mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-09-19 15:56:03 +00:00
cli: allow tagging cloud resources with custom tags (#3033)
This commit is contained in:
parent
f60c133724
commit
b187966581
@ -104,6 +104,7 @@ func awsTerraformVars(conf *config.Config, imageRef string) *terraform.AWSCluste
|
|||||||
EnableSNP: conf.GetAttestationConfig().GetVariant().Equal(variant.AWSSEVSNP{}),
|
EnableSNP: conf.GetAttestationConfig().GetVariant().Equal(variant.AWSSEVSNP{}),
|
||||||
CustomEndpoint: conf.CustomEndpoint,
|
CustomEndpoint: conf.CustomEndpoint,
|
||||||
InternalLoadBalancer: conf.InternalLoadBalancer,
|
InternalLoadBalancer: conf.InternalLoadBalancer,
|
||||||
|
AdditionalTags: conf.Tags,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -158,6 +159,7 @@ func azureTerraformVars(conf *config.Config, imageRef string) (*terraform.AzureC
|
|||||||
CustomEndpoint: conf.CustomEndpoint,
|
CustomEndpoint: conf.CustomEndpoint,
|
||||||
InternalLoadBalancer: conf.InternalLoadBalancer,
|
InternalLoadBalancer: conf.InternalLoadBalancer,
|
||||||
MarketplaceImage: nil,
|
MarketplaceImage: nil,
|
||||||
|
AdditionalTags: conf.Tags,
|
||||||
}
|
}
|
||||||
|
|
||||||
if conf.UseMarketplaceImage() {
|
if conf.UseMarketplaceImage() {
|
||||||
@ -226,6 +228,7 @@ func gcpTerraformVars(conf *config.Config, imageRef string) *terraform.GCPCluste
|
|||||||
CustomEndpoint: conf.CustomEndpoint,
|
CustomEndpoint: conf.CustomEndpoint,
|
||||||
InternalLoadBalancer: conf.InternalLoadBalancer,
|
InternalLoadBalancer: conf.InternalLoadBalancer,
|
||||||
CCTechnology: ccTech,
|
CCTechnology: ccTech,
|
||||||
|
AdditionalLabels: conf.Tags,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -261,6 +264,14 @@ func openStackTerraformVars(conf *config.Config, imageRef string) (*terraform.Op
|
|||||||
StateDiskType: group.StateDiskType,
|
StateDiskType: group.StateDiskType,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// since openstack does not support tags in the form of key = value, the tags will be converted
|
||||||
|
// to an array of "key=value" strings
|
||||||
|
tags := []string{}
|
||||||
|
for key, value := range conf.Tags {
|
||||||
|
tags = append(tags, fmt.Sprintf("%s=%s", key, value))
|
||||||
|
}
|
||||||
|
|
||||||
return &terraform.OpenStackClusterVariables{
|
return &terraform.OpenStackClusterVariables{
|
||||||
Name: conf.Name,
|
Name: conf.Name,
|
||||||
Cloud: toPtr(conf.Provider.OpenStack.Cloud),
|
Cloud: toPtr(conf.Provider.OpenStack.Cloud),
|
||||||
@ -272,6 +283,7 @@ func openStackTerraformVars(conf *config.Config, imageRef string) (*terraform.Op
|
|||||||
CustomEndpoint: conf.CustomEndpoint,
|
CustomEndpoint: conf.CustomEndpoint,
|
||||||
InternalLoadBalancer: conf.InternalLoadBalancer,
|
InternalLoadBalancer: conf.InternalLoadBalancer,
|
||||||
STACKITProjectID: conf.Provider.OpenStack.STACKITProjectID,
|
STACKITProjectID: conf.Provider.OpenStack.STACKITProjectID,
|
||||||
|
AdditionalTags: tags,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -37,6 +37,7 @@ func newConfigGenerateCmd() *cobra.Command {
|
|||||||
}
|
}
|
||||||
cmd.Flags().StringP("kubernetes", "k", semver.MajorMinor(string(config.Default().KubernetesVersion)), "Kubernetes version to use in format MAJOR.MINOR")
|
cmd.Flags().StringP("kubernetes", "k", semver.MajorMinor(string(config.Default().KubernetesVersion)), "Kubernetes version to use in format MAJOR.MINOR")
|
||||||
cmd.Flags().StringP("attestation", "a", "", fmt.Sprintf("attestation variant to use %s. If not specified, the default for the cloud provider is used", printFormattedSlice(variant.GetAvailableAttestationVariants())))
|
cmd.Flags().StringP("attestation", "a", "", fmt.Sprintf("attestation variant to use %s. If not specified, the default for the cloud provider is used", printFormattedSlice(variant.GetAvailableAttestationVariants())))
|
||||||
|
cmd.Flags().StringSliceP("tags", "t", nil, "additional tags for created resources given a list of key=value")
|
||||||
|
|
||||||
return cmd
|
return cmd
|
||||||
}
|
}
|
||||||
@ -45,6 +46,7 @@ type generateFlags struct {
|
|||||||
rootFlags
|
rootFlags
|
||||||
k8sVersion versions.ValidK8sVersion
|
k8sVersion versions.ValidK8sVersion
|
||||||
attestationVariant variant.Variant
|
attestationVariant variant.Variant
|
||||||
|
tags cloudprovider.Tags
|
||||||
}
|
}
|
||||||
|
|
||||||
func (f *generateFlags) parse(flags *pflag.FlagSet) error {
|
func (f *generateFlags) parse(flags *pflag.FlagSet) error {
|
||||||
@ -64,6 +66,12 @@ func (f *generateFlags) parse(flags *pflag.FlagSet) error {
|
|||||||
}
|
}
|
||||||
f.attestationVariant = variant
|
f.attestationVariant = variant
|
||||||
|
|
||||||
|
tags, err := parseTagsFlags(flags)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
f.tags = tags
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -99,6 +107,7 @@ func (cg *configGenerateCmd) configGenerate(cmd *cobra.Command, fileHandler file
|
|||||||
return fmt.Errorf("creating config: %w", err)
|
return fmt.Errorf("creating config: %w", err)
|
||||||
}
|
}
|
||||||
conf.KubernetesVersion = cg.flags.k8sVersion
|
conf.KubernetesVersion = cg.flags.k8sVersion
|
||||||
|
conf.Tags = cg.flags.tags
|
||||||
cg.log.Debug("Writing YAML data to configuration file")
|
cg.log.Debug("Writing YAML data to configuration file")
|
||||||
if err := fileHandler.WriteYAML(constants.ConfigFilename, conf, file.OptMkdirAll); err != nil {
|
if err := fileHandler.WriteYAML(constants.ConfigFilename, conf, file.OptMkdirAll); err != nil {
|
||||||
return fmt.Errorf("writing config file: %w", err)
|
return fmt.Errorf("writing config file: %w", err)
|
||||||
@ -221,3 +230,27 @@ func parseAttestationFlag(flags *pflag.FlagSet) (variant.Variant, error) {
|
|||||||
|
|
||||||
return attestationVariant, nil
|
return attestationVariant, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func parseTagsFlags(flags *pflag.FlagSet) (cloudprovider.Tags, error) {
|
||||||
|
tagsSlice, err := flags.GetStringSlice("tags")
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("getting tags flag: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// no tags given
|
||||||
|
if tagsSlice == nil {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
tags := make(cloudprovider.Tags)
|
||||||
|
for _, tag := range tagsSlice {
|
||||||
|
tagSplit := strings.Split(tag, "=")
|
||||||
|
if len(tagSplit) != 2 {
|
||||||
|
return nil, fmt.Errorf("wrong format of tags: expected \"key=value\", got %q", tag)
|
||||||
|
}
|
||||||
|
|
||||||
|
tags[tagSplit[0]] = tagSplit[1]
|
||||||
|
}
|
||||||
|
|
||||||
|
return tags, nil
|
||||||
|
}
|
||||||
|
@ -9,6 +9,7 @@ package terraform
|
|||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
|
||||||
"github.com/hashicorp/hcl/v2"
|
"github.com/hashicorp/hcl/v2"
|
||||||
"github.com/hashicorp/hcl/v2/gohcl"
|
"github.com/hashicorp/hcl/v2/gohcl"
|
||||||
"github.com/hashicorp/hcl/v2/hclsyntax"
|
"github.com/hashicorp/hcl/v2/hclsyntax"
|
||||||
@ -69,6 +70,8 @@ type AWSClusterVariables struct {
|
|||||||
CustomEndpoint string `hcl:"custom_endpoint" cty:"custom_endpoint"`
|
CustomEndpoint string `hcl:"custom_endpoint" cty:"custom_endpoint"`
|
||||||
// InternalLoadBalancer is true if an internal load balancer should be created.
|
// InternalLoadBalancer is true if an internal load balancer should be created.
|
||||||
InternalLoadBalancer bool `hcl:"internal_load_balancer" cty:"internal_load_balancer"`
|
InternalLoadBalancer bool `hcl:"internal_load_balancer" cty:"internal_load_balancer"`
|
||||||
|
// AdditionalTags describes (optional) additional tags that should be applied to created resources.
|
||||||
|
AdditionalTags cloudprovider.Tags `hcl:"additional_tags" cty:"additional_tags"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetCreateMAA gets the CreateMAA variable.
|
// GetCreateMAA gets the CreateMAA variable.
|
||||||
@ -138,6 +141,8 @@ type GCPClusterVariables struct {
|
|||||||
InternalLoadBalancer bool `hcl:"internal_load_balancer" cty:"internal_load_balancer"`
|
InternalLoadBalancer bool `hcl:"internal_load_balancer" cty:"internal_load_balancer"`
|
||||||
// CCTechnology is the confidential computing technology to use on the VMs. (`SEV` or `SEV_SNP`)
|
// CCTechnology is the confidential computing technology to use on the VMs. (`SEV` or `SEV_SNP`)
|
||||||
CCTechnology string `hcl:"cc_technology" cty:"cc_technology"`
|
CCTechnology string `hcl:"cc_technology" cty:"cc_technology"`
|
||||||
|
// AdditionalLables are (optional) additional labels that should be applied to created resources.
|
||||||
|
AdditionalLabels cloudprovider.Tags `hcl:"additional_labels" cty:"additional_labels"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetCreateMAA gets the CreateMAA variable.
|
// GetCreateMAA gets the CreateMAA variable.
|
||||||
@ -214,6 +219,8 @@ type AzureClusterVariables struct {
|
|||||||
InternalLoadBalancer bool `hcl:"internal_load_balancer" cty:"internal_load_balancer"`
|
InternalLoadBalancer bool `hcl:"internal_load_balancer" cty:"internal_load_balancer"`
|
||||||
// MarketplaceImage is the (optional) Azure Marketplace image to use.
|
// MarketplaceImage is the (optional) Azure Marketplace image to use.
|
||||||
MarketplaceImage *AzureMarketplaceImageVariables `hcl:"marketplace_image" cty:"marketplace_image"`
|
MarketplaceImage *AzureMarketplaceImageVariables `hcl:"marketplace_image" cty:"marketplace_image"`
|
||||||
|
// AdditionalTags are (optional) additional tags that get applied to created resources.
|
||||||
|
AdditionalTags cloudprovider.Tags `hcl:"additional_tags" cty:"additional_tags"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetCreateMAA gets the CreateMAA variable.
|
// GetCreateMAA gets the CreateMAA variable.
|
||||||
@ -295,7 +302,8 @@ type OpenStackClusterVariables struct {
|
|||||||
// CustomEndpoint is the (optional) custom dns hostname for the kubernetes api server.
|
// CustomEndpoint is the (optional) custom dns hostname for the kubernetes api server.
|
||||||
CustomEndpoint string `hcl:"custom_endpoint" cty:"custom_endpoint"`
|
CustomEndpoint string `hcl:"custom_endpoint" cty:"custom_endpoint"`
|
||||||
// InternalLoadBalancer is true if an internal load balancer should be created.
|
// InternalLoadBalancer is true if an internal load balancer should be created.
|
||||||
InternalLoadBalancer bool `hcl:"internal_load_balancer" cty:"internal_load_balancer"`
|
InternalLoadBalancer bool `hcl:"internal_load_balancer" cty:"internal_load_balancer"`
|
||||||
|
AdditionalTags []string `hcl:"additional_tags" cty:"additional_tags"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetCreateMAA gets the CreateMAA variable.
|
// GetCreateMAA gets the CreateMAA variable.
|
||||||
|
@ -76,6 +76,7 @@ node_groups = {
|
|||||||
}
|
}
|
||||||
custom_endpoint = "example.com"
|
custom_endpoint = "example.com"
|
||||||
internal_load_balancer = false
|
internal_load_balancer = false
|
||||||
|
additional_tags = null
|
||||||
`
|
`
|
||||||
got := vars.String()
|
got := vars.String()
|
||||||
assert.Equal(t, strings.Fields(want), strings.Fields(got)) // to ignore whitespace differences
|
assert.Equal(t, strings.Fields(want), strings.Fields(got)) // to ignore whitespace differences
|
||||||
@ -153,6 +154,7 @@ node_groups = {
|
|||||||
custom_endpoint = "example.com"
|
custom_endpoint = "example.com"
|
||||||
internal_load_balancer = false
|
internal_load_balancer = false
|
||||||
cc_technology = "SEV_SNP"
|
cc_technology = "SEV_SNP"
|
||||||
|
additional_labels = null
|
||||||
`
|
`
|
||||||
got := vars.String()
|
got := vars.String()
|
||||||
assert.Equal(t, strings.Fields(want), strings.Fields(got)) // to ignore whitespace differences
|
assert.Equal(t, strings.Fields(want), strings.Fields(got)) // to ignore whitespace differences
|
||||||
@ -231,6 +233,7 @@ marketplace_image = {
|
|||||||
publisher = "edgelesssys"
|
publisher = "edgelesssys"
|
||||||
version = "2.13.0"
|
version = "2.13.0"
|
||||||
}
|
}
|
||||||
|
additional_tags = null
|
||||||
`
|
`
|
||||||
got := vars.String()
|
got := vars.String()
|
||||||
assert.Equal(t, strings.Fields(want), strings.Fields(got)) // to ignore whitespace differences
|
assert.Equal(t, strings.Fields(want), strings.Fields(got)) // to ignore whitespace differences
|
||||||
@ -294,6 +297,7 @@ image_id = "8e10b92d-8f7a-458c-91c6-59b42f82ef81"
|
|||||||
debug = true
|
debug = true
|
||||||
custom_endpoint = "example.com"
|
custom_endpoint = "example.com"
|
||||||
internal_load_balancer = false
|
internal_load_balancer = false
|
||||||
|
additional_tags = null
|
||||||
`
|
`
|
||||||
got := vars.String()
|
got := vars.String()
|
||||||
assert.Equal(t, strings.Fields(want), strings.Fields(got)) // to ignore whitespace differences
|
assert.Equal(t, strings.Fields(want), strings.Fields(got)) // to ignore whitespace differences
|
||||||
|
@ -81,6 +81,7 @@ constellation config generate {aws|azure|gcp|openstack|qemu|stackit} [flags]
|
|||||||
-a, --attestation string attestation variant to use {aws-sev-snp|aws-nitro-tpm|azure-sev-snp|azure-tdx|azure-trustedlaunch|gcp-sev-es|gcp-sev-snp|qemu-vtpm}. If not specified, the default for the cloud provider is used
|
-a, --attestation string attestation variant to use {aws-sev-snp|aws-nitro-tpm|azure-sev-snp|azure-tdx|azure-trustedlaunch|gcp-sev-es|gcp-sev-snp|qemu-vtpm}. If not specified, the default for the cloud provider is used
|
||||||
-h, --help help for generate
|
-h, --help help for generate
|
||||||
-k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR (default "v1.28")
|
-k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR (default "v1.28")
|
||||||
|
-t, --tags strings additional tags for created resources given a list of key=value
|
||||||
```
|
```
|
||||||
|
|
||||||
### Options inherited from parent commands
|
### Options inherited from parent commands
|
||||||
|
@ -16,6 +16,9 @@ import (
|
|||||||
// Provider is cloud provider used by the CLI.
|
// Provider is cloud provider used by the CLI.
|
||||||
type Provider uint32
|
type Provider uint32
|
||||||
|
|
||||||
|
// Tags is the type that holds additional tags for cloud resources.
|
||||||
|
type Tags map[string]string
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// Unknown is default value for Provider.
|
// Unknown is default value for Provider.
|
||||||
Unknown Provider = iota
|
Unknown Provider = iota
|
||||||
|
@ -89,6 +89,9 @@ type Config struct {
|
|||||||
// The Kubernetes Service CIDR to be used for the cluster. This value will only be used during the first initialization of the Constellation.
|
// The Kubernetes Service CIDR to be used for the cluster. This value will only be used during the first initialization of the Constellation.
|
||||||
ServiceCIDR string `yaml:"serviceCIDR" validate:"omitempty,cidrv4"`
|
ServiceCIDR string `yaml:"serviceCIDR" validate:"omitempty,cidrv4"`
|
||||||
// description: |
|
// description: |
|
||||||
|
// Additional tags that are applied to created resources.
|
||||||
|
Tags cloudprovider.Tags `yaml:"tags" validate:"omitempty"`
|
||||||
|
// description: |
|
||||||
// Supported cloud providers and their specific configurations.
|
// Supported cloud providers and their specific configurations.
|
||||||
Provider ProviderConfig `yaml:"provider" validate:"dive"`
|
Provider ProviderConfig `yaml:"provider" validate:"dive"`
|
||||||
// description: |
|
// description: |
|
||||||
@ -322,6 +325,7 @@ func Default() *Config {
|
|||||||
KubernetesVersion: versions.Default,
|
KubernetesVersion: versions.Default,
|
||||||
DebugCluster: toPtr(false),
|
DebugCluster: toPtr(false),
|
||||||
ServiceCIDR: "10.96.0.0/12",
|
ServiceCIDR: "10.96.0.0/12",
|
||||||
|
Tags: cloudprovider.Tags{},
|
||||||
Provider: ProviderConfig{
|
Provider: ProviderConfig{
|
||||||
AWS: &AWSConfig{
|
AWS: &AWSConfig{
|
||||||
Region: "",
|
Region: "",
|
||||||
|
@ -37,7 +37,7 @@ func init() {
|
|||||||
ConfigDoc.Type = "Config"
|
ConfigDoc.Type = "Config"
|
||||||
ConfigDoc.Comments[encoder.LineComment] = "Config defines configuration used by CLI."
|
ConfigDoc.Comments[encoder.LineComment] = "Config defines configuration used by CLI."
|
||||||
ConfigDoc.Description = "Config defines configuration used by CLI."
|
ConfigDoc.Description = "Config defines configuration used by CLI."
|
||||||
ConfigDoc.Fields = make([]encoder.Doc, 12)
|
ConfigDoc.Fields = make([]encoder.Doc, 13)
|
||||||
ConfigDoc.Fields[0].Name = "version"
|
ConfigDoc.Fields[0].Name = "version"
|
||||||
ConfigDoc.Fields[0].Type = "string"
|
ConfigDoc.Fields[0].Type = "string"
|
||||||
ConfigDoc.Fields[0].Note = ""
|
ConfigDoc.Fields[0].Note = ""
|
||||||
@ -83,21 +83,26 @@ func init() {
|
|||||||
ConfigDoc.Fields[8].Note = ""
|
ConfigDoc.Fields[8].Note = ""
|
||||||
ConfigDoc.Fields[8].Description = "The Kubernetes Service CIDR to be used for the cluster. This value will only be used during the first initialization of the Constellation."
|
ConfigDoc.Fields[8].Description = "The Kubernetes Service CIDR to be used for the cluster. This value will only be used during the first initialization of the Constellation."
|
||||||
ConfigDoc.Fields[8].Comments[encoder.LineComment] = "The Kubernetes Service CIDR to be used for the cluster. This value will only be used during the first initialization of the Constellation."
|
ConfigDoc.Fields[8].Comments[encoder.LineComment] = "The Kubernetes Service CIDR to be used for the cluster. This value will only be used during the first initialization of the Constellation."
|
||||||
ConfigDoc.Fields[9].Name = "provider"
|
ConfigDoc.Fields[9].Name = "tags"
|
||||||
ConfigDoc.Fields[9].Type = "ProviderConfig"
|
ConfigDoc.Fields[9].Type = "Tags"
|
||||||
ConfigDoc.Fields[9].Note = ""
|
ConfigDoc.Fields[9].Note = ""
|
||||||
ConfigDoc.Fields[9].Description = "Supported cloud providers and their specific configurations."
|
ConfigDoc.Fields[9].Description = "Additional tags that are applied to created resources."
|
||||||
ConfigDoc.Fields[9].Comments[encoder.LineComment] = "Supported cloud providers and their specific configurations."
|
ConfigDoc.Fields[9].Comments[encoder.LineComment] = "Additional tags that are applied to created resources."
|
||||||
ConfigDoc.Fields[10].Name = "nodeGroups"
|
ConfigDoc.Fields[10].Name = "provider"
|
||||||
ConfigDoc.Fields[10].Type = "map[string]NodeGroup"
|
ConfigDoc.Fields[10].Type = "ProviderConfig"
|
||||||
ConfigDoc.Fields[10].Note = ""
|
ConfigDoc.Fields[10].Note = ""
|
||||||
ConfigDoc.Fields[10].Description = "Node groups to be created in the cluster."
|
ConfigDoc.Fields[10].Description = "Supported cloud providers and their specific configurations."
|
||||||
ConfigDoc.Fields[10].Comments[encoder.LineComment] = "Node groups to be created in the cluster."
|
ConfigDoc.Fields[10].Comments[encoder.LineComment] = "Supported cloud providers and their specific configurations."
|
||||||
ConfigDoc.Fields[11].Name = "attestation"
|
ConfigDoc.Fields[11].Name = "nodeGroups"
|
||||||
ConfigDoc.Fields[11].Type = "AttestationConfig"
|
ConfigDoc.Fields[11].Type = "map[string]NodeGroup"
|
||||||
ConfigDoc.Fields[11].Note = ""
|
ConfigDoc.Fields[11].Note = ""
|
||||||
ConfigDoc.Fields[11].Description = "Configuration for attestation validation. This configuration provides sensible defaults for the Constellation version it was created for.\nSee the docs for an overview on attestation: https://docs.edgeless.systems/constellation/architecture/attestation"
|
ConfigDoc.Fields[11].Description = "Node groups to be created in the cluster."
|
||||||
ConfigDoc.Fields[11].Comments[encoder.LineComment] = "Configuration for attestation validation. This configuration provides sensible defaults for the Constellation version it was created for.\nSee the docs for an overview on attestation: https://docs.edgeless.systems/constellation/architecture/attestation"
|
ConfigDoc.Fields[11].Comments[encoder.LineComment] = "Node groups to be created in the cluster."
|
||||||
|
ConfigDoc.Fields[12].Name = "attestation"
|
||||||
|
ConfigDoc.Fields[12].Type = "AttestationConfig"
|
||||||
|
ConfigDoc.Fields[12].Note = ""
|
||||||
|
ConfigDoc.Fields[12].Description = "Configuration for attestation validation. This configuration provides sensible defaults for the Constellation version it was created for.\nSee the docs for an overview on attestation: https://docs.edgeless.systems/constellation/architecture/attestation"
|
||||||
|
ConfigDoc.Fields[12].Comments[encoder.LineComment] = "Configuration for attestation validation. This configuration provides sensible defaults for the Constellation version it was created for.\nSee the docs for an overview on attestation: https://docs.edgeless.systems/constellation/architecture/attestation"
|
||||||
|
|
||||||
ProviderConfigDoc.Type = "ProviderConfig"
|
ProviderConfigDoc.Type = "ProviderConfig"
|
||||||
ProviderConfigDoc.Comments[encoder.LineComment] = "ProviderConfig are cloud-provider specific configuration values used by the CLI."
|
ProviderConfigDoc.Comments[encoder.LineComment] = "ProviderConfig are cloud-provider specific configuration values used by the CLI."
|
||||||
|
@ -68,7 +68,7 @@ resource "random_password" "init_secret" {
|
|||||||
|
|
||||||
resource "aws_vpc" "vpc" {
|
resource "aws_vpc" "vpc" {
|
||||||
cidr_block = "192.168.0.0/16"
|
cidr_block = "192.168.0.0/16"
|
||||||
tags = merge(local.tags, { Name = "${local.name}-vpc" })
|
tags = merge(local.tags, var.additional_tags, { Name = "${local.name}-vpc" })
|
||||||
}
|
}
|
||||||
|
|
||||||
module "public_private_subnet" {
|
module "public_private_subnet" {
|
||||||
@ -79,7 +79,7 @@ module "public_private_subnet" {
|
|||||||
cidr_vpc_subnet_internet = "192.168.0.0/20"
|
cidr_vpc_subnet_internet = "192.168.0.0/20"
|
||||||
zone = var.zone
|
zone = var.zone
|
||||||
zones = local.zones
|
zones = local.zones
|
||||||
tags = local.tags
|
tags = merge(local.tags, var.additional_tags)
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_eip" "lb" {
|
resource "aws_eip" "lb" {
|
||||||
@ -89,14 +89,14 @@ resource "aws_eip" "lb" {
|
|||||||
# control-plane.
|
# control-plane.
|
||||||
for_each = var.internal_load_balancer ? [] : toset([var.zone])
|
for_each = var.internal_load_balancer ? [] : toset([var.zone])
|
||||||
domain = "vpc"
|
domain = "vpc"
|
||||||
tags = merge(local.tags, { "constellation-ip-endpoint" = each.key == var.zone ? "legacy-primary-zone" : "additional-zone" })
|
tags = merge(local.tags, var.additional_tags, { "constellation-ip-endpoint" = each.key == var.zone ? "legacy-primary-zone" : "additional-zone" })
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_lb" "front_end" {
|
resource "aws_lb" "front_end" {
|
||||||
name = "${local.name}-loadbalancer"
|
name = "${local.name}-loadbalancer"
|
||||||
internal = var.internal_load_balancer
|
internal = var.internal_load_balancer
|
||||||
load_balancer_type = "network"
|
load_balancer_type = "network"
|
||||||
tags = local.tags
|
tags = merge(local.tags, var.additional_tags)
|
||||||
security_groups = [aws_security_group.security_group.id]
|
security_groups = [aws_security_group.security_group.id]
|
||||||
|
|
||||||
dynamic "subnet_mapping" {
|
dynamic "subnet_mapping" {
|
||||||
@ -123,7 +123,7 @@ resource "aws_security_group" "security_group" {
|
|||||||
name = local.name
|
name = local.name
|
||||||
vpc_id = aws_vpc.vpc.id
|
vpc_id = aws_vpc.vpc.id
|
||||||
description = "Security group for ${local.name}"
|
description = "Security group for ${local.name}"
|
||||||
tags = local.tags
|
tags = merge(local.tags, var.additional_tags)
|
||||||
|
|
||||||
egress {
|
egress {
|
||||||
from_port = 0
|
from_port = 0
|
||||||
@ -171,7 +171,7 @@ module "load_balancer_targets" {
|
|||||||
healthcheck_path = each.value.name == "kubernetes" ? "/readyz" : ""
|
healthcheck_path = each.value.name == "kubernetes" ? "/readyz" : ""
|
||||||
vpc_id = aws_vpc.vpc.id
|
vpc_id = aws_vpc.vpc.id
|
||||||
lb_arn = aws_lb.front_end.arn
|
lb_arn = aws_lb.front_end.arn
|
||||||
tags = local.tags
|
tags = merge(local.tags, var.additional_tags)
|
||||||
}
|
}
|
||||||
|
|
||||||
module "instance_group" {
|
module "instance_group" {
|
||||||
@ -194,6 +194,7 @@ module "instance_group" {
|
|||||||
enable_snp = var.enable_snp
|
enable_snp = var.enable_snp
|
||||||
tags = merge(
|
tags = merge(
|
||||||
local.tags,
|
local.tags,
|
||||||
|
var.additional_tags,
|
||||||
{ Name = "${local.name}-${each.value.role}" },
|
{ Name = "${local.name}-${each.value.role}" },
|
||||||
{ constellation-role = each.value.role },
|
{ constellation-role = each.value.role },
|
||||||
{ constellation-node-group = each.key },
|
{ constellation-node-group = each.key },
|
||||||
@ -212,4 +213,5 @@ module "jump_host" {
|
|||||||
ports = [for port in local.load_balancer_ports : port.port]
|
ports = [for port in local.load_balancer_ports : port.port]
|
||||||
security_groups = [aws_security_group.security_group.id]
|
security_groups = [aws_security_group.security_group.id]
|
||||||
iam_instance_profile = var.iam_instance_profile_name_worker_nodes
|
iam_instance_profile = var.iam_instance_profile_name_worker_nodes
|
||||||
|
additional_tags = var.additional_tags
|
||||||
}
|
}
|
||||||
|
@ -26,9 +26,9 @@ resource "aws_instance" "jump_host" {
|
|||||||
subnet_id = var.subnet_id
|
subnet_id = var.subnet_id
|
||||||
vpc_security_group_ids = var.security_groups
|
vpc_security_group_ids = var.security_groups
|
||||||
|
|
||||||
tags = {
|
tags = merge(var.additional_tags, {
|
||||||
"Name" = "${var.base_name}-jump-host"
|
"Name" = "${var.base_name}-jump-host"
|
||||||
}
|
})
|
||||||
|
|
||||||
user_data = <<EOF
|
user_data = <<EOF
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
@ -27,3 +27,8 @@ variable "security_groups" {
|
|||||||
type = list(string)
|
type = list(string)
|
||||||
description = "List of IDs of the security groups for an instance."
|
description = "List of IDs of the security groups for an instance."
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "additional_tags" {
|
||||||
|
type = map(any)
|
||||||
|
description = "Additional tags for the jump host."
|
||||||
|
}
|
||||||
|
@ -79,3 +79,8 @@ variable "enable_snp" {
|
|||||||
default = true
|
default = true
|
||||||
description = "Enable AMD SEV SNP. Setting this to true sets the cpu-option AmdSevSnp to enable."
|
description = "Enable AMD SEV SNP. Setting this to true sets the cpu-option AmdSevSnp to enable."
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "additional_tags" {
|
||||||
|
type = map(any)
|
||||||
|
description = "Additional tags that should be applied to created resources."
|
||||||
|
}
|
||||||
|
@ -75,6 +75,8 @@ resource "azurerm_attestation_provider" "attestation_provider" {
|
|||||||
# Related issue: https://github.com/hashicorp/terraform-provider-azurerm/issues/21998
|
# Related issue: https://github.com/hashicorp/terraform-provider-azurerm/issues/21998
|
||||||
ignore_changes = [open_enclave_policy_base64, sgx_enclave_policy_base64, tpm_policy_base64, sev_snp_policy_base64]
|
ignore_changes = [open_enclave_policy_base64, sgx_enclave_policy_base64, tpm_policy_base64, sev_snp_policy_base64]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
tags = var.additional_tags
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "azurerm_public_ip" "loadbalancer_ip" {
|
resource "azurerm_public_ip" "loadbalancer_ip" {
|
||||||
@ -85,7 +87,7 @@ resource "azurerm_public_ip" "loadbalancer_ip" {
|
|||||||
location = var.location
|
location = var.location
|
||||||
allocation_method = "Static"
|
allocation_method = "Static"
|
||||||
sku = "Standard"
|
sku = "Standard"
|
||||||
tags = local.tags
|
tags = merge(local.tags, var.additional_tags)
|
||||||
|
|
||||||
lifecycle {
|
lifecycle {
|
||||||
ignore_changes = [name]
|
ignore_changes = [name]
|
||||||
@ -111,7 +113,7 @@ resource "azurerm_public_ip" "nat_gateway_ip" {
|
|||||||
location = var.location
|
location = var.location
|
||||||
allocation_method = "Static"
|
allocation_method = "Static"
|
||||||
sku = "Standard"
|
sku = "Standard"
|
||||||
tags = local.tags
|
tags = merge(local.tags, var.additional_tags)
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "azurerm_nat_gateway" "gateway" {
|
resource "azurerm_nat_gateway" "gateway" {
|
||||||
@ -120,6 +122,7 @@ resource "azurerm_nat_gateway" "gateway" {
|
|||||||
resource_group_name = var.resource_group
|
resource_group_name = var.resource_group
|
||||||
sku_name = "Standard"
|
sku_name = "Standard"
|
||||||
idle_timeout_in_minutes = 10
|
idle_timeout_in_minutes = 10
|
||||||
|
tags = var.additional_tags
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "azurerm_subnet_nat_gateway_association" "example" {
|
resource "azurerm_subnet_nat_gateway_association" "example" {
|
||||||
@ -137,7 +140,7 @@ resource "azurerm_lb" "loadbalancer" {
|
|||||||
location = var.location
|
location = var.location
|
||||||
resource_group_name = var.resource_group
|
resource_group_name = var.resource_group
|
||||||
sku = "Standard"
|
sku = "Standard"
|
||||||
tags = local.tags
|
tags = merge(local.tags, var.additional_tags)
|
||||||
|
|
||||||
dynamic "frontend_ip_configuration" {
|
dynamic "frontend_ip_configuration" {
|
||||||
for_each = var.internal_load_balancer ? [] : [1]
|
for_each = var.internal_load_balancer ? [] : [1]
|
||||||
@ -185,7 +188,7 @@ resource "azurerm_virtual_network" "network" {
|
|||||||
resource_group_name = var.resource_group
|
resource_group_name = var.resource_group
|
||||||
location = var.location
|
location = var.location
|
||||||
address_space = ["10.0.0.0/8"]
|
address_space = ["10.0.0.0/8"]
|
||||||
tags = local.tags
|
tags = merge(local.tags, var.additional_tags)
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "azurerm_subnet" "loadbalancer_subnet" {
|
resource "azurerm_subnet" "loadbalancer_subnet" {
|
||||||
@ -207,7 +210,7 @@ resource "azurerm_network_security_group" "security_group" {
|
|||||||
name = local.name
|
name = local.name
|
||||||
location = var.location
|
location = var.location
|
||||||
resource_group_name = var.resource_group
|
resource_group_name = var.resource_group
|
||||||
tags = local.tags
|
tags = merge(local.tags, var.additional_tags)
|
||||||
|
|
||||||
dynamic "security_rule" {
|
dynamic "security_rule" {
|
||||||
for_each = concat(
|
for_each = concat(
|
||||||
@ -237,6 +240,7 @@ module "scale_set_group" {
|
|||||||
zones = each.value.zones
|
zones = each.value.zones
|
||||||
tags = merge(
|
tags = merge(
|
||||||
local.tags,
|
local.tags,
|
||||||
|
var.additional_tags,
|
||||||
{ constellation-init-secret-hash = local.init_secret_hash },
|
{ constellation-init-secret-hash = local.init_secret_hash },
|
||||||
{ constellation-maa-url = var.create_maa ? azurerm_attestation_provider.attestation_provider[0].attestation_uri : "" },
|
{ constellation-maa-url = var.create_maa ? azurerm_attestation_provider.attestation_provider[0].attestation_uri : "" },
|
||||||
)
|
)
|
||||||
@ -272,6 +276,7 @@ module "jump_host" {
|
|||||||
subnet_id = azurerm_subnet.loadbalancer_subnet[0].id
|
subnet_id = azurerm_subnet.loadbalancer_subnet[0].id
|
||||||
ports = [for port in local.ports : port.port]
|
ports = [for port in local.ports : port.port]
|
||||||
lb_internal_ip = azurerm_lb.loadbalancer.frontend_ip_configuration[0].private_ip_address
|
lb_internal_ip = azurerm_lb.loadbalancer.frontend_ip_configuration[0].private_ip_address
|
||||||
|
tags = var.additional_tags
|
||||||
}
|
}
|
||||||
|
|
||||||
data "azurerm_subscription" "current" {
|
data "azurerm_subscription" "current" {
|
||||||
|
@ -3,6 +3,7 @@ resource "azurerm_linux_virtual_machine" "jump_host" {
|
|||||||
resource_group_name = var.resource_group
|
resource_group_name = var.resource_group
|
||||||
location = var.location
|
location = var.location
|
||||||
size = "Standard_D2as_v5"
|
size = "Standard_D2as_v5"
|
||||||
|
tags = var.tags
|
||||||
|
|
||||||
network_interface_ids = [
|
network_interface_ids = [
|
||||||
azurerm_network_interface.jump_host.id,
|
azurerm_network_interface.jump_host.id,
|
||||||
@ -63,6 +64,7 @@ resource "azurerm_network_interface" "jump_host" {
|
|||||||
name = "${var.base_name}-jump-host"
|
name = "${var.base_name}-jump-host"
|
||||||
resource_group_name = var.resource_group
|
resource_group_name = var.resource_group
|
||||||
location = var.location
|
location = var.location
|
||||||
|
tags = var.tags
|
||||||
|
|
||||||
ip_configuration {
|
ip_configuration {
|
||||||
name = "public"
|
name = "public"
|
||||||
@ -77,6 +79,7 @@ resource "azurerm_public_ip" "jump_host" {
|
|||||||
resource_group_name = var.resource_group
|
resource_group_name = var.resource_group
|
||||||
location = var.location
|
location = var.location
|
||||||
allocation_method = "Dynamic"
|
allocation_method = "Dynamic"
|
||||||
|
tags = var.tags
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "tls_private_key" "ssh_key" {
|
resource "tls_private_key" "ssh_key" {
|
||||||
|
@ -27,3 +27,8 @@ variable "location" {
|
|||||||
description = "Location to deploy the jump host into."
|
description = "Location to deploy the jump host into."
|
||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "tags" {
|
||||||
|
description = "Tags of the jump host."
|
||||||
|
type = map(any)
|
||||||
|
}
|
||||||
|
@ -23,3 +23,4 @@ variable "ports" {
|
|||||||
}))
|
}))
|
||||||
description = "Ports to add to the backend. Healtch check protocol can be either 'Tcp' or 'Https'. Path is only used for the 'Https' protocol and can otherwise be null."
|
description = "Ports to add to the backend. Healtch check protocol can be either 'Tcp' or 'Https'. Path is only used for the 'Https' protocol and can otherwise be null."
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -89,3 +89,8 @@ variable "marketplace_image" {
|
|||||||
default = null
|
default = null
|
||||||
description = "Marketplace image for the cluster's nodes."
|
description = "Marketplace image for the cluster's nodes."
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "additional_tags" {
|
||||||
|
type = map(any)
|
||||||
|
description = "Additional tags that should be applied to created resources."
|
||||||
|
}
|
||||||
|
@ -183,7 +183,7 @@ module "instance_group" {
|
|||||||
kube_env = local.kube_env
|
kube_env = local.kube_env
|
||||||
debug = var.debug
|
debug = var.debug
|
||||||
named_ports = each.value.role == "control-plane" ? local.control_plane_named_ports : []
|
named_ports = each.value.role == "control-plane" ? local.control_plane_named_ports : []
|
||||||
labels = local.labels
|
labels = merge(var.additional_labels, local.labels)
|
||||||
init_secret_hash = local.init_secret_hash
|
init_secret_hash = local.init_secret_hash
|
||||||
custom_endpoint = var.custom_endpoint
|
custom_endpoint = var.custom_endpoint
|
||||||
cc_technology = var.cc_technology
|
cc_technology = var.cc_technology
|
||||||
@ -196,6 +196,7 @@ resource "google_compute_address" "loadbalancer_ip_internal" {
|
|||||||
subnetwork = google_compute_subnetwork.ilb_subnet[0].id
|
subnetwork = google_compute_subnetwork.ilb_subnet[0].id
|
||||||
purpose = "SHARED_LOADBALANCER_VIP"
|
purpose = "SHARED_LOADBALANCER_VIP"
|
||||||
address_type = "INTERNAL"
|
address_type = "INTERNAL"
|
||||||
|
labels = var.additional_labels
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_global_address" "loadbalancer_ip" {
|
resource "google_compute_global_address" "loadbalancer_ip" {
|
||||||
@ -213,7 +214,7 @@ module "loadbalancer_public" {
|
|||||||
health_check = each.value.health_check
|
health_check = each.value.health_check
|
||||||
backend_instance_groups = local.control_plane_instance_groups
|
backend_instance_groups = local.control_plane_instance_groups
|
||||||
ip_address = google_compute_global_address.loadbalancer_ip[0].self_link
|
ip_address = google_compute_global_address.loadbalancer_ip[0].self_link
|
||||||
frontend_labels = merge(local.labels, { constellation-use = each.value.name })
|
frontend_labels = merge(local.labels, var.additional_labels, { constellation-use = each.value.name })
|
||||||
}
|
}
|
||||||
|
|
||||||
module "loadbalancer_internal" {
|
module "loadbalancer_internal" {
|
||||||
@ -225,7 +226,7 @@ module "loadbalancer_internal" {
|
|||||||
health_check = each.value.health_check
|
health_check = each.value.health_check
|
||||||
backend_instance_group = local.control_plane_instance_groups[0]
|
backend_instance_group = local.control_plane_instance_groups[0]
|
||||||
ip_address = google_compute_address.loadbalancer_ip_internal[0].self_link
|
ip_address = google_compute_address.loadbalancer_ip_internal[0].self_link
|
||||||
frontend_labels = merge(local.labels, { constellation-use = each.value.name })
|
frontend_labels = merge(local.labels, var.additional_labels, { constellation-use = each.value.name })
|
||||||
|
|
||||||
region = var.region
|
region = var.region
|
||||||
network = google_compute_network.vpc_network.id
|
network = google_compute_network.vpc_network.id
|
||||||
@ -238,7 +239,7 @@ module "jump_host" {
|
|||||||
base_name = local.name
|
base_name = local.name
|
||||||
zone = var.zone
|
zone = var.zone
|
||||||
subnetwork = google_compute_subnetwork.vpc_subnetwork.id
|
subnetwork = google_compute_subnetwork.vpc_subnetwork.id
|
||||||
labels = local.labels
|
labels = merge(local.labels, var.additional_labels)
|
||||||
lb_internal_ip = google_compute_address.loadbalancer_ip_internal[0].address
|
lb_internal_ip = google_compute_address.loadbalancer_ip_internal[0].address
|
||||||
ports = [for port in local.control_plane_named_ports : port.port]
|
ports = [for port in local.control_plane_named_ports : port.port]
|
||||||
}
|
}
|
||||||
|
@ -69,3 +69,8 @@ variable "cc_technology" {
|
|||||||
error_message = "The confidential computing technology has to be 'SEV' or 'SEV_SNP'."
|
error_message = "The confidential computing technology has to be 'SEV' or 'SEV_SNP'."
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "additional_labels" {
|
||||||
|
type = map(any)
|
||||||
|
description = "Additional labels that should be given to created recources."
|
||||||
|
}
|
||||||
|
@ -46,7 +46,7 @@ locals {
|
|||||||
])
|
])
|
||||||
cidr_vpc_subnet_nodes = "192.168.178.0/24"
|
cidr_vpc_subnet_nodes = "192.168.178.0/24"
|
||||||
cidr_vpc_subnet_lbs = "192.168.177.0/24"
|
cidr_vpc_subnet_lbs = "192.168.177.0/24"
|
||||||
tags = ["constellation-uid-${local.uid}"]
|
tags = concat(["constellation-uid-${local.uid}"], var.additional_tags)
|
||||||
identity_service = [
|
identity_service = [
|
||||||
for entry in data.openstack_identity_auth_scope_v3.scope.service_catalog :
|
for entry in data.openstack_identity_auth_scope_v3.scope.service_catalog :
|
||||||
entry if entry.type == "identity"
|
entry if entry.type == "identity"
|
||||||
|
@ -59,6 +59,11 @@ variable "floating_ip_pool_id" {
|
|||||||
description = "Pool (network name) to use for floating IPs."
|
description = "Pool (network name) to use for floating IPs."
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "additional_tags" {
|
||||||
|
type = list(any)
|
||||||
|
description = "Additional tags that should be applied to created resources."
|
||||||
|
}
|
||||||
|
|
||||||
# STACKIT-specific variables
|
# STACKIT-specific variables
|
||||||
|
|
||||||
variable "stackit_project_id" {
|
variable "stackit_project_id" {
|
||||||
|
@ -40,6 +40,7 @@ module "aws" {
|
|||||||
debug = var.debug
|
debug = var.debug
|
||||||
enable_snp = var.enable_snp
|
enable_snp = var.enable_snp
|
||||||
custom_endpoint = var.custom_endpoint
|
custom_endpoint = var.custom_endpoint
|
||||||
|
additional_tags = var.additional_tags
|
||||||
}
|
}
|
||||||
|
|
||||||
module "constellation" {
|
module "constellation" {
|
||||||
|
@ -70,3 +70,8 @@ variable "name_prefix" {
|
|||||||
type = string
|
type = string
|
||||||
description = "Prefix for all resources."
|
description = "Prefix for all resources."
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "additional_tags" {
|
||||||
|
type = map(any)
|
||||||
|
description = "Additional tags that should be applied to created resources."
|
||||||
|
}
|
||||||
|
@ -34,6 +34,7 @@ module "azure" {
|
|||||||
debug = var.debug
|
debug = var.debug
|
||||||
resource_group = module.azure_iam.base_resource_group
|
resource_group = module.azure_iam.base_resource_group
|
||||||
create_maa = var.create_maa
|
create_maa = var.create_maa
|
||||||
|
additional_tags = var.additional_tags
|
||||||
}
|
}
|
||||||
|
|
||||||
module "constellation" {
|
module "constellation" {
|
||||||
|
@ -87,3 +87,8 @@ variable "create_maa" {
|
|||||||
default = true
|
default = true
|
||||||
description = "Create an MAA for attestation."
|
description = "Create an MAA for attestation."
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "additional_tags" {
|
||||||
|
type = map(any)
|
||||||
|
description = "Additional tags that should be applied to created resources."
|
||||||
|
}
|
||||||
|
@ -32,16 +32,17 @@ module "fetch_image" {
|
|||||||
|
|
||||||
|
|
||||||
module "gcp" {
|
module "gcp" {
|
||||||
source = "../../infrastructure/gcp"
|
source = "../../infrastructure/gcp"
|
||||||
project = var.project
|
project = var.project
|
||||||
image_id = module.fetch_image.image
|
image_id = module.fetch_image.image
|
||||||
name = var.name
|
name = var.name
|
||||||
node_groups = var.node_groups
|
node_groups = var.node_groups
|
||||||
region = local.region
|
region = local.region
|
||||||
zone = var.zone
|
zone = var.zone
|
||||||
debug = var.debug
|
debug = var.debug
|
||||||
custom_endpoint = var.custom_endpoint
|
custom_endpoint = var.custom_endpoint
|
||||||
cc_technology = var.cc_technology
|
cc_technology = var.cc_technology
|
||||||
|
additional_labels = var.additional_labels
|
||||||
}
|
}
|
||||||
|
|
||||||
module "constellation" {
|
module "constellation" {
|
||||||
|
@ -79,3 +79,8 @@ variable "cc_technology" {
|
|||||||
error_message = "The confidential computing technology has to be 'SEV' or 'SEV_SNP'."
|
error_message = "The confidential computing technology has to be 'SEV' or 'SEV_SNP'."
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "additional_labels" {
|
||||||
|
type = map(any)
|
||||||
|
description = "Additional labels that should be given to created recources."
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user