terraform: Azure Marketplace image support (#2651)

* terraform: add Azure marketplace variable Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * config: add Azure marketplace variable Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: use Terraform variables from config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: pass down marketplace variable * image: pad Azure images to 1GiB * terraform: add version attribute to marketplace image * semver: allow versions to be exported without prefix * cli: boolean var to use marketplace images * config: remove dive key * dev-docs: add instructions on how to use marketplace images * terraform: fix unit test * terraform: only fetch image for non-marketplace images * mpimage: refactor image selection Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] increase minor version for image build Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: ignore changes to source_image_reference on upgrade * operator: add support for parsing Azure marketplace images Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * upgrade: fix imagefetcher call * docs: add info about azure marketplace * image: ensure more than 1GiB in size * image: test to pad to 2GiB * version: change back to v2.14.0-pre * image: GPT-conformant image size padding * [remove] increase version * mpimage: inline prefix func Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * ci: add marketplace image e2e test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register workflow * ci: fix workflow name * ci: only allow azure test * cli: add marketplace image input to interface * cli: fix argument passing * version: roll back to v2.14.0 * ci: add force-flag support * Update docs/docs/overview/license.md * Update dev-docs/workflows/marketplace-images.md Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2025-05-02 06:16:08 -04:00 · 2023-12-08 14:40:31 +01:00 · 2023-12-08 14:40:31 +01:00 · c15e4efef6
commit c15e4efef6
parent e113253262
40 changed files with 607 additions and 34 deletions
--- a/operators/constellation-node-operator/internal/cloud/azure/client/BUILD.bazel
+++ b/operators/constellation-node-operator/internal/cloud/azure/client/BUILD.bazel
@ -19,6 +19,7 @@ go_library(
    visibility = ["//operators/constellation-node-operator:__subpackages__"],
    deps = [
        "//internal/constants",
+        "//internal/mpimage",
        "//operators/constellation-node-operator/api/v1alpha1",
        "//operators/constellation-node-operator/internal/cloud/api",
        "//operators/constellation-node-operator/internal/poller",
--- a/operators/constellation-node-operator/internal/cloud/azure/client/scalinggroup.go
+++ b/operators/constellation-node-operator/internal/cloud/azure/client/scalinggroup.go
@ -14,6 +14,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
 	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
+	"github.com/edgelesssys/constellation/v2/internal/mpimage"
 	updatev1alpha1 "github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/v2/api/v1alpha1"
 	cspapi "github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/v2/internal/cloud/api"
 )
@ -47,11 +48,17 @@ func (c *Client) SetScalingGroupImage(ctx context.Context, scalingGroupID, image
 	if err != nil {
 		return err
 	}
+
+	imageRef, err := imageReferenceFromImage(imageURI)
+	if err != nil {
+		return fmt.Errorf("parsing image reference: %w", err)
+	}
+
 	poller, err := c.scaleSetsAPI.BeginUpdate(ctx, resourceGroup, scaleSet, armcompute.VirtualMachineScaleSetUpdate{
 		Properties: &armcompute.VirtualMachineScaleSetUpdateProperties{
 			VirtualMachineProfile: &armcompute.VirtualMachineScaleSetUpdateVMProfile{
 				StorageProfile: &armcompute.VirtualMachineScaleSetUpdateStorageProfile{
-					ImageReference: imageReferenceFromImage(imageURI),
+					ImageReference: imageRef,
 				},
 			},
 		},
@ -141,14 +148,28 @@ func (c *Client) ListScalingGroups(ctx context.Context, uid string) ([]cspapi.Sc
 	return results, nil
 }

-func imageReferenceFromImage(img string) *armcompute.ImageReference {
+func imageReferenceFromImage(img string) (*armcompute.ImageReference, error) {
 	ref := &armcompute.ImageReference{}

+	marketplaceImage, err := mpimage.NewFromURI(img)
+	if err == nil {
+		// expecting image to be an azure marketplace image
+		if azureMarketplaceImage, ok := marketplaceImage.(mpimage.AzureMarketplaceImage); ok {
+			ref.Publisher = to.Ptr(azureMarketplaceImage.Publisher)
+			ref.Offer = to.Ptr(azureMarketplaceImage.Offer)
+			ref.SKU = to.Ptr(azureMarketplaceImage.SKU)
+			ref.Version = to.Ptr(azureMarketplaceImage.Version)
+			return ref, nil
+		}
+		return nil, fmt.Errorf("marketplace image csp is unsupported: %s", img)
+	}
+
+	// expecting image to not be a marketplace image
 	if strings.HasPrefix(img, "/CommunityGalleries") {
 		ref.CommunityGalleryImageID = to.Ptr(img)
 	} else {
 		ref.ID = to.Ptr(img)
 	}

-	return ref
+	return ref, nil
 }
--- a/operators/constellation-node-operator/internal/cloud/azure/client/scalinggroup_test.go
+++ b/operators/constellation-node-operator/internal/cloud/azure/client/scalinggroup_test.go
@ -289,27 +289,41 @@ func TestImageReferenceFromImage(t *testing.T) {
 		img             string
 		wantID          *string
 		wantCommunityID *string
+		wantPublisher   *string
+		wantOffer       *string
+		wantSKU         *string
+		wantVersion     *string
 	}{
 		"ID": {
-			img:             "/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/1.5.0",
-			wantID:          to.Ptr("/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/1.5.0"),
-			wantCommunityID: nil,
+			img:    "/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/1.5.0",
+			wantID: to.Ptr("/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/1.5.0"),
 		},
 		"Community": {
 			img:             "/CommunityGalleries/ConstellationCVM-728bd310-e898-4450-a1ed-21cf2fb0d735/Images/feat-azure-cvm-sharing/Versions/2022.0826.084922",
-			wantID:          nil,
 			wantCommunityID: to.Ptr("/CommunityGalleries/ConstellationCVM-728bd310-e898-4450-a1ed-21cf2fb0d735/Images/feat-azure-cvm-sharing/Versions/2022.0826.084922"),
 		},
+		"Marketplace": {
+			img:           "constellation-marketplace-image://Azure?offer=constellation&publisher=edgelesssystems&sku=constellation&version=1.2.3",
+			wantPublisher: to.Ptr("edgelesssystems"),
+			wantOffer:     to.Ptr("constellation"),
+			wantSKU:       to.Ptr("constellation"),
+			wantVersion:   to.Ptr("1.2.3"),
+		},
 	}

 	for name, tc := range testCases {
 		t.Run(name, func(t *testing.T) {
 			assert := assert.New(t)

-			ref := imageReferenceFromImage(tc.img)
+			ref, err := imageReferenceFromImage(tc.img)
+			assert.NoError(err)

 			assert.Equal(tc.wantID, ref.ID)
 			assert.Equal(tc.wantCommunityID, ref.CommunityGalleryImageID)
+			assert.Equal(tc.wantPublisher, ref.Publisher)
+			assert.Equal(tc.wantOffer, ref.Offer)
+			assert.Equal(tc.wantSKU, ref.SKU)
+			assert.Equal(tc.wantVersion, ref.Version)
 		})
 	}
 }