cli: add --subscriptionID flag for iam create azure command (#3328)

* deps: update Terraform azurerm to v4 * Set Azure subscription ID when applying Terraform files * Upgrade azurerm to v4.1.0 * Mark subscriptionID flag as not required * deps: tidy all modules --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2025-06-04 12:49:54 -04:00 · 2024-09-17 12:30:22 +02:00 · 2024-09-17 12:30:22 +02:00 · a295ecaffb
commit a295ecaffb
parent c6a9c2574b
33 changed files with 200 additions and 137 deletions
--- a/cli/internal/cloudcmd/iam.go
+++ b/cli/internal/cloudcmd/iam.go
@ -95,6 +95,7 @@ type GCPIAMConfig struct {

 // AzureIAMConfig holds the necessary values for Azure IAM configuration.
 type AzureIAMConfig struct {
+	SubscriptionID   string
 	Location         string
 	ServicePrincipal string
 	ResourceGroup    string
@ -167,6 +168,7 @@ func (c *IAMCreator) createAzure(ctx context.Context, cl tfIAMClient, opts *IAMC
 	defer rollbackOnError(c.out, &retErr, &rollbackerTerraform{client: cl}, opts.TFLogLevel)

 	vars := terraform.AzureIAMVariables{
+		SubscriptionID:   opts.Azure.SubscriptionID,
 		Location:         opts.Azure.Location,
 		ResourceGroup:    opts.Azure.ResourceGroup,
 		ServicePrincipal: opts.Azure.ServicePrincipal,
--- a/cli/internal/cloudcmd/tfvars.go
+++ b/cli/internal/cloudcmd/tfvars.go
@ -147,6 +147,7 @@ func azureTerraformVars(conf *config.Config, imageRef string) (*terraform.AzureC
 		}
 	}
 	vars := &terraform.AzureClusterVariables{
+		SubscriptionID:       conf.Provider.Azure.SubscriptionID,
 		Name:                 conf.Name,
 		NodeGroups:           nodeGroups,
 		Location:             conf.Provider.Azure.Location,
@ -191,6 +192,7 @@ func azureTerraformVars(conf *config.Config, imageRef string) (*terraform.AzureC

 func azureTerraformIAMVars(conf *config.Config, oldVars terraform.AzureIAMVariables) *terraform.AzureIAMVariables {
 	return &terraform.AzureIAMVariables{
+		SubscriptionID:   conf.Provider.Azure.SubscriptionID,
 		Location:         conf.Provider.Azure.Location,
 		ServicePrincipal: oldVars.ServicePrincipal,
 		ResourceGroup:    conf.Provider.Azure.ResourceGroup,
--- a/cli/internal/cmd/iamcreateazure.go
+++ b/cli/internal/cmd/iamcreateazure.go
@ -6,7 +6,9 @@ SPDX-License-Identifier: AGPL-3.0-only
 package cmd

 import (
+	"errors"
 	"fmt"
+	"os"

 	"github.com/edgelesssys/constellation/v2/cli/internal/cloudcmd"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
@ -26,6 +28,7 @@ func newIAMCreateAzureCmd() *cobra.Command {
 		RunE:  runIAMCreateAzure,
 	}

+	cmd.Flags().String("subscriptionID", "", "subscription ID of the Azure account. Required if the 'ARM_SUBSCRIPTION_ID' environment variable is not set")
 	cmd.Flags().String("resourceGroup", "", "name prefix of the two resource groups your cluster / IAM resources will be created in (required)")
 	must(cobra.MarkFlagRequired(cmd.Flags(), "resourceGroup"))
 	cmd.Flags().String("region", "", "region the resources will be created in, e.g., westus (required)")
@ -45,6 +48,7 @@ func runIAMCreateAzure(cmd *cobra.Command, _ []string) error {

 // azureIAMCreateFlags contains the parsed flags of the iam create azure command.
 type azureIAMCreateFlags struct {
+	subscriptionID   string
 	region           string
 	resourceGroup    string
 	servicePrincipal string
@ -52,6 +56,14 @@ type azureIAMCreateFlags struct {

 func (f *azureIAMCreateFlags) parse(flags *pflag.FlagSet) error {
 	var err error
+	f.subscriptionID, err = flags.GetString("subscriptionID")
+	if err != nil {
+		return fmt.Errorf("getting 'subscriptionID' flag: %w", err)
+	}
+	if f.subscriptionID == "" && os.Getenv("ARM_SUBSCRIPTION_ID") == "" {
+		return errors.New("either flag 'subscriptionID' or environment variable 'ARM_SUBSCRIPTION_ID' must be set")
+	}
+
 	f.region, err = flags.GetString("region")
 	if err != nil {
 		return fmt.Errorf("getting 'region' flag: %w", err)
@ -75,6 +87,7 @@ type azureIAMCreator struct {
 func (c *azureIAMCreator) getIAMConfigOptions() *cloudcmd.IAMConfigOptions {
 	return &cloudcmd.IAMConfigOptions{
 		Azure: cloudcmd.AzureIAMConfig{
+			SubscriptionID:   c.flags.subscriptionID,
 			Location:         c.flags.region,
 			ResourceGroup:    c.flags.resourceGroup,
 			ServicePrincipal: c.flags.servicePrincipal,
@ -83,6 +96,7 @@ func (c *azureIAMCreator) getIAMConfigOptions() *cloudcmd.IAMConfigOptions {
 }

 func (c *azureIAMCreator) printConfirmValues(cmd *cobra.Command) {
+	cmd.Printf("Subscription ID:\t%s\n", c.flags.subscriptionID)
 	cmd.Printf("Region:\t\t\t%s\n", c.flags.region)
 	cmd.Printf("Resource Group:\t\t%s\n", c.flags.resourceGroup)
 	cmd.Printf("Service Principal:\t%s\n\n", c.flags.servicePrincipal)
--- a/cli/internal/terraform/variables.go
+++ b/cli/internal/terraform/variables.go
@ -172,7 +172,7 @@ type GCPNodeGroup struct {
 	DiskType     string `hcl:"disk_type" cty:"disk_type"`
 }

-// GCPIAMVariables is user configuration for creating the IAM confioguration with Terraform on GCP.
+// GCPIAMVariables is user configuration for creating the IAM configuration with Terraform on GCP.
 type GCPIAMVariables struct {
 	// Project is the ID of the GCP project to use.
 	Project string `hcl:"project_id" cty:"project_id"`
@ -193,6 +193,8 @@ func (v *GCPIAMVariables) String() string {

 // AzureClusterVariables is user configuration for creating a cluster with Terraform on Azure.
 type AzureClusterVariables struct {
+	// SubscriptionID is the Azure subscription ID to use.
+	SubscriptionID string `hcl:"subscription_id" cty:"subscription_id"`
 	// Name of the cluster.
 	Name string `hcl:"name" cty:"name"`
 	// ImageID is the ID of the Azure image to use.
@ -254,6 +256,8 @@ type AzureNodeGroup struct {

 // AzureIAMVariables is user configuration for creating the IAM configuration with Terraform on Microsoft Azure.
 type AzureIAMVariables struct {
+	// SubscriptionID is the Azure subscription ID to use.
+	SubscriptionID string `hcl:"subscription_id,optional" cty:"subscription_id"` // TODO(v2.18): remove optional tag. This is only required for migration from var files that dont have the value yet.
 	// Location is the Azure location to use. (e.g. westus)
 	Location string `hcl:"location" cty:"location"`
 	// ServicePrincipal is the name of the service principal to use.
--- a/cli/internal/terraform/variables_test.go
+++ b/cli/internal/terraform/variables_test.go
@ -180,7 +180,8 @@ service_account_id = "my-service-account"

 func TestAzureClusterVariables(t *testing.T) {
 	vars := AzureClusterVariables{
-		Name: "cluster-name",
+		SubscriptionID: "01234567-cdef-0123-4567-89abcdef0123",
+		Name:           "cluster-name",
 		NodeGroups: map[string]AzureNodeGroup{
 			constants.ControlPlaneDefault: {
 				Role:         "ControlPlane",
@ -207,7 +208,8 @@ func TestAzureClusterVariables(t *testing.T) {
 	}

 	// test that the variables are correctly rendered
-	want := `name                   = "cluster-name"
+	want := `subscription_id        = "01234567-cdef-0123-4567-89abcdef0123"
+name                   = "cluster-name"
 image_id               = "image-0123456789abcdef"
 create_maa             = true
 debug                  = true
@ -241,13 +243,15 @@ additional_tags = null

 func TestAzureIAMVariables(t *testing.T) {
 	vars := AzureIAMVariables{
+		SubscriptionID:   "01234567-cdef-0123-4567-89abcdef0123",
 		Location:         "eu-central-1",
 		ServicePrincipal: "my-service-principal",
 		ResourceGroup:    "my-resource-group",
 	}

 	// test that the variables are correctly rendered
-	want := `location                 = "eu-central-1"
+	want := `subscription_id       = "01234567-cdef-0123-4567-89abcdef0123"
+location               = "eu-central-1"
 service_principal_name = "my-service-principal"
 resource_group_name    = "my-resource-group"
 `