terraform: Azure Marketplace image support (#2651)

* terraform: add Azure marketplace variable Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * config: add Azure marketplace variable Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: use Terraform variables from config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: pass down marketplace variable * image: pad Azure images to 1GiB * terraform: add version attribute to marketplace image * semver: allow versions to be exported without prefix * cli: boolean var to use marketplace images * config: remove dive key * dev-docs: add instructions on how to use marketplace images * terraform: fix unit test * terraform: only fetch image for non-marketplace images * mpimage: refactor image selection Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] increase minor version for image build Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: ignore changes to source_image_reference on upgrade * operator: add support for parsing Azure marketplace images Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * upgrade: fix imagefetcher call * docs: add info about azure marketplace * image: ensure more than 1GiB in size * image: test to pad to 2GiB * version: change back to v2.14.0-pre * image: GPT-conformant image size padding * [remove] increase version * mpimage: inline prefix func Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * ci: add marketplace image e2e test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register workflow * ci: fix workflow name * ci: only allow azure test * cli: add marketplace image input to interface * cli: fix argument passing * version: roll back to v2.14.0 * ci: add force-flag support * Update docs/docs/overview/license.md * Update dev-docs/workflows/marketplace-images.md Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2025-05-04 07:15:05 -04:00 · 2023-12-08 14:40:31 +01:00 · 2023-12-08 14:40:31 +01:00 · c15e4efef6
commit c15e4efef6
parent e113253262
40 changed files with 607 additions and 34 deletions
--- a/cli/internal/cloudcmd/tfvars.go
+++ b/cli/internal/cloudcmd/tfvars.go
@ -24,6 +24,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/file"
+	"github.com/edgelesssys/constellation/v2/internal/mpimage"
 	"github.com/edgelesssys/constellation/v2/internal/role"
 )

@ -127,7 +128,7 @@ func normalizeAzureURIs(vars *terraform.AzureClusterVariables) *terraform.AzureC

 // azureTerraformVars provides variables required to execute the Terraform scripts.
 // It should be the only place to declare the Azure variables.
-func azureTerraformVars(conf *config.Config, imageRef string) *terraform.AzureClusterVariables {
+func azureTerraformVars(conf *config.Config, imageRef string) (*terraform.AzureClusterVariables, error) {
 	nodeGroups := make(map[string]terraform.AzureNodeGroup)
 	for groupName, group := range conf.NodeGroups {
 		zones := strings.Split(group.Zone, ",")
@ -147,7 +148,6 @@ func azureTerraformVars(conf *config.Config, imageRef string) *terraform.AzureCl
 		Name:                 conf.Name,
 		NodeGroups:           nodeGroups,
 		Location:             conf.Provider.Azure.Location,
-		ImageID:              imageRef,
 		CreateMAA:            toPtr(conf.GetAttestationConfig().GetVariant().Equal(variant.AzureSEVSNP{})),
 		Debug:                toPtr(conf.IsDebugCluster()),
 		ConfidentialVM:       toPtr(conf.GetAttestationConfig().GetVariant().Equal(variant.AzureSEVSNP{})),
@ -158,8 +158,31 @@ func azureTerraformVars(conf *config.Config, imageRef string) *terraform.AzureCl
 		InternalLoadBalancer: conf.InternalLoadBalancer,
 	}

+	if conf.UseMarketplaceImage() {
+		image, err := mpimage.NewFromURI(imageRef)
+		if err != nil {
+			return nil, fmt.Errorf("parsing marketplace image URI: %w", err)
+		}
+
+		azureImage, ok := image.(mpimage.AzureMarketplaceImage)
+		if !ok {
+			return nil, fmt.Errorf("expected Azure marketplace image, got %T", image)
+		}
+
+		// If a marketplace image is used, only the marketplace reference is required.
+		vars.MarketplaceImage = terraform.AzureMarketplaceImageVariables{
+			Publisher: azureImage.Publisher,
+			Product:   azureImage.Offer,
+			Name:      azureImage.SKU,
+			Version:   azureImage.Version,
+		}
+	} else {
+		// If not, we need to specify the exact CommunityGalleries/.. image reference.
+		vars.ImageID = imageRef
+	}
+
 	vars = normalizeAzureURIs(vars)
-	return vars
+	return vars, nil
 }

 func azureTerraformIAMVars(conf *config.Config, oldVars terraform.AzureIAMVariables) *terraform.AzureIAMVariables {