tidy config

cli/internal/cmd/init_test.go

@@ -515,7 +515,7 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs
 		conf.Provider.Azure.UserAssignedIdentity = "test-identity"
 		conf.Provider.Azure.Image = "some/image/location"
 		conf.Provider.Azure.ResourceGroup = "test-resource-group"
-		conf.Provider.Azure.AppClientID = "test-client-secret-id"
+		conf.Provider.Azure.AppClientID = "01234567-0123-0123-0123-0123456789ab"
 		conf.Provider.Azure.ClientSecretValue = "test-client-secret"
 		conf.Provider.Azure.Measurements[4] = []byte("44444444444444444444444444444444")
 		conf.Provider.Azure.Measurements[8] = []byte("00000000000000000000000000000000")
@@ -525,6 +525,7 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs
 		conf.Provider.GCP.Project = "test-project"
 		conf.Provider.GCP.Image = "some/image/location"
 		conf.Provider.GCP.Zone = "test-zone"
+		conf.Provider.GCP.ServiceAccountKeyPath = "test-key-path"
 		conf.Provider.GCP.Measurements[4] = []byte("44444444444444444444444444444444")
 		conf.Provider.GCP.Measurements[8] = []byte("00000000000000000000000000000000")
 		conf.Provider.GCP.Measurements[9] = []byte("11111111111111111111111111111111")

internal/config/config.go

@@ -46,7 +46,10 @@ type Config struct {
 	//   Size (in GB) of a node's disk to store the non-volatile state.
 	StateDiskSizeGB int `yaml:"stateDiskSizeGB" validate:"min=0"`
 	// description: |
-	//   DO NOT USE FOR PRODUCTION CLUSTERS: Enable debug cluster mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md
+	//   Kubernetes version to be installed in the cluster.
+	KubernetesVersion string `yaml:"kubernetesVersion" validate:"supported_k8s_version"`
+	// description: |
+	//   DON'T USE IN PRODUCTION: enable debug mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md
 	DebugCluster *bool `yaml:"debugCluster" validate:"required"`
 	// description: |
 	//   Supported cloud providers and their specific configurations.
@@ -57,9 +60,6 @@ type Config struct {
 	//   - value: '[]UserKey{ { Username:  "Alice", PublicKey: "ssh-rsa AAAAB3NzaC...5QXHKW1rufgtJeSeJ8= alice@domain.com" } }'
 	SSHUsers []UserKey `yaml:"sshUsers,omitempty" validate:"dive"`
 	// description: |
-	//   Kubernetes version installed in the cluster.
-	KubernetesVersion string `yaml:"kubernetesVersion" validate:"supported_k8s_version"`
-	// description: |
 	//   Configuration to apply during constellation upgrade.
 	// examples:
 	//   - value: 'UpgradeConfig{ Image: "", Measurements: Measurements{} }'
@@ -113,27 +113,27 @@ type AzureConfig struct {
 	//   Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones
 	Location string `yaml:"location" validate:"required"`
 	// description: |
-	//   Machine image used to create Constellation nodes.
+	//   Resource group for the cluster's resources. Must already exist.
-	Image string `yaml:"image" validate:"required"`
-	// description: |
-	//   Virtual machine instance type to use for Constellation nodes.
-	InstanceType string `yaml:"instanceType" validate:"azure_instance_type"`
-	// description: |
-	//   Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison
-	StateDiskType string `yaml:"stateDiskType" validate:"oneof=Premium_LRS Premium_ZRS Standard_LRS StandardSSD_LRS StandardSSD_ZRS"`
-	// description: |
-	//   Resource group to use.
 	ResourceGroup string `yaml:"resourceGroup" validate:"required"`
 	// description: |
 	//   Authorize spawned VMs to access Azure API.
 	UserAssignedIdentity string `yaml:"userAssignedIdentity" validate:"required"`
 	// description: |
 	//    Application client ID of the Active Directory app registration.
-	AppClientID string `yaml:"appClientID" validate:"required"`
+	AppClientID string `yaml:"appClientID" validate:"uuid"`
 	// description: |
 	//    Client secret value of the Active Directory app registration credentials.
 	ClientSecretValue string `yaml:"clientSecretValue" validate:"required"`
 	// description: |
+	//   Machine image used to create Constellation nodes.
+	Image string `yaml:"image" validate:"required"`
+	// description: |
+	//   VM instance type to use for Constellation nodes.
+	InstanceType string `yaml:"instanceType" validate:"azure_instance_type"`
+	// description: |
+	//   Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison
+	StateDiskType string `yaml:"stateDiskType" validate:"oneof=Premium_LRS Premium_ZRS Standard_LRS StandardSSD_LRS StandardSSD_ZRS"`
+	// description: |
 	//   Expected confidential VM measurements.
 	Measurements Measurements `yaml:"measurements"`
 	// description: |
@@ -146,7 +146,7 @@ type AzureConfig struct {
 	//   Enforce the specified idKeyDigest value during remote attestation.
 	EnforceIdKeyDigest *bool `yaml:"enforceIdKeyDigest" validate:"required"`
 	// description: |
-	//   Use VMs with security type Confidential VM. If set to false, Trusted Launch VMs will be used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview
+	//   Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview
 	ConfidentialVM *bool `yaml:"confidentialVM" validate:"required"`
 }
 
@@ -162,18 +162,18 @@ type GCPConfig struct {
 	//   GCP datacenter zone. See: https://cloud.google.com/compute/docs/regions-zones#available
 	Zone string `yaml:"zone" validate:"required"`
 	// description: |
+	//   Path of service account key file. For required service account roles, see https://docs.edgeless.systems/constellation/getting-started/install#authorization
+	ServiceAccountKeyPath string `yaml:"serviceAccountKeyPath" validate:"required"`
+	// description: |
 	//   Machine image used to create Constellation nodes.
 	Image string `yaml:"image" validate:"required"`
 	// description: |
-	//   Virtual machine instance type to use for Constellation nodes.
+	//   VM instance type to use for Constellation nodes.
 	InstanceType string `yaml:"instanceType" validate:"gcp_instance_type"`
 	// description: |
 	//   Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types
 	StateDiskType string `yaml:"stateDiskType" validate:"oneof=pd-standard pd-balanced pd-ssd"`
 	// description: |
-	//   Path of service account key file. For needed service account roles, see https://constellation-docs.edgeless.systems/constellation/getting-started/install#authorization
-	ServiceAccountKeyPath string `yaml:"serviceAccountKeyPath"`
-	// description: |
 	//   Expected confidential VM measurements.
 	Measurements Measurements `yaml:"measurements"`
 	// description: |

internal/config/config_doc.go

@@ -45,28 +45,28 @@ func init() {
 	ConfigDoc.Fields[3].Note = ""
 	ConfigDoc.Fields[3].Description = "Size (in GB) of a node's disk to store the non-volatile state."
 	ConfigDoc.Fields[3].Comments[encoder.LineComment] = "Size (in GB) of a node's disk to store the non-volatile state."
-	ConfigDoc.Fields[4].Name = "debugCluster"
+	ConfigDoc.Fields[4].Name = "kubernetesVersion"
-	ConfigDoc.Fields[4].Type = "bool"
+	ConfigDoc.Fields[4].Type = "string"
 	ConfigDoc.Fields[4].Note = ""
-	ConfigDoc.Fields[4].Description = "DO NOT USE FOR PRODUCTION CLUSTERS: Enable debug cluster mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md"
+	ConfigDoc.Fields[4].Description = "Kubernetes version to be installed in the cluster."
-	ConfigDoc.Fields[4].Comments[encoder.LineComment] = "DO NOT USE FOR PRODUCTION CLUSTERS: Enable debug cluster mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md"
+	ConfigDoc.Fields[4].Comments[encoder.LineComment] = "Kubernetes version to be installed in the cluster."
-	ConfigDoc.Fields[5].Name = "provider"
+	ConfigDoc.Fields[5].Name = "debugCluster"
-	ConfigDoc.Fields[5].Type = "ProviderConfig"
+	ConfigDoc.Fields[5].Type = "bool"
 	ConfigDoc.Fields[5].Note = ""
-	ConfigDoc.Fields[5].Description = "Supported cloud providers and their specific configurations."
+	ConfigDoc.Fields[5].Description = "DON'T USE IN PRODUCTION: enable debug mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md"
-	ConfigDoc.Fields[5].Comments[encoder.LineComment] = "Supported cloud providers and their specific configurations."
+	ConfigDoc.Fields[5].Comments[encoder.LineComment] = "DON'T USE IN PRODUCTION: enable debug mode and use debug images. For usage, see: https://github.com/edgelesssys/constellation/blob/main/debugd/README.md"
-	ConfigDoc.Fields[6].Name = "sshUsers"
+	ConfigDoc.Fields[6].Name = "provider"
-	ConfigDoc.Fields[6].Type = "[]UserKey"
+	ConfigDoc.Fields[6].Type = "ProviderConfig"
 	ConfigDoc.Fields[6].Note = ""
-	ConfigDoc.Fields[6].Description = "Create SSH users on Constellation nodes."
+	ConfigDoc.Fields[6].Description = "Supported cloud providers and their specific configurations."
-	ConfigDoc.Fields[6].Comments[encoder.LineComment] = "Create SSH users on Constellation nodes."
+	ConfigDoc.Fields[6].Comments[encoder.LineComment] = "Supported cloud providers and their specific configurations."
-
+	ConfigDoc.Fields[7].Name = "sshUsers"
-	ConfigDoc.Fields[6].AddExample("", []UserKey{{Username: "Alice", PublicKey: "ssh-rsa AAAAB3NzaC...5QXHKW1rufgtJeSeJ8= alice@domain.com"}})
+	ConfigDoc.Fields[7].Type = "[]UserKey"
-	ConfigDoc.Fields[7].Name = "kubernetesVersion"
-	ConfigDoc.Fields[7].Type = "string"
 	ConfigDoc.Fields[7].Note = ""
-	ConfigDoc.Fields[7].Description = "Kubernetes version installed in the cluster."
+	ConfigDoc.Fields[7].Description = "Create SSH users on Constellation nodes."
-	ConfigDoc.Fields[7].Comments[encoder.LineComment] = "Kubernetes version installed in the cluster."
+	ConfigDoc.Fields[7].Comments[encoder.LineComment] = "Create SSH users on Constellation nodes."
+
+	ConfigDoc.Fields[7].AddExample("", []UserKey{{Username: "Alice", PublicKey: "ssh-rsa AAAAB3NzaC...5QXHKW1rufgtJeSeJ8= alice@domain.com"}})
 	ConfigDoc.Fields[8].Name = "upgrade"
 	ConfigDoc.Fields[8].Type = "UpgradeConfig"
 	ConfigDoc.Fields[8].Note = ""
@@ -172,41 +172,41 @@ func init() {
 	AzureConfigDoc.Fields[2].Note = ""
 	AzureConfigDoc.Fields[2].Description = "Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones"
 	AzureConfigDoc.Fields[2].Comments[encoder.LineComment] = "Azure datacenter region to be used. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview#azure-regions-with-availability-zones"
-	AzureConfigDoc.Fields[3].Name = "image"
+	AzureConfigDoc.Fields[3].Name = "resourceGroup"
 	AzureConfigDoc.Fields[3].Type = "string"
 	AzureConfigDoc.Fields[3].Note = ""
-	AzureConfigDoc.Fields[3].Description = "Machine image used to create Constellation nodes."
+	AzureConfigDoc.Fields[3].Description = "Resource group for the cluster's resources. Must already exist."
-	AzureConfigDoc.Fields[3].Comments[encoder.LineComment] = "Machine image used to create Constellation nodes."
+	AzureConfigDoc.Fields[3].Comments[encoder.LineComment] = "Resource group for the cluster's resources. Must already exist."
-	AzureConfigDoc.Fields[4].Name = "instanceType"
+	AzureConfigDoc.Fields[4].Name = "userAssignedIdentity"
 	AzureConfigDoc.Fields[4].Type = "string"
 	AzureConfigDoc.Fields[4].Note = ""
-	AzureConfigDoc.Fields[4].Description = "Virtual machine instance type to use for Constellation nodes."
+	AzureConfigDoc.Fields[4].Description = "Authorize spawned VMs to access Azure API."
-	AzureConfigDoc.Fields[4].Comments[encoder.LineComment] = "Virtual machine instance type to use for Constellation nodes."
+	AzureConfigDoc.Fields[4].Comments[encoder.LineComment] = "Authorize spawned VMs to access Azure API."
-	AzureConfigDoc.Fields[5].Name = "stateDiskType"
+	AzureConfigDoc.Fields[5].Name = "appClientID"
 	AzureConfigDoc.Fields[5].Type = "string"
 	AzureConfigDoc.Fields[5].Note = ""
-	AzureConfigDoc.Fields[5].Description = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison"
+	AzureConfigDoc.Fields[5].Description = "Application client ID of the Active Directory app registration."
-	AzureConfigDoc.Fields[5].Comments[encoder.LineComment] = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison"
+	AzureConfigDoc.Fields[5].Comments[encoder.LineComment] = "Application client ID of the Active Directory app registration."
-	AzureConfigDoc.Fields[6].Name = "resourceGroup"
+	AzureConfigDoc.Fields[6].Name = "clientSecretValue"
 	AzureConfigDoc.Fields[6].Type = "string"
 	AzureConfigDoc.Fields[6].Note = ""
-	AzureConfigDoc.Fields[6].Description = "Resource group to use."
+	AzureConfigDoc.Fields[6].Description = "Client secret value of the Active Directory app registration credentials."
-	AzureConfigDoc.Fields[6].Comments[encoder.LineComment] = "Resource group to use."
+	AzureConfigDoc.Fields[6].Comments[encoder.LineComment] = "Client secret value of the Active Directory app registration credentials."
-	AzureConfigDoc.Fields[7].Name = "userAssignedIdentity"
+	AzureConfigDoc.Fields[7].Name = "image"
 	AzureConfigDoc.Fields[7].Type = "string"
 	AzureConfigDoc.Fields[7].Note = ""
-	AzureConfigDoc.Fields[7].Description = "Authorize spawned VMs to access Azure API."
+	AzureConfigDoc.Fields[7].Description = "Machine image used to create Constellation nodes."
-	AzureConfigDoc.Fields[7].Comments[encoder.LineComment] = "Authorize spawned VMs to access Azure API."
+	AzureConfigDoc.Fields[7].Comments[encoder.LineComment] = "Machine image used to create Constellation nodes."
-	AzureConfigDoc.Fields[8].Name = "appClientID"
+	AzureConfigDoc.Fields[8].Name = "instanceType"
 	AzureConfigDoc.Fields[8].Type = "string"
 	AzureConfigDoc.Fields[8].Note = ""
-	AzureConfigDoc.Fields[8].Description = "Application client ID of the Active Directory app registration."
+	AzureConfigDoc.Fields[8].Description = "VM instance type to use for Constellation nodes."
-	AzureConfigDoc.Fields[8].Comments[encoder.LineComment] = "Application client ID of the Active Directory app registration."
+	AzureConfigDoc.Fields[8].Comments[encoder.LineComment] = "VM instance type to use for Constellation nodes."
-	AzureConfigDoc.Fields[9].Name = "clientSecretValue"
+	AzureConfigDoc.Fields[9].Name = "stateDiskType"
 	AzureConfigDoc.Fields[9].Type = "string"
 	AzureConfigDoc.Fields[9].Note = ""
-	AzureConfigDoc.Fields[9].Description = "Client secret value of the Active Directory app registration credentials."
+	AzureConfigDoc.Fields[9].Description = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison"
-	AzureConfigDoc.Fields[9].Comments[encoder.LineComment] = "Client secret value of the Active Directory app registration credentials."
+	AzureConfigDoc.Fields[9].Comments[encoder.LineComment] = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://docs.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison"
 	AzureConfigDoc.Fields[10].Name = "measurements"
 	AzureConfigDoc.Fields[10].Type = "Measurements"
 	AzureConfigDoc.Fields[10].Note = ""
@@ -230,8 +230,8 @@ func init() {
 	AzureConfigDoc.Fields[14].Name = "confidentialVM"
 	AzureConfigDoc.Fields[14].Type = "bool"
 	AzureConfigDoc.Fields[14].Note = ""
-	AzureConfigDoc.Fields[14].Description = "Use VMs with security type Confidential VM. If set to false, Trusted Launch VMs will be used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview"
+	AzureConfigDoc.Fields[14].Description = "Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview"
-	AzureConfigDoc.Fields[14].Comments[encoder.LineComment] = "Use VMs with security type Confidential VM. If set to false, Trusted Launch VMs will be used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview"
+	AzureConfigDoc.Fields[14].Comments[encoder.LineComment] = "Use Confidential VMs. If set to false, Trusted Launch VMs are used instead. See: https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview"
 
 	GCPConfigDoc.Type = "GCPConfig"
 	GCPConfigDoc.Comments[encoder.LineComment] = "GCPConfig are GCP specific configuration values used by the CLI."
@@ -258,26 +258,26 @@ func init() {
 	GCPConfigDoc.Fields[2].Note = ""
 	GCPConfigDoc.Fields[2].Description = "GCP datacenter zone. See: https://cloud.google.com/compute/docs/regions-zones#available"
 	GCPConfigDoc.Fields[2].Comments[encoder.LineComment] = "GCP datacenter zone. See: https://cloud.google.com/compute/docs/regions-zones#available"
-	GCPConfigDoc.Fields[3].Name = "image"
+	GCPConfigDoc.Fields[3].Name = "serviceAccountKeyPath"
 	GCPConfigDoc.Fields[3].Type = "string"
 	GCPConfigDoc.Fields[3].Note = ""
-	GCPConfigDoc.Fields[3].Description = "Machine image used to create Constellation nodes."
+	GCPConfigDoc.Fields[3].Description = "Path of service account key file. For required service account roles, see https://docs.edgeless.systems/constellation/getting-started/install#authorization"
-	GCPConfigDoc.Fields[3].Comments[encoder.LineComment] = "Machine image used to create Constellation nodes."
+	GCPConfigDoc.Fields[3].Comments[encoder.LineComment] = "Path of service account key file. For required service account roles, see https://docs.edgeless.systems/constellation/getting-started/install#authorization"
-	GCPConfigDoc.Fields[4].Name = "instanceType"
+	GCPConfigDoc.Fields[4].Name = "image"
 	GCPConfigDoc.Fields[4].Type = "string"
 	GCPConfigDoc.Fields[4].Note = ""
-	GCPConfigDoc.Fields[4].Description = "Virtual machine instance type to use for Constellation nodes."
+	GCPConfigDoc.Fields[4].Description = "Machine image used to create Constellation nodes."
-	GCPConfigDoc.Fields[4].Comments[encoder.LineComment] = "Virtual machine instance type to use for Constellation nodes."
+	GCPConfigDoc.Fields[4].Comments[encoder.LineComment] = "Machine image used to create Constellation nodes."
-	GCPConfigDoc.Fields[5].Name = "stateDiskType"
+	GCPConfigDoc.Fields[5].Name = "instanceType"
 	GCPConfigDoc.Fields[5].Type = "string"
 	GCPConfigDoc.Fields[5].Note = ""
-	GCPConfigDoc.Fields[5].Description = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types"
+	GCPConfigDoc.Fields[5].Description = "VM instance type to use for Constellation nodes."
-	GCPConfigDoc.Fields[5].Comments[encoder.LineComment] = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types"
+	GCPConfigDoc.Fields[5].Comments[encoder.LineComment] = "VM instance type to use for Constellation nodes."
-	GCPConfigDoc.Fields[6].Name = "serviceAccountKeyPath"
+	GCPConfigDoc.Fields[6].Name = "stateDiskType"
 	GCPConfigDoc.Fields[6].Type = "string"
 	GCPConfigDoc.Fields[6].Note = ""
-	GCPConfigDoc.Fields[6].Description = "Path of service account key file. For needed service account roles, see https://constellation-docs.edgeless.systems/constellation/getting-started/install#authorization"
+	GCPConfigDoc.Fields[6].Description = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types"
-	GCPConfigDoc.Fields[6].Comments[encoder.LineComment] = "Path of service account key file. For needed service account roles, see https://constellation-docs.edgeless.systems/constellation/getting-started/install#authorization"
+	GCPConfigDoc.Fields[6].Comments[encoder.LineComment] = "Type of a node's state disk. The type influences boot time and I/O performance. See: https://cloud.google.com/compute/docs/disks#disk-types"
 	GCPConfigDoc.Fields[7].Name = "measurements"
 	GCPConfigDoc.Fields[7].Type = "Measurements"
 	GCPConfigDoc.Fields[7].Note = ""

internal/config/config_test.go

@@ -23,8 +23,6 @@ import (
 	"go.uber.org/goleak"
 )
 
-const defaultMsgCount = 13 // expect this number of error messages by default because user-specific values are not set and multiple providers are defined by default
-
 func TestMain(m *testing.M) {
 	goleak.VerifyTestMain(m)
 }
@@ -160,6 +158,8 @@ func TestFromFileStrictErrors(t *testing.T) {
 }
 
 func TestValidate(t *testing.T) {
+	const defaultMsgCount = 14 // expect this number of error messages by default because user-specific values are not set and multiple providers are defined by default
+
 	testCases := map[string]struct {
 		cnf          *Config
 		wantMsgCount int