add new iam upgrade apply

cli/internal/cmd/BUILD.bazel

@@ -15,6 +15,7 @@ go_library(
         "create.go",
         "iamcreate.go",
         "iamdestroy.go",
+        "iamupgradeapply.go",
         "init.go",
         "log.go",
         "manualtfstatemigration.go",
@@ -82,6 +83,7 @@ go_library(
         "//internal/versions",
         "//operators/constellation-node-operator/api/v1alpha1",
         "//verify/verifyproto",
+        "@com_github_google_uuid//:uuid",
         "@com_github_mattn_go_isatty//:go-isatty",
         "@com_github_siderolabs_talos_pkg_machinery//config/encoder",
         "@com_github_spf13_afero//:afero",

cli/internal/cmd/iamcreate.go

@@ -44,7 +44,7 @@ func NewIAMCmd() *cobra.Command {
 
 	cmd.AddCommand(newIAMCreateCmd())
 	cmd.AddCommand(newIAMDestroyCmd())
-
+	cmd.AddCommand(newIAMUpgradeCmd())
 	return cmd
 }
 

cli/internal/cmd/iamupgradeapply.go

@@ -0,0 +1,68 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+package cmd
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
+	"github.com/edgelesssys/constellation/v2/cli/internal/upgrade"
+	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
+	"github.com/edgelesssys/constellation/v2/internal/file"
+	"github.com/google/uuid"
+	"github.com/spf13/afero"
+	"github.com/spf13/cobra"
+)
+
+func newIAMUpgradeCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "upgrade",
+		Short: "Find and apply upgrades to your IAM profile",
+		Long:  "Find and apply upgrades to your IAM profile.",
+		Args:  cobra.ExactArgs(0),
+	}
+	cmd.AddCommand(newIAMUpgradeApplyCmd())
+	return cmd
+}
+
+func newIAMUpgradeApplyCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "apply",
+		Short: "Apply an upgrade to an IAM profile",
+		Long:  "Apply an upgrade to an IAM profile.",
+		Args:  cobra.NoArgs,
+		RunE:  runIAMUpgradeApply,
+	}
+	cmd.Flags().BoolP("yes", "y", false, "run upgrades without further confirmation\n")
+	return cmd
+}
+
+func runIAMUpgradeApply(cmd *cobra.Command, _ []string) error {
+	upgradeID := "iam-" + time.Now().Format("20060102150405") + "-" + strings.Split(uuid.New().String(), "-")[0]
+	iamMigrateCmd, err := upgrade.NewIAMMigrateCmd(cmd.Context(), upgradeID, cloudprovider.AWS, terraform.LogLevelDebug)
+	if err != nil {
+		return fmt.Errorf("setting up IAM migration command: %w", err)
+	}
+
+	log, err := newCLILogger(cmd)
+	if err != nil {
+		return fmt.Errorf("setting up logger: %w", err)
+	}
+	migrator := &tfMigrationClient{log}
+
+	yes, err := cmd.Flags().GetBool("yes")
+	if err != nil {
+		return err
+	}
+	err = migrator.applyMigration(cmd, file.NewHandler(afero.NewOsFs()), iamMigrateCmd, yes)
+	if err != nil {
+		return fmt.Errorf("applying IAM migration: %w", err)
+	}
+	cmd.Println("IAM profile successfully applied.")
+	return nil
+}

cli/internal/cmd/tfmigrationclient.go

@@ -35,7 +35,7 @@ func (u *tfMigrationClient) planMigration(cmd *cobra.Command, file file.Handler,
 
 // applyMigration plans and then applies the Terraform migration. The user is asked for confirmation if there are any changes.
 // adapted from migrateTerraform().
-func (u *tfMigrationClient) applyMigration(cmd *cobra.Command, file file.Handler, migrateCmd upgrade.TfMigrationCmd, flags upgradeApplyFlags) error {
+func (u *tfMigrationClient) applyMigration(cmd *cobra.Command, file file.Handler, migrateCmd upgrade.TfMigrationCmd, yesFlag bool) error {
 	hasDiff, err := u.planMigration(cmd, file, migrateCmd)
 	if err != nil {
 		return fmt.Errorf("planning terraform migrations: %w", err)
@@ -43,7 +43,7 @@ func (u *tfMigrationClient) applyMigration(cmd *cobra.Command, file file.Handler
 	if hasDiff {
 		// If there are any Terraform migrations to apply, ask for confirmation
 		fmt.Fprintf(cmd.OutOrStdout(), "The %s upgrade requires a migration of Constellation cloud resources by applying an updated Terraform template. Please manually review the suggested changes below.\n", migrateCmd.String())
-		if !flags.yes {
+		if !yesFlag {
 			ok, err := askToConfirm(cmd, fmt.Sprintf("Do you want to apply the %s?", migrateCmd.String()))
 			if err != nil {
 				return fmt.Errorf("asking for confirmation: %w", err)

cli/internal/cmd/upgradeapply.go

@@ -70,17 +70,15 @@ func runUpgradeApply(cmd *cobra.Command, _ []string) error {
 	imagefetcher := imagefetcher.New()
 	configFetcher := attestationconfigapi.NewFetcher()
 
-	applyCmd := upgradeApplyCmd{upgrader: upgrader, log: log, imageFetcher: imagefetcher, configFetcher: configFetcher, migrationExecutor: &tfMigrationClient{log}}
+	applyCmd := upgradeApplyCmd{upgrader: upgrader, log: log, imageFetcher: imagefetcher, configFetcher: configFetcher}
 	return applyCmd.upgradeApply(cmd, fileHandler)
 }
 
 type upgradeApplyCmd struct {
-	upgrader          cloudUpgrader
-	imageFetcher      imageFetcher
-	configFetcher     attestationconfigapi.Fetcher
-	log               debugLog
-	migrationExecutor tfMigrationApplier
-	migrationCmds     []upgrade.TfMigrationCmd
+	upgrader      cloudUpgrader
+	imageFetcher  imageFetcher
+	configFetcher attestationconfigapi.Fetcher
+	log           debugLog
 }
 
 func (u *upgradeApplyCmd) upgradeApply(cmd *cobra.Command, fileHandler file.Handler) error {
@@ -111,11 +109,6 @@ func (u *upgradeApplyCmd) upgradeApply(cmd *cobra.Command, fileHandler file.Hand
 	if err := u.upgradeAttestConfigIfDiff(cmd, conf.GetAttestationConfig(), flags); err != nil {
 		return fmt.Errorf("upgrading measurements: %w", err)
 	}
-	for _, migrationCmd := range u.migrationCmds {
-		if err := u.migrationExecutor.applyMigration(cmd, fileHandler, migrationCmd, flags); err != nil {
-			return fmt.Errorf("executing %s migration: %w", migrationCmd.String(), err)
-		}
-	}
 	// not moving existing Terraform migrator because of planned apply refactor
 	if err := u.migrateTerraform(cmd, u.imageFetcher, conf, flags); err != nil {
 		return fmt.Errorf("performing Terraform migrations: %w", err)
@@ -379,7 +372,3 @@ type cloudUpgrader interface {
 	CleanUpTerraformMigrations() error
 	AddManualStateMigration(migration terraform.StateMigration)
 }
-
-type tfMigrationApplier interface {
-	applyMigration(cmd *cobra.Command, file file.Handler, migrateCmd upgrade.TfMigrationCmd, flags upgradeApplyFlags) error
-}

cli/internal/cmd/upgradeapply_test.go

@@ -24,7 +24,6 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/file"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/spf13/afero"
-	"github.com/spf13/cobra"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	corev1 "k8s.io/api/core/v1"
@@ -144,7 +143,7 @@ func TestUpgradeApply(t *testing.T) {
 			require.NoError(handler.WriteYAML(constants.ConfigFilename, cfg))
 			require.NoError(handler.WriteJSON(constants.ClusterIDsFileName, clusterid.File{}))
 
-			upgrader := upgradeApplyCmd{upgrader: tc.upgrader, log: logger.NewTest(t), imageFetcher: tc.fetcher, configFetcher: stubAttestationFetcher{}, migrationExecutor: &migrationExecutorPlaceholder{}}
+			upgrader := upgradeApplyCmd{upgrader: tc.upgrader, log: logger.NewTest(t), imageFetcher: tc.fetcher, configFetcher: stubAttestationFetcher{}}
 
 			err := upgrader.upgradeApply(cmd, handler)
 			if tc.wantErr {
@@ -156,12 +155,6 @@ func TestUpgradeApply(t *testing.T) {
 	}
 }
 
-type migrationExecutorPlaceholder struct{}
-
-func (d *migrationExecutorPlaceholder) applyMigration(_ *cobra.Command, _ file.Handler, _ upgrade.TfMigrationCmd, _ upgradeApplyFlags) error {
-	return nil
-}
-
 type stubUpgrader struct {
 	currentConfig     config.AttestationCfg
 	nodeVersionErr    error

cli/internal/upgrade/iammigrate.go

@@ -28,7 +28,7 @@ type TfMigrationCmd interface {
 	UpgradeID() string
 }
 
-// IAMMigrateCmd is a terraform migration command for IAM.
+// IAMMigrateCmd is a terraform migration command for IAM. Which is used for the tfMigrationClient.
 type IAMMigrateCmd struct {
 	tf        tfIAMClient
 	upgradeID string