gcpFlags
configPath string
yesFlag bool
generateConfig bool
k8sVersion string
aws awsFlags
azure azureFlags
gcp gcpFlags
configPath string
yesFlag bool
updateConfig bool
}
// awsFlags contains the parsed flags of the iam create aws command.

435
cli/internal/cmd/iamcreate_test.go
View File

@ -18,11 +18,9 @@ import (
"github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/versions"
"github.com/spf13/afero"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"golang.org/x/mod/semver"
)
func TestParseIDFile(t *testing.T) {
@ -69,18 +67,18 @@ func TestParseIDFile(t *testing.T) {
}
func TestIAMCreateAWS(t *testing.T) {
defaultFs := func(require *require.Assertions, provider cloudprovider.Provider, existingFiles []string, existingDirs []string) afero.Fs {
defaultFs := func(require *require.Assertions, provider cloudprovider.Provider, existingConfigFiles []string, existingDirs []string) afero.Fs {
fs := afero.NewMemMapFs()
fileHandler := file.NewHandler(fs)
for _, f := range existingFiles {
require.NoError(fileHandler.Write(f, []byte{1, 2, 3}, file.OptNone))
for _, f := range existingConfigFiles {
require.NoError(fileHandler.WriteYAML(f, createConfig(cloudprovider.AWS), file.OptNone))
}
for _, d := range existingDirs {
require.NoError(fs.MkdirAll(d, 0o755))
}
return fs
}
readOnlyFs := func(require *require.Assertions, provider cloudprovider.Provider, existingFiles []string, existingDirs []string) afero.Fs {
readOnlyFs := func(require *require.Assertions, provider cloudprovider.Provider, existingConfigFiles []string, existingDirs []string) afero.Fs {
fs := afero.NewReadOnlyFs(afero.NewMemMapFs())
return fs
}
@ -93,22 +91,41 @@ func TestIAMCreateAWS(t *testing.T) {
}
testCases := map[string]struct {
setupFs func(require *require.Assertions, provider cloudprovider.Provider, existingFiles []string, existingDirs []string) afero.Fs
creator *stubIAMCreator
provider cloudprovider.Provider
zoneFlag string
prefixFlag string
yesFlag bool
generateConfigFlag bool
k8sVersionFlag string
configFlag string
existingFiles []string
existingDirs []string
stdin string
wantAbort bool
wantErr bool
setupFs func(require *require.Assertions, provider cloudprovider.Provider, existingConfigFiles []string, existingDirs []string) afero.Fs
creator *stubIAMCreator
provider cloudprovider.Provider
zoneFlag string
prefixFlag string
yesFlag bool
updateConfigFlag bool
configFlag string
existingConfigFiles []string
existingDirs []string
stdin string
wantAbort bool
wantErr bool
}{
"iam create aws": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
yesFlag: true,
existingConfigFiles: []string{constants.ConfigFilename},
},
"iam create aws --update-config": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
yesFlag: true,
configFlag: constants.ConfigFilename,
updateConfigFlag: true,
existingConfigFiles: []string{constants.ConfigFilename},
},
"iam create aws no config": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
@ -116,49 +133,27 @@ func TestIAMCreateAWS(t *testing.T) {
prefixFlag: "test",
yesFlag: true,
},
"iam create aws generate config": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
yesFlag: true,
configFlag: constants.ConfigFilename,
generateConfigFlag: true,
"iam create aws --update-config with --config": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
yesFlag: true,
updateConfigFlag: true,
configFlag: "custom-config.yaml",
existingConfigFiles: []string{"custom-config.yaml"},
},
"iam create aws generate config custom path": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
yesFlag: true,
generateConfigFlag: true,
configFlag: "custom-config.yaml",
},
"iam create aws generate config path already exists": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
yesFlag: true,
generateConfigFlag: true,
wantErr: true,
configFlag: constants.ConfigFilename,
existingFiles: []string{constants.ConfigFilename},
},
"iam create aws generate config custom path already exists": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
yesFlag: true,
generateConfigFlag: true,
wantErr: true,
configFlag: "custom-config.yaml",
existingFiles: []string{"custom-config.yaml"},
"iam create aws --update-config --config path doesn't exist": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
yesFlag: true,
updateConfigFlag: true,
wantErr: true,
configFlag: constants.ConfigFilename,
},
"iam create aws existing terraform dir": {
setupFs: defaultFs,
@ -178,15 +173,16 @@ func TestIAMCreateAWS(t *testing.T) {
prefixFlag: "test",
stdin: "yes\n",
},
"interactive generate config": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
stdin: "yes\n",
configFlag: constants.ConfigFilename,
generateConfigFlag: true,
"interactive update config": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
stdin: "yes\n",
configFlag: constants.ConfigFilename,
updateConfigFlag: true,
existingConfigFiles: []string{constants.ConfigFilename},
},
"interactive abort": {
setupFs: defaultFs,
@ -197,16 +193,17 @@ func TestIAMCreateAWS(t *testing.T) {
stdin: "no\n",
wantAbort: true,
},
"interactive generate config abort": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
stdin: "no\n",
generateConfigFlag: true,
configFlag: constants.ConfigFilename,
wantAbort: true,
"interactive update config abort": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
stdin: "no\n",
updateConfigFlag: true,
configFlag: constants.ConfigFilename,
wantAbort: true,
existingConfigFiles: []string{constants.ConfigFilename},
},
"invalid zone": {
setupFs: defaultFs,
@ -218,47 +215,15 @@ func TestIAMCreateAWS(t *testing.T) {
wantErr: true,
},
"unwritable fs": {
setupFs: readOnlyFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
yesFlag: true,
generateConfigFlag: true,
wantErr: true,
configFlag: constants.ConfigFilename,
},
"iam create azure without generate config and invalid kubernetes version": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
k8sVersionFlag: "1.11.1", // supposed to be ignored without generateConfigFlag
yesFlag: true,
},
"iam create azure generate config with valid kubernetes version": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
generateConfigFlag: true,
k8sVersionFlag: semver.MajorMinor(string(versions.Default)),
configFlag: constants.ConfigFilename,
yesFlag: true,
},
"iam create azure generate config with invalid kubernetes version": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
generateConfigFlag: true,
k8sVersionFlag: "1.22.1",
configFlag: constants.ConfigFilename,
yesFlag: true,
wantErr: true,
setupFs: readOnlyFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.AWS,
zoneFlag: "us-east-2a",
prefixFlag: "test",
yesFlag: true,
updateConfigFlag: true,
wantErr: true,
configFlag: constants.ConfigFilename,
},
}
@ -274,8 +239,7 @@ func TestIAMCreateAWS(t *testing.T) {
// register persistent flags manually
cmd.Flags().String("config", constants.ConfigFilename, "")
cmd.Flags().Bool("generate-config", false, "")
cmd.Flags().String("kubernetes", semver.MajorMinor(config.Default().KubernetesVersion), "")
cmd.Flags().Bool("update-config", false, "")
cmd.Flags().Bool("yes", false, "")
cmd.Flags().String("name", "constell", "")
cmd.Flags().String("tf-log", "NONE", "")
@ -289,17 +253,14 @@ func TestIAMCreateAWS(t *testing.T) {
if tc.yesFlag {
require.NoError(cmd.Flags().Set("yes", "true"))
}
if tc.generateConfigFlag {
require.NoError(cmd.Flags().Set("generate-config", "true"))
if tc.updateConfigFlag {
require.NoError(cmd.Flags().Set("update-config", "true"))
}
if tc.configFlag != "" {
require.NoError(cmd.Flags().Set("config", tc.configFlag))
}
if tc.k8sVersionFlag != "" {
require.NoError(cmd.Flags().Set("kubernetes", tc.k8sVersionFlag))
}
fileHandler := file.NewHandler(tc.setupFs(require, tc.provider, tc.existingFiles, tc.existingDirs))
fileHandler := file.NewHandler(tc.setupFs(require, tc.provider, tc.existingConfigFiles, tc.existingDirs))
iamCreator := &iamCreator{
cmd: cmd,
@ -323,7 +284,7 @@ func TestIAMCreateAWS(t *testing.T) {
return
}
if tc.generateConfigFlag {
if tc.updateConfigFlag {
readConfig := &config.Config{}
readErr := fileHandler.ReadYAML(tc.configFlag, readConfig)
require.NoError(readErr)
@ -340,18 +301,18 @@ func TestIAMCreateAWS(t *testing.T) {
}
func TestIAMCreateAzure(t *testing.T) {
defaultFs := func(require *require.Assertions, provider cloudprovider.Provider, existingFiles []string, existingDirs []string) afero.Fs {
defaultFs := func(require *require.Assertions, provider cloudprovider.Provider, existingConfigFiles []string, existingDirs []string) afero.Fs {
fs := afero.NewMemMapFs()
fileHandler := file.NewHandler(fs)
for _, f := range existingFiles {
require.NoError(fileHandler.Write(f, []byte{1, 2, 3}, file.OptNone))
for _, f := range existingConfigFiles {
require.NoError(fileHandler.WriteYAML(f, createConfig(cloudprovider.Azure), file.OptNone))
}
for _, d := range existingDirs {
require.NoError(fs.MkdirAll(d, 0o755))
}
return fs
}
readOnlyFs := func(require *require.Assertions, provider cloudprovider.Provider, existingFiles []string, existingDirs []string) afero.Fs {
readOnlyFs := func(require *require.Assertions, provider cloudprovider.Provider, existingConfigFiles []string, existingDirs []string) afero.Fs {
fs := afero.NewReadOnlyFs(afero.NewMemMapFs())
return fs
}
@ -365,17 +326,16 @@ func TestIAMCreateAzure(t *testing.T) {
}
testCases := map[string]struct {
setupFs func(require *require.Assertions, provider cloudprovider.Provider, existingFiles []string, existingDirs []string) afero.Fs
setupFs func(require *require.Assertions, provider cloudprovider.Provider, existingConfigFiles []string, existingDirs []string) afero.Fs
creator *stubIAMCreator
provider cloudprovider.Provider
regionFlag string
servicePrincipalFlag string
resourceGroupFlag string
yesFlag bool
generateConfigFlag bool
k8sVersionFlag string
updateConfigFlag bool
configFlag string
existingFiles []string
existingConfigFiles []string
existingDirs []string
stdin string
wantAbort bool
@ -390,51 +350,61 @@ func TestIAMCreateAzure(t *testing.T) {
resourceGroupFlag: "constell-test-rg",
yesFlag: true,
},
"iam create azure generate config": {
"iam create azure with existing config": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.Azure,
regionFlag: "westus",
servicePrincipalFlag: "constell-test-sp",
resourceGroupFlag: "constell-test-rg",
generateConfigFlag: true,
yesFlag: true,
existingConfigFiles: []string{constants.ConfigFilename},
},
"iam create azure --update-config": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.Azure,
regionFlag: "westus",
servicePrincipalFlag: "constell-test-sp",
resourceGroupFlag: "constell-test-rg",
updateConfigFlag: true,
configFlag: constants.ConfigFilename,
yesFlag: true,
existingConfigFiles: []string{constants.ConfigFilename},
},
"iam create azure generate config custom path": {
"iam create azure --update-config with --config": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.Azure,
regionFlag: "westus",
servicePrincipalFlag: "constell-test-sp",
resourceGroupFlag: "constell-test-rg",
generateConfigFlag: true,
updateConfigFlag: true,
configFlag: "custom-config.yaml",
yesFlag: true,
existingConfigFiles: []string{"custom-config.yaml"},
},
"iam create azure generate config custom path already exists": {
"iam create azure --update-config custom --config path doesn't exist": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.Azure,
regionFlag: "westus",
servicePrincipalFlag: "constell-test-sp",
resourceGroupFlag: "constell-test-rg",
generateConfigFlag: true,
updateConfigFlag: true,
yesFlag: true,
wantErr: true,
configFlag: "custom-config.yaml",
existingFiles: []string{"custom-config.yaml"},
},
"iam create generate config path already exists": {
"iam create azur --update-config --config path doesn't exists": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.Azure,
regionFlag: "westus",
servicePrincipalFlag: "constell-test-sp",
resourceGroupFlag: "constell-test-rg",
generateConfigFlag: true,
updateConfigFlag: true,
configFlag: constants.ConfigFilename,
existingFiles: []string{constants.ConfigFilename},
yesFlag: true,
wantErr: true,
},
@ -458,7 +428,7 @@ func TestIAMCreateAzure(t *testing.T) {
resourceGroupFlag: "constell-test-rg",
stdin: "yes\n",
},
"interactive generate config": {
"interactive update config": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.Azure,
@ -466,8 +436,9 @@ func TestIAMCreateAzure(t *testing.T) {
servicePrincipalFlag: "constell-test-sp",
resourceGroupFlag: "constell-test-rg",
stdin: "yes\n",
generateConfigFlag: true,
updateConfigFlag: true,
configFlag: constants.ConfigFilename,
existingConfigFiles: []string{constants.ConfigFilename},
},
"interactive abort": {
setupFs: defaultFs,
@ -479,7 +450,7 @@ func TestIAMCreateAzure(t *testing.T) {
stdin: "no\n",
wantAbort: true,
},
"interactive generate config abort": {
"interactive update config abort": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.Azure,
@ -487,8 +458,9 @@ func TestIAMCreateAzure(t *testing.T) {
servicePrincipalFlag: "constell-test-sp",
resourceGroupFlag: "constell-test-rg",
stdin: "no\n",
generateConfigFlag: true,
updateConfigFlag: true,
wantAbort: true,
existingConfigFiles: []string{constants.ConfigFilename},
},
"unwritable fs": {
setupFs: readOnlyFs,
@ -498,45 +470,10 @@ func TestIAMCreateAzure(t *testing.T) {
servicePrincipalFlag: "constell-test-sp",
resourceGroupFlag: "constell-test-rg",
yesFlag: true,
generateConfigFlag: true,
updateConfigFlag: true,
configFlag: constants.ConfigFilename,
wantErr: true,
},
"iam create azure without generate config and invalid kubernetes version": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.Azure,
regionFlag: "westus",
servicePrincipalFlag: "constell-test-sp",
resourceGroupFlag: "constell-test-rg",
k8sVersionFlag: "1.11.1", // supposed to be ignored without generateConfigFlag
yesFlag: true,
},
"iam create azure generate config with valid kubernetes version": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.Azure,
regionFlag: "westus",
servicePrincipalFlag: "constell-test-sp",
resourceGroupFlag: "constell-test-rg",
generateConfigFlag: true,
k8sVersionFlag: semver.MajorMinor(string(versions.Default)),
configFlag: constants.ConfigFilename,
yesFlag: true,
},
"iam create azure generate config with invalid kubernetes version": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.Azure,
regionFlag: "westus",
servicePrincipalFlag: "constell-test-sp",
resourceGroupFlag: "constell-test-rg",
generateConfigFlag: true,
k8sVersionFlag: "1.22.1",
configFlag: constants.ConfigFilename,
yesFlag: true,
wantErr: true,
},
}
for name, tc := range testCases {
@ -551,8 +488,7 @@ func TestIAMCreateAzure(t *testing.T) {
// register persistent flags manually
cmd.Flags().String("config", constants.ConfigFilename, "")
cmd.Flags().Bool("generate-config", false, "")
cmd.Flags().String("kubernetes", semver.MajorMinor(config.Default().KubernetesVersion), "")
cmd.Flags().Bool("update-config", false, "")
cmd.Flags().Bool("yes", false, "")
cmd.Flags().String("name", "constell", "")
cmd.Flags().String("tf-log", "NONE", "")
@ -569,17 +505,14 @@ func TestIAMCreateAzure(t *testing.T) {
if tc.yesFlag {
require.NoError(cmd.Flags().Set("yes", "true"))
}
if tc.generateConfigFlag {
require.NoError(cmd.Flags().Set("generate-config", "true"))
if tc.updateConfigFlag {
require.NoError(cmd.Flags().Set("update-config", "true"))
}
if tc.configFlag != "" {
require.NoError(cmd.Flags().Set("config", tc.configFlag))
}
if tc.k8sVersionFlag != "" {
require.NoError(cmd.Flags().Set("kubernetes", tc.k8sVersionFlag))
}
fileHandler := file.NewHandler(tc.setupFs(require, tc.provider, tc.existingFiles, tc.existingDirs))
fileHandler := file.NewHandler(tc.setupFs(require, tc.provider, tc.existingConfigFiles, tc.existingDirs))
iamCreator := &iamCreator{
cmd: cmd,
@ -603,7 +536,7 @@ func TestIAMCreateAzure(t *testing.T) {
return
}
if tc.generateConfigFlag {
if tc.updateConfigFlag {
readConfig := &config.Config{}
readErr := fileHandler.ReadYAML(tc.configFlag, readConfig)
require.NoError(readErr)
@ -621,18 +554,18 @@ func TestIAMCreateAzure(t *testing.T) {
}
func TestIAMCreateGCP(t *testing.T) {
defaultFs := func(require *require.Assertions, provider cloudprovider.Provider, existingFiles []string, existingDirs []string) afero.Fs {
defaultFs := func(require *require.Assertions, provider cloudprovider.Provider, existingConfigFiles []string, existingDirs []string) afero.Fs {
fs := afero.NewMemMapFs()
fileHandler := file.NewHandler(fs)
for _, f := range existingFiles {
require.NoError(fileHandler.Write(f, []byte{1, 2, 3}, file.OptNone))
for _, f := range existingConfigFiles {
require.NoError(fileHandler.WriteYAML(f, createConfig(cloudprovider.GCP), file.OptNone))
}
for _, d := range existingDirs {
require.NoError(fs.MkdirAll(d, 0o755))
}
return fs
}
readOnlyFs := func(require *require.Assertions, provider cloudprovider.Provider, existingFiles []string, existingDirs []string) afero.Fs {
readOnlyFs := func(require *require.Assertions, provider cloudprovider.Provider, existingConfigFiles []string, existingDirs []string) afero.Fs {
fs := afero.NewReadOnlyFs(afero.NewMemMapFs())
return fs
}
@ -650,17 +583,16 @@ func TestIAMCreateGCP(t *testing.T) {
}
testCases := map[string]struct {
setupFs func(require *require.Assertions, provider cloudprovider.Provider, existingFiles []string, existingDirs []string) afero.Fs
setupFs func(require *require.Assertions, provider cloudprovider.Provider, existingConfigFiles []string, existingDirs []string) afero.Fs
creator *stubIAMCreator
provider cloudprovider.Provider
zoneFlag string
serviceAccountIDFlag string
projectIDFlag string
yesFlag bool
generateConfigFlag bool
k8sVersionFlag string
updateConfigFlag bool
configFlag string
existingFiles []string
existingConfigFiles []string
existingDirs []string
stdin string
wantAbort bool
@ -675,51 +607,61 @@ func TestIAMCreateGCP(t *testing.T) {
projectIDFlag: "constell-1234",
yesFlag: true,
},
"iam create gcp generate config": {
"iam create gcp with existing config": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.GCP,
zoneFlag: "europe-west1-a",
serviceAccountIDFlag: "constell-test",
projectIDFlag: "constell-1234",
generateConfigFlag: true,
yesFlag: true,
existingConfigFiles: []string{constants.ConfigFilename},
},
"iam create gcp --update-config": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.GCP,
zoneFlag: "europe-west1-a",
serviceAccountIDFlag: "constell-test",
projectIDFlag: "constell-1234",
updateConfigFlag: true,
configFlag: constants.ConfigFilename,
yesFlag: true,
existingConfigFiles: []string{constants.ConfigFilename},
},
"iam create gcp generate config custom path": {
"iam create gcp --update-config with --config": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.GCP,
zoneFlag: "europe-west1-a",
serviceAccountIDFlag: "constell-test",
projectIDFlag: "constell-1234",
generateConfigFlag: true,
updateConfigFlag: true,
configFlag: "custom-config.yaml",
yesFlag: true,
existingConfigFiles: []string{"custom-config.yaml"},
},
"iam create gcp generate config path already exists": {
"iam create gcp --update-config --config path doesn't exists": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.GCP,
zoneFlag: "europe-west1-a",
serviceAccountIDFlag: "constell-test",
projectIDFlag: "constell-1234",
generateConfigFlag: true,
updateConfigFlag: true,
configFlag: constants.ConfigFilename,
existingFiles: []string{constants.ConfigFilename},
yesFlag: true,
wantErr: true,
},
"iam create gcp generate config custom path already exists": {
"iam create gcp --update-config wrong --config path": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.GCP,
zoneFlag: "europe-west1-a",
serviceAccountIDFlag: "constell-test",
projectIDFlag: "constell-1234",
generateConfigFlag: true,
updateConfigFlag: true,
configFlag: "custom-config.yaml",
existingFiles: []string{"custom-config.yaml"},
yesFlag: true,
wantErr: true,
},
@ -762,7 +704,7 @@ func TestIAMCreateGCP(t *testing.T) {
projectIDFlag: "constell-1234",
stdin: "yes\n",
},
"interactive generate config": {
"interactive update config": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.GCP,
@ -771,7 +713,8 @@ func TestIAMCreateGCP(t *testing.T) {
projectIDFlag: "constell-1234",
stdin: "yes\n",
configFlag: constants.ConfigFilename,
generateConfigFlag: true,
updateConfigFlag: true,
existingConfigFiles: []string{constants.ConfigFilename},
},
"interactive abort": {
setupFs: defaultFs,
@ -783,7 +726,7 @@ func TestIAMCreateGCP(t *testing.T) {
stdin: "no\n",
wantAbort: true,
},
"interactive abort generate config": {
"interactive abort update config": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.GCP,
@ -793,7 +736,8 @@ func TestIAMCreateGCP(t *testing.T) {
stdin: "no\n",
wantAbort: true,
configFlag: constants.ConfigFilename,
generateConfigFlag: true,
updateConfigFlag: true,
existingConfigFiles: []string{constants.ConfigFilename},
},
"unwritable fs": {
setupFs: readOnlyFs,
@ -803,45 +747,10 @@ func TestIAMCreateGCP(t *testing.T) {
serviceAccountIDFlag: "constell-test",
projectIDFlag: "constell-1234",
yesFlag: true,
generateConfigFlag: true,
updateConfigFlag: true,
configFlag: constants.ConfigFilename,
wantErr: true,
},
"iam create gcp without generate config and invalid kubernetes version": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.GCP,
zoneFlag: "europe-west1-a",
serviceAccountIDFlag: "constell-test",
projectIDFlag: "constell-1234",
k8sVersionFlag: "1.11.1", // supposed to be ignored without generateConfigFlag
yesFlag: true,
},
"iam create gcp generate config with valid kubernetes version": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.GCP,
zoneFlag: "europe-west1-a",
serviceAccountIDFlag: "constell-test",
projectIDFlag: "constell-1234",
generateConfigFlag: true,
k8sVersionFlag: semver.MajorMinor(string(versions.Default)),
configFlag: constants.ConfigFilename,
yesFlag: true,
},
"iam create gcp generate config with invalid kubernetes version": {
setupFs: defaultFs,
creator: &stubIAMCreator{id: validIAMIDFile},
provider: cloudprovider.GCP,
zoneFlag: "europe-west1-a",
serviceAccountIDFlag: "constell-test",
projectIDFlag: "constell-1234",
generateConfigFlag: true,
k8sVersionFlag: "1.22.1",
configFlag: constants.ConfigFilename,
yesFlag: true,
wantErr: true,
},
}
for name, tc := range testCases {
@ -856,8 +765,7 @@ func TestIAMCreateGCP(t *testing.T) {
// register persistent flags manually
cmd.Flags().String("config", constants.ConfigFilename, "")
cmd.Flags().Bool("generate-config", false, "")
cmd.Flags().String("kubernetes", semver.MajorMinor(config.Default().KubernetesVersion), "")
cmd.Flags().Bool("update-config", false, "")
cmd.Flags().Bool("yes", false, "")
cmd.Flags().String("name", "constell", "")
cmd.Flags().String("tf-log", "NONE", "")
@ -874,17 +782,14 @@ func TestIAMCreateGCP(t *testing.T) {
if tc.yesFlag {
require.NoError(cmd.Flags().Set("yes", "true"))
}
if tc.generateConfigFlag {
require.NoError(cmd.Flags().Set("generate-config", "true"))
if tc.updateConfigFlag {
require.NoError(cmd.Flags().Set("update-config", "true"))
}
if tc.configFlag != "" {
require.NoError(cmd.Flags().Set("config", tc.configFlag))
}
if tc.k8sVersionFlag != "" {
require.NoError(cmd.Flags().Set("kubernetes", tc.k8sVersionFlag))
}
fileHandler := file.NewHandler(tc.setupFs(require, tc.provider, tc.existingFiles, tc.existingDirs))
fileHandler := file.NewHandler(tc.setupFs(require, tc.provider, tc.existingConfigFiles, tc.existingDirs))
iamCreator := &iamCreator{
cmd: cmd,
@ -908,7 +813,7 @@ func TestIAMCreateGCP(t *testing.T) {
return
}
if tc.generateConfigFlag {
if tc.updateConfigFlag {
readConfig := &config.Config{}
readErr := fileHandler.ReadYAML(tc.configFlag, readConfig)
require.NoError(readErr)

12
cli/internal/cmd/upgradecheck.go
View File

@ -50,7 +50,7 @@ func newUpgradeCheckCmd() *cobra.Command {
RunE: runUpgradeCheck,
}
cmd.Flags().BoolP("write-config", "w", false, "update the specified config file with the suggested versions")
cmd.Flags().BoolP("update-config", "u", false, "update the specified config file with the suggested versions")
cmd.Flags().String("ref", versionsapi.ReleaseRef, "the reference to use for querying new versions")
cmd.Flags().String("stream", "stable", "the stream to use for querying new versions")
@ -109,9 +109,9 @@ func parseUpgradeCheckFlags(cmd *cobra.Command) (upgradeCheckFlags, error) {
if err != nil {
return upgradeCheckFlags{}, fmt.Errorf("parsing force bool: %w", err)
}
writeConfig, err := cmd.Flags().GetBool("write-config")
updateConfig, err := cmd.Flags().GetBool("update-config")
if err != nil {
return upgradeCheckFlags{}, fmt.Errorf("parsing write-config bool: %w", err)
return upgradeCheckFlags{}, fmt.Errorf("parsing update-config bool: %w", err)
}
ref, err := cmd.Flags().GetString("ref")
if err != nil {
@ -134,7 +134,7 @@ func parseUpgradeCheckFlags(cmd *cobra.Command) (upgradeCheckFlags, error) {
return upgradeCheckFlags{
configPath: configPath,
force: force,
writeConfig: writeConfig,
updateConfig: updateConfig,
ref: ref,
stream: stream,
terraformLogLevel: logLevel,
@ -257,7 +257,7 @@ func (u *upgradeCheckCmd) upgradeCheck(cmd *cobra.Command, fileHandler file.Hand
// Using Print over Println as buildString already includes a trailing newline where necessary.
cmd.Print(updateMsg)
if flags.writeConfig {
if flags.updateConfig {
if err := upgrade.writeConfig(conf, fileHandler, flags.configPath); err != nil {
return fmt.Errorf("writing config: %w", err)
}
@ -717,7 +717,7 @@ func (v *versionCollector) filterCompatibleCLIVersions(ctx context.Context, cliP
type upgradeCheckFlags struct {
configPath string
force bool
writeConfig bool
updateConfig bool
ref string
stream string
terraformLogLevel terraform.LogLevel

52
docs/docs/getting-started/first-steps.md
View File

@ -13,19 +13,47 @@ If you encounter any problem with the following steps, make sure to use the [lat
## Create a cluster
1. Create the configuration file and IAM resources for your selected cloud provider
First, you need to create a [configuration file](../workflows/config.md) and an [IAM configuration](../workflows/config.md#creating-an-iam-configuration). The easiest way to do this is the following CLI command:
1. Create the [configuration file](../workflows/config.md) for your cloud provider.
<tabs groupId="csp">
<tabItem value="azure" label="Azure">
```bash
constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --generate-config
constellation config generate azure
```
This command creates IAM configuration on the Azure region `westus` creating a new resource group `constellTest` and a new service principal `spTest`. It also creates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in.
</tabItem>
<tabItem value="gcp" label="GCP">
```bash
constellation config generate gcp
```
</tabItem>
<tabItem value="aws" label="AWS">
```bash
constellation config generate aws
```
</tabItem>
</tabs>
2. Create your [IAM configuration](../workflows/config.md#creating-an-iam-configuration).
<tabs groupId="csp">
<tabItem value="azure" label="Azure">
```bash
constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config
```
This command creates IAM configuration on the Azure region `westus` creating a new resource group `constellTest` and a new service principal `spTest`. It also updates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in.
Note that CVMs are currently only supported in a few regions, check [Azure's products available by region](https://azure.microsoft.com/en-us/global-infrastructure/services/?products=virtual-machines&regions=all). These are:
* `westus`
@ -38,10 +66,10 @@ If you encounter any problem with the following steps, make sure to use the [lat
<tabItem value="gcp" label="GCP">
```bash
constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --generate-config
constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --update-config
```
This command creates IAM configuration in the GCP project `yourproject-12345` on the GCP zone `europe-west2-a` creating a new service account `constell-test`. It also creates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in.
This command creates IAM configuration in the GCP project `yourproject-12345` on the GCP zone `europe-west2-a` creating a new service account `constell-test`. It also updates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in.
Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`.
@ -50,10 +78,10 @@ If you encounter any problem with the following steps, make sure to use the [lat
<tabItem value="aws" label="AWS">
```bash
constellation iam create aws --zone=us-east-2a --prefix=constellTest --generate-config
constellation iam create aws --zone=us-east-2a --prefix=constellTest --update-config
```
This command creates IAM configuration for the AWS zone `us-east-2a` using the prefix `constellTest` for all named resources being created. It also creates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in.
This command creates IAM configuration for the AWS zone `us-east-2a` using the prefix `constellTest` for all named resources being created. It also updates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in.
Depending on the attestation variant selected on config generation, different regions are available.
AMD SEV-SNP machines (requires the default attestation variant `awsSEVSNP`) are currently available in the following regions:
@ -89,7 +117,7 @@ If you encounter any problem with the following steps, make sure to use the [lat
:::
-->
2. Create the cluster with one control-plane node and two worker nodes. `constellation create` uses options set in `constellation-conf.yaml`.
3. Create the cluster with one control-plane node and two worker nodes. `constellation create` uses options set in `constellation-conf.yaml`.
If you want to manually use [Terraform](../reference/terraform.md) for managing the cloud resources instead, follow the corresponding instructions in the [Create workflow](../workflows/create.md).
:::tip
@ -109,7 +137,7 @@ If you encounter any problem with the following steps, make sure to use the [lat
Your Constellation cluster was created successfully.
```
3. Initialize the cluster
4. Initialize the cluster.
```bash
constellation init
@ -140,7 +168,7 @@ If you encounter any problem with the following steps, make sure to use the [lat
:::
4. Configure kubectl
5. Configure kubectl.
```bash
export KUBECONFIG="$PWD/constellation-admin.conf"

48
docs/docs/reference/cli.md
View File

@ -416,7 +416,7 @@ constellation upgrade check [flags]
-h, --help help for check
--ref string the reference to use for querying new versions (default "-")
--stream string the stream to use for querying new versions (default "stable")
-w, --write-config update the specified config file with the suggested versions
-u, --update-config update the specified config file with the suggested versions
```
### Options inherited from parent commands
@ -580,10 +580,9 @@ Create IAM configuration on a cloud platform for your Constellation cluster.
### Options
```
--generate-config automatically generate a configuration file and fill in the required fields
-h, --help help for create
-k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR - only usable in combination with --generate-config (default "v1.26")
-y, --yes create the IAM configuration without further confirmation
-h, --help help for create
--update-config automatically update the config file with the specific IAM information
-y, --yes create the IAM configuration without further confirmation
```
### Options inherited from parent commands
@ -619,13 +618,12 @@ constellation iam create aws [flags]
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--generate-config automatically generate a configuration file and fill in the required fields
-k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR - only usable in combination with --generate-config (default "v1.26")
--tf-log string sets the Terraform log level (default "NONE" - no logs) (default "NONE")
-y, --yes create the IAM configuration without further confirmation
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string sets the Terraform log level (default "NONE" - no logs) (default "NONE")
--update-config automatically update the config file with the specific IAM information
-y, --yes create the IAM configuration without further confirmation
```
## constellation iam create azure
@ -652,13 +650,12 @@ constellation iam create azure [flags]
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--generate-config automatically generate a configuration file and fill in the required fields
-k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR - only usable in combination with --generate-config (default "v1.26")
--tf-log string sets the Terraform log level (default "NONE" - no logs) (default "NONE")
-y, --yes create the IAM configuration without further confirmation
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string sets the Terraform log level (default "NONE" - no logs) (default "NONE")
--update-config automatically update the config file with the specific IAM information
-y, --yes create the IAM configuration without further confirmation
```
## constellation iam create gcp
@ -688,13 +685,12 @@ constellation iam create gcp [flags]
### Options inherited from parent commands
```
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--generate-config automatically generate a configuration file and fill in the required fields
-k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR - only usable in combination with --generate-config (default "v1.26")
--tf-log string sets the Terraform log level (default "NONE" - no logs) (default "NONE")
-y, --yes create the IAM configuration without further confirmation
--config string path to the configuration file (default "constellation-conf.yaml")
--debug enable debug logging
--force disable version compatibility checks - might result in corrupted clusters
--tf-log string sets the Terraform log level (default "NONE" - no logs) (default "NONE")
--update-config automatically update the config file with the specific IAM information
-y, --yes create the IAM configuration without further confirmation
```
## constellation iam destroy

6
docs/docs/workflows/config.md
View File

@ -40,10 +40,6 @@ constellation config generate aws
This creates the file `constellation-conf.yaml` in the current directory.
:::tip
You can also automatically generate a configuration file by adding the `--generate-config` flag to the `constellation iam create` command when [creating an IAM configuration](#creating-an-iam-configuration).
:::
## Choosing a VM type
Constellation supports the following VM types:
@ -92,7 +88,7 @@ See also Constellation's [Kubernetes support policy](../architecture/versions.md
## Creating an IAM configuration
You can create an IAM configuration for your cluster automatically using the `constellation iam create` command.
If you haven't generated a configuration file yet, you can do so by adding the `--generate-config` flag to the command. This creates a configuration file and populates it with the created IAM values.
If you already have a constellation configuration file, you can add the `--update-config` flag to the command. This writes the needed IAM fields into your configuration.
<tabs groupId="csp">
<tabItem value="azure" label="Azure">

4
docs/docs/workflows/upgrade.md
View File

@ -36,10 +36,10 @@ To learn which versions the current CLI can upgrade to and what's installed in y
constellation upgrade check
# Show possible upgrades and write them to config file
constellation upgrade check --write-config
constellation upgrade check --update-config
```
You can either enter the reported target versions into your config manually or run the above command with the `--write-config` flag.
You can either enter the reported target versions into your config manually or run the above command with the `--update-config` flag.
When using this flag, the `kubernetesVersion`, `image`, `microserviceVersion` and `attestation` fields are overwritten with the smallest available upgrade.
## Apply the upgrade

8
docs/screencasts/docker/configure-cluster.expect
View File

@ -23,9 +23,13 @@ spawn asciinema rec --overwrite /recordings/configure-cluster.cast
send "\r"
expect_prompt
run_command "# Step 1: Create IAM configuration and Constellation configuration file"
run_command "# Step 1: Create a configuration file for Constellation"
expect_prompt
run_command "constellation iam create gcp --generate-config --projectID constellation-331613 --serviceAccountID constellation-demo --zone europe-west3-b"
run_command "constellation config generate gcp"
expect_prompt
run_command "# Step 2: Create your cluster's IAM configuration"
expect_prompt
run_command "constellation iam create gcp --update-config --projectID constellation-331613 --serviceAccountID constellation-demo --zone europe-west3-b"
expect -re "y\/n"
send "y"
send "\r"

3
docs/screencasts/generate-readme-svg.sh
View File

@ -10,7 +10,8 @@
# Create IAM configuration
pushd constellation || exit
constellation iam create gcp --generate-config --projectID constellation-331613 --serviceAccountID constellation-demo --zone europe-west3-b --yes
constellation config generate gcp
constellation iam create gcp --update-config --projectID constellation-331613 --serviceAccountID constellation-demo --zone europe-west3-b --yes
popd || exit
docker build -t screenrecodings docker

2
rfc/updates.md
View File

@ -208,7 +208,7 @@ If there are still microservice updates needed with the current CLI, we need to
We also print `In newer CLI versions there are even newer versions available.` if e.g. there is a newer patch version of Kubernetes available in one of the proposed minor versions.
Executing `constellation upgrade check --write-config` writes all new version values to `constellation-conf.json`.
Executing `constellation upgrade check --update-config` updates all new version values to `constellation-conf.json`.
This allows the user to execute `constellation upgrade apply` without manually modifying `constellation-conf.json`.
```bash