Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-07-26 00:35:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

terraform-provider: validate microservice and image version during plan (#2814)

Browse source
This commit is contained in:
Adrian Stobbe 2024-01-11 12:04:21 +01:00 committed by GitHub
parent baad7d8310
commit 9a814f91b1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 45 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

12
terraform-provider-constellation/internal/provider/cluster_resource.go
View file

@ -460,6 +460,18 @@ func (r *ClusterResource) ModifyPlan(ctx context.Context, req resource.ModifyPla
"For details, see https://docs.edgeless.systems/constellation/overview/license") "For details, see https://docs.edgeless.systems/constellation/overview/license")
} }
// Validate during plan. Must be done in ModifyPlan to read provider data.
// See https://developer.hashicorp.com/terraform/plugin/framework/resources/configure#define-resource-configure-method.
_, diags := r.getMicroserviceVersion(&plannedState)
resp.Diagnostics.Append(diags...)
_, _, diags = r.getImageVersion(ctx, &plannedState)
resp.Diagnostics.Append(diags...)
if resp.Diagnostics.HasError() {
return
}
// Checks running on updates to the resource. (i.e. state and plan != nil) // Checks running on updates to the resource. (i.e. state and plan != nil)
if !req.State.Raw.IsNull() { if !req.State.Raw.IsNull() {
// Read currentState supplied by Terraform runtime into the model // Read currentState supplied by Terraform runtime into the model

64
terraform-provider-constellation/internal/provider/cluster_resource_test.go
View file

@ -23,9 +23,10 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
var providerVersion = semver.NewFromInt(2, 15, 0, "") const providerVersion string = "v2.14.0"
func TestMicroserviceConstraint(t *testing.T) { func TestMicroserviceConstraint(t *testing.T) {
providerVersion := semver.NewFromInt(2, 15, 0, "")
sut := &ClusterResource{ sut := &ClusterResource{
providerData: data.ProviderData{ providerData: data.ProviderData{
Version: providerVersion, Version: providerVersion,
@ -115,7 +116,7 @@ func TestAccClusterResourceImports(t *testing.T) {
testCases := map[string]resource.TestCase{ testCases := map[string]resource.TestCase{
"import success": { "import success": {
ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion(providerVersion),
PreCheck: bazelPreCheck, PreCheck: bazelPreCheck,
Steps: []resource.TestStep{ Steps: []resource.TestStep{
{ {
@ -141,7 +142,7 @@ func TestAccClusterResourceImports(t *testing.T) {
}, },
}, },
"kubeconfig not base64": { "kubeconfig not base64": {
ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion(providerVersion),
PreCheck: bazelPreCheck, PreCheck: bazelPreCheck,
Steps: []resource.TestStep{ Steps: []resource.TestStep{
{ {
@ -159,7 +160,7 @@ func TestAccClusterResourceImports(t *testing.T) {
}, },
}, },
"mastersecret not hex": { "mastersecret not hex": {
ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion(providerVersion),
PreCheck: bazelPreCheck, PreCheck: bazelPreCheck,
Steps: []resource.TestStep{ Steps: []resource.TestStep{
{ {
@ -177,7 +178,7 @@ func TestAccClusterResourceImports(t *testing.T) {
}, },
}, },
"parameter missing": { "parameter missing": {
ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion(providerVersion),
PreCheck: bazelPreCheck, PreCheck: bazelPreCheck,
Steps: []resource.TestStep{ Steps: []resource.TestStep{
{ {
@ -208,7 +209,7 @@ func TestAccClusterResource(t *testing.T) {
testCases := map[string]resource.TestCase{ testCases := map[string]resource.TestCase{
"master secret not hex": { "master secret not hex": {
ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion("v2.13.0"), ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion(providerVersion),
PreCheck: bazelPreCheck, PreCheck: bazelPreCheck,
Steps: []resource.TestStep{ Steps: []resource.TestStep{
{ {
@ -232,13 +233,13 @@ func TestAccClusterResource(t *testing.T) {
kubernetes_version = "%s" kubernetes_version = "%s"
constellation_microservice_version = "%s" constellation_microservice_version = "%s"
} }
`, versions.Default, providerVersion.String()), `, versions.Default, providerVersion),
ExpectError: regexp.MustCompile(".*Master secret must be a hex-encoded 32-byte.*"), ExpectError: regexp.MustCompile(".*Master secret must be a hex-encoded 32-byte.*"),
}, },
}, },
}, },
"master secret salt not hex": { "master secret salt not hex": {
ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion("v2.13.0"), ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion(providerVersion),
PreCheck: bazelPreCheck, PreCheck: bazelPreCheck,
Steps: []resource.TestStep{ Steps: []resource.TestStep{
{ {
@ -262,13 +263,13 @@ func TestAccClusterResource(t *testing.T) {
kubernetes_version = "%s" kubernetes_version = "%s"
constellation_microservice_version = "%s" constellation_microservice_version = "%s"
} }
`, versions.Default, providerVersion.String()), `, versions.Default, providerVersion),
ExpectError: regexp.MustCompile(".*Master secret salt must be a hex-encoded 32-byte.*"), ExpectError: regexp.MustCompile(".*Master secret salt must be a hex-encoded 32-byte.*"),
}, },
}, },
}, },
"measurement salt not hex": { "measurement salt not hex": {
ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion("v2.13.0"), ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion(providerVersion),
PreCheck: bazelPreCheck, PreCheck: bazelPreCheck,
Steps: []resource.TestStep{ Steps: []resource.TestStep{
{ {
@ -292,13 +293,13 @@ func TestAccClusterResource(t *testing.T) {
kubernetes_version = "%s" kubernetes_version = "%s"
constellation_microservice_version = "%s" constellation_microservice_version = "%s"
} }
`, versions.Default, providerVersion.String()), `, versions.Default, providerVersion),
ExpectError: regexp.MustCompile(".*Measurement salt must be a hex-encoded 32-byte.*"), ExpectError: regexp.MustCompile(".*Measurement salt must be a hex-encoded 32-byte.*"),
}, },
}, },
}, },
"invalid node ip cidr": { "invalid node ip cidr": {
ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion("v2.13.0"), ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion(providerVersion),
PreCheck: bazelPreCheck, PreCheck: bazelPreCheck,
Steps: []resource.TestStep{ Steps: []resource.TestStep{
{ {
@ -322,13 +323,13 @@ func TestAccClusterResource(t *testing.T) {
kubernetes_version = "%s" kubernetes_version = "%s"
constellation_microservice_version = "%s" constellation_microservice_version = "%s"
} }
`, versions.Default, providerVersion.String()), `, versions.Default, providerVersion),
ExpectError: regexp.MustCompile(".*Node IP CIDR must be a valid CIDR.*"), ExpectError: regexp.MustCompile(".*Node IP CIDR must be a valid CIDR.*"),
}, },
}, },
}, },
"invalid service ip cidr": { "invalid service ip cidr": {
ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion("v2.13.0"), ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion(providerVersion),
PreCheck: bazelPreCheck, PreCheck: bazelPreCheck,
Steps: []resource.TestStep{ Steps: []resource.TestStep{
{ {
@ -352,13 +353,13 @@ func TestAccClusterResource(t *testing.T) {
kubernetes_version = "%s" kubernetes_version = "%s"
constellation_microservice_version = "%s" constellation_microservice_version = "%s"
} }
`, versions.Default, providerVersion.String()), `, versions.Default, providerVersion),
ExpectError: regexp.MustCompile(".*Service IP CIDR must be a valid CIDR.*"), ExpectError: regexp.MustCompile(".*Service IP CIDR must be a valid CIDR.*"),
}, },
}, },
}, },
"azure config missing": { "azure config missing": {
ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion("v2.13.0"), ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion(providerVersion),
PreCheck: bazelPreCheck, PreCheck: bazelPreCheck,
Steps: []resource.TestStep{ Steps: []resource.TestStep{
{ {
@ -382,13 +383,13 @@ func TestAccClusterResource(t *testing.T) {
kubernetes_version = "%s" kubernetes_version = "%s"
constellation_microservice_version = "%s" constellation_microservice_version = "%s"
} }
`, versions.Default, providerVersion.String()), `, versions.Default, providerVersion),
ExpectError: regexp.MustCompile(".*When csp is set to 'azure', the 'azure' configuration must be set.*"), ExpectError: regexp.MustCompile(".*When csp is set to 'azure', the 'azure' configuration must be set.*"),
}, },
}, },
}, },
"gcp config missing": { "gcp config missing": {
ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion("v2.13.0"), ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion(providerVersion),
PreCheck: bazelPreCheck, PreCheck: bazelPreCheck,
Steps: []resource.TestStep{ Steps: []resource.TestStep{
{ {
@ -413,13 +414,13 @@ func TestAccClusterResource(t *testing.T) {
kubernetes_version = "%s" kubernetes_version = "%s"
constellation_microservice_version = "%s" constellation_microservice_version = "%s"
} }
`, versions.Default, providerVersion.String()), `, versions.Default, providerVersion),
ExpectError: regexp.MustCompile(".*When csp is set to 'gcp', the 'gcp' configuration must be set.*"), ExpectError: regexp.MustCompile(".*When csp is set to 'gcp', the 'gcp' configuration must be set.*"),
}, },
}, },
}, },
"gcp pod ip cidr missing": { "gcp pod ip cidr missing": {
ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion("v2.13.0"), ProtoV6ProviderFactories: testAccProtoV6ProviderFactoriesWithVersion(providerVersion),
PreCheck: bazelPreCheck, PreCheck: bazelPreCheck,
Steps: []resource.TestStep{ Steps: []resource.TestStep{
{ {
@ -447,8 +448,8 @@ func TestAccClusterResource(t *testing.T) {
kubernetes_version = "%s" kubernetes_version = "%s"
constellation_microservice_version = "%s" constellation_microservice_version = "%s"
} }
`, versions.Default, providerVersion.String()), `, versions.Default, providerVersion),
ExpectError: regexp.MustCompile(".*When csp is set to 'gcp', 'ip_cidr_pod' must be set.*"), ExpectError: regexp.MustCompile(`.*When csp is set to 'gcp', 'ip_cidr_pod' must be set.*`),
}, },
}, },
}, },
@ -468,11 +469,12 @@ func fullClusterTestingConfig(t *testing.T, csp string) string {
provider "constellation" {} provider "constellation" {}
` `
image := providerVersion
switch csp { switch csp {
case "aws": case "aws":
return providerConfig + ` return providerConfig + fmt.Sprintf(`
data "constellation_image" "bar" { data "constellation_image" "bar" {
version = "v2.13.0" version = "%s"
attestation_variant = "aws-sev-snp" attestation_variant = "aws-sev-snp"
csp = "aws" csp = "aws"
region = "us-east-2" region = "us-east-2"
@ -482,11 +484,11 @@ func fullClusterTestingConfig(t *testing.T, csp string) string {
csp = "aws" csp = "aws"
attestation_variant = "aws-sev-snp" attestation_variant = "aws-sev-snp"
image = data.constellation_image.bar.image image = data.constellation_image.bar.image
}` }`, image)
case "azure": case "azure":
return providerConfig + ` return providerConfig + fmt.Sprintf(`
data "constellation_image" "bar" { data "constellation_image" "bar" {
version = "v2.13.0" version = "%s"
attestation_variant = "azure-sev-snp" attestation_variant = "azure-sev-snp"
csp = "azure" csp = "azure"
} }
@ -495,11 +497,11 @@ func fullClusterTestingConfig(t *testing.T, csp string) string {
csp = "azure" csp = "azure"
attestation_variant = "azure-sev-snp" attestation_variant = "azure-sev-snp"
image = data.constellation_image.bar.image image = data.constellation_image.bar.image
}` }`, image)
case "gcp": case "gcp":
return providerConfig + ` return providerConfig + fmt.Sprintf(`
data "constellation_image" "bar" { data "constellation_image" "bar" {
version = "v2.13.0" version = "%s"
attestation_variant = "gcp-sev-es" attestation_variant = "gcp-sev-es"
csp = "gcp" csp = "gcp"
} }
@ -508,7 +510,7 @@ func fullClusterTestingConfig(t *testing.T, csp string) string {
csp = "gcp" csp = "gcp"
attestation_variant = "gcp-sev-es" attestation_variant = "gcp-sev-es"
image = data.constellation_image.bar.image image = data.constellation_image.bar.image
}` }`, image)
default: default:
t.Fatal("unknown csp") t.Fatal("unknown csp")
return "" return ""

1
terraform-provider-constellation/main.go
View file

@ -25,7 +25,6 @@ func main() {
flag.Parse() flag.Parse()
opts := providerserver.ServeOpts{ opts := providerserver.ServeOpts{
// TODO(msanft): Verify that this will be the published name.
Address: "registry.terraform.io/edgelesssys/constellation", Address: "registry.terraform.io/edgelesssys/constellation",
Debug: debug, Debug: debug,
} }