constellation-lib: add Helm wrapper (#2680)

* Add Helm wrapper to constellation-lib
* Move helm package to constellation-lib

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

internal/constellation/BUILD.bazel

@@ -7,6 +7,7 @@ go_library(
         "apply.go",
         "applyinit.go",
         "constellation.go",
+        "helm.go",
         "kubernetes.go",
     ],
     importpath = "github.com/edgelesssys/constellation/v2/internal/constellation",
@@ -18,13 +19,13 @@ go_library(
         "//internal/cloud/cloudprovider",
         "//internal/config",
         "//internal/constants",
+        "//internal/constellation/helm",
         "//internal/constellation/kubecmd",
         "//internal/crypto",
         "//internal/file",
         "//internal/grpc/dialer",
         "//internal/grpc/grpclog",
         "//internal/grpc/retry",
-        "//internal/helm",
         "//internal/kms/uri",
         "//internal/license",
         "//internal/retry",

internal/constellation/apply.go

@@ -11,20 +11,13 @@ import (
 	"fmt"
 
 	"github.com/edgelesssys/constellation/v2/internal/atls"
-	"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
-	"github.com/edgelesssys/constellation/v2/internal/config"
+	"github.com/edgelesssys/constellation/v2/internal/constellation/helm"
 	"github.com/edgelesssys/constellation/v2/internal/constellation/kubecmd"
 	"github.com/edgelesssys/constellation/v2/internal/crypto"
-	"github.com/edgelesssys/constellation/v2/internal/file"
 	"github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
-	"github.com/edgelesssys/constellation/v2/internal/helm"
 	"github.com/edgelesssys/constellation/v2/internal/kms/uri"
 	"github.com/edgelesssys/constellation/v2/internal/license"
-	"github.com/edgelesssys/constellation/v2/internal/semver"
-	"github.com/edgelesssys/constellation/v2/internal/state"
-	"github.com/edgelesssys/constellation/v2/internal/versions"
-	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 )
 
 // An Applier handles applying a specific configuration to a Constellation cluster
@@ -120,21 +113,3 @@ func (a *Applier) GenerateMeasurementSalt() ([]byte, error) {
 	a.log.Debugf("Generated measurement salt")
 	return measurementSalt, nil
 }
-
-type helmApplier interface {
-	PrepareApply(
-		csp cloudprovider.Provider, attestationVariant variant.Variant, k8sVersion versions.ValidK8sVersion, microserviceVersion semver.Semver, stateFile *state.State,
-		flags helm.Options, serviceAccURI string, masterSecret uri.MasterSecret, openStackCfg *config.OpenStackConfig,
-	) (
-		helm.Applier, bool, error)
-}
-
-type kubecmdClient interface {
-	UpgradeNodeImage(ctx context.Context, imageVersion semver.Semver, imageReference string, force bool) error
-	UpgradeKubernetesVersion(ctx context.Context, kubernetesVersion versions.ValidK8sVersion, force bool) error
-	ExtendClusterConfigCertSANs(ctx context.Context, alternativeNames []string) error
-	GetClusterAttestationConfig(ctx context.Context, variant variant.Variant) (config.AttestationCfg, error)
-	ApplyJoinConfig(ctx context.Context, newAttestConfig config.AttestationCfg, measurementSalt []byte) error
-	BackupCRs(ctx context.Context, fileHandler file.Handler, crds []apiextensionsv1.CustomResourceDefinition, upgradeDir string) error
-	BackupCRDs(ctx context.Context, fileHandler file.Handler, upgradeDir string) ([]apiextensionsv1.CustomResourceDefinition, error)
-}

internal/constellation/helm.go

@@ -0,0 +1,34 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+package constellation
+
+import (
+	"errors"
+
+	"github.com/edgelesssys/constellation/v2/internal/config"
+	"github.com/edgelesssys/constellation/v2/internal/constellation/helm"
+	"github.com/edgelesssys/constellation/v2/internal/kms/uri"
+	"github.com/edgelesssys/constellation/v2/internal/state"
+)
+
+// PrepareHelmCharts loads Helm charts for Constellation and returns an executor to apply them.
+func (a *Applier) PrepareHelmCharts(
+	flags helm.Options, state *state.State, serviceAccURI string, masterSecret uri.MasterSecret, openStackCfg *config.OpenStackConfig,
+) (helm.Applier, bool, error) {
+	if a.helmClient == nil {
+		return nil, false, errors.New("helm client not initialized")
+	}
+
+	return a.helmClient.PrepareApply(flags, state, serviceAccURI, masterSecret, openStackCfg)
+}
+
+type helmApplier interface {
+	PrepareApply(
+		flags helm.Options, stateFile *state.State, serviceAccURI string, masterSecret uri.MasterSecret, openStackCfg *config.OpenStackConfig,
+	) (
+		helm.Applier, bool, error)
+}

internal/constellation/helm/BUILD.bazel

@@ -454,7 +454,7 @@ go_library(
         "charts/cilium/templates/spire/server/serviceaccount.yaml",
         "charts/cilium/templates/spire/server/statefulset.yaml",
     ],
-    importpath = "github.com/edgelesssys/constellation/v2/internal/helm",
+    importpath = "github.com/edgelesssys/constellation/v2/internal/constellation/helm",
     visibility = ["//:__subpackages__"],
     deps = [
         "//internal/attestation/variant",
@@ -465,8 +465,8 @@ go_library(
         "//internal/compatibility",
         "//internal/config",
         "//internal/constants",
+        "//internal/constellation/helm/imageversion",
         "//internal/file",
-        "//internal/helm/imageversion",
         "//internal/kms/uri",
         "//internal/kubernetes/kubectl",
         "//internal/retry",