Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-06-07 14:12:57 -04:00
Code Issues Projects Releases Packages Wiki Activity

ref: decouple helm from config (#2669)

Browse source
This commit is contained in:
Adrian Stobbe 2023-12-01 12:51:51 +01:00 committed by GitHub
parent 8532d1ff02
commit c2d1a7b7fb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 73 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

7
cli/internal/cmd/applyhelm.go
View file

@ -34,6 +34,7 @@ func (a *applyCmd) runHelmApply(
} }
options := helm.Options{ options := helm.Options{
DeployCSIDriver: conf.DeployCSIDriver(),
Force: a.flags.force, Force: a.flags.force,
Conformance: a.flags.conformance, Conformance: a.flags.conformance,
HelmWaitMode: a.flags.helmWaitMode, HelmWaitMode: a.flags.helmWaitMode,
@ -52,7 +53,8 @@ func (a *applyCmd) runHelmApply(
} }
a.log.Debugf("Preparing Helm charts") a.log.Debugf("Preparing Helm charts")
executor, includesUpgrades, err := helmApplier.PrepareApply(conf, stateFile, options, serviceAccURI, masterSecret) executor, includesUpgrades, err := helmApplier.PrepareApply(conf.GetProvider(), conf.GetAttestationConfig().GetVariant(),
conf.KubernetesVersion, conf.MicroserviceVersion, stateFile, options, serviceAccURI, masterSecret, conf.Provider.OpenStack)
if errors.Is(err, helm.ErrConfirmationMissing) { if errors.Is(err, helm.ErrConfirmationMissing) {
if !a.flags.yes { if !a.flags.yes {
cmd.PrintErrln("WARNING: Upgrading cert-manager will destroy all custom resources you have manually created that are based on the current version of cert-manager.") cmd.PrintErrln("WARNING: Upgrading cert-manager will destroy all custom resources you have manually created that are based on the current version of cert-manager.")
@ -66,7 +68,8 @@ func (a *applyCmd) runHelmApply(
} }
} }
options.AllowDestructive = helm.AllowDestructive options.AllowDestructive = helm.AllowDestructive
executor, includesUpgrades, err = helmApplier.PrepareApply(conf, stateFile, options, serviceAccURI, masterSecret) executor, includesUpgrades, err = helmApplier.PrepareApply(conf.GetProvider(), conf.GetAttestationConfig().GetVariant(),
conf.KubernetesVersion, conf.MicroserviceVersion, stateFile, options, serviceAccURI, masterSecret, conf.Provider.OpenStack)
} }
var upgradeErr *compatibility.InvalidUpgradeError var upgradeErr *compatibility.InvalidUpgradeError
if err != nil { if err != nil {

10
cli/internal/cmd/init.go
View file

@ -23,13 +23,17 @@ import (
"sigs.k8s.io/yaml" "sigs.k8s.io/yaml"
"github.com/edgelesssys/constellation/v2/bootstrapper/initproto" "github.com/edgelesssys/constellation/v2/bootstrapper/initproto"
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
"github.com/edgelesssys/constellation/v2/internal/config" "github.com/edgelesssys/constellation/v2/internal/config"
"github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/grpc/grpclog" "github.com/edgelesssys/constellation/v2/internal/grpc/grpclog"
"github.com/edgelesssys/constellation/v2/internal/helm" "github.com/edgelesssys/constellation/v2/internal/helm"
"github.com/edgelesssys/constellation/v2/internal/kms/uri" "github.com/edgelesssys/constellation/v2/internal/kms/uri"
"github.com/edgelesssys/constellation/v2/internal/semver"
"github.com/edgelesssys/constellation/v2/internal/state" "github.com/edgelesssys/constellation/v2/internal/state"
"github.com/edgelesssys/constellation/v2/internal/versions"
) )
// NewInitCmd returns a new cobra.Command for the init command. // NewInitCmd returns a new cobra.Command for the init command.
@ -270,7 +274,9 @@ func (e *nonRetriableError) Unwrap() error {
} }
type helmApplier interface { type helmApplier interface {
PrepareApply(conf *config.Config, stateFile *state.State, PrepareApply(
flags helm.Options, serviceAccURI string, masterSecret uri.MasterSecret) ( csp cloudprovider.Provider, attestationVariant variant.Variant, k8sVersion versions.ValidK8sVersion, microserviceVersion semver.Semver, stateFile *state.State,
flags helm.Options, serviceAccURI string, masterSecret uri.MasterSecret, openStackCfg *config.OpenStackConfig,
) (
helm.Applier, bool, error) helm.Applier, bool, error)
} }

2
cli/internal/cmd/init_test.go
View file

@ -313,7 +313,7 @@ type stubApplier struct {
err error err error
} }
func (s stubApplier) PrepareApply(_ *config.Config, _ *state.State, _ helm.Options, _ string, _ uri.MasterSecret) (helm.Applier, bool, error) { func (s stubApplier) PrepareApply(_ cloudprovider.Provider, _ variant.Variant, _ versions.ValidK8sVersion, _ semver.Semver, _ *state.State, _ helm.Options, _ string, _ uri.MasterSecret, _ *config.OpenStackConfig) (helm.Applier, bool, error) {
return stubRunner{}, false, s.err return stubRunner{}, false, s.err
} }

6
cli/internal/cmd/upgradeapply_test.go
View file

@ -361,9 +361,9 @@ type mockApplier struct {
mock.Mock mock.Mock
} }
func (m *mockApplier) PrepareApply(cfg *config.Config, stateFile *state.State, func (m *mockApplier) PrepareApply(csp cloudprovider.Provider, variant variant.Variant, k8sVersion versions.ValidK8sVersion, microserviceVersion semver.Semver, stateFile *state.State,
helmOpts helm.Options, str string, masterSecret uri.MasterSecret, helmOpts helm.Options, str string, masterSecret uri.MasterSecret, openStackCfg *config.OpenStackConfig,
) (helm.Applier, bool, error) { ) (helm.Applier, bool, error) {
args := m.Called(cfg, stateFile, helmOpts, str, masterSecret) args := m.Called(csp, variant, k8sVersion, microserviceVersion, stateFile, helmOpts, str, masterSecret, openStackCfg)
return args.Get(0).(helm.Applier), args.Bool(1), args.Error(2) return args.Get(0).(helm.Applier), args.Bool(1), args.Error(2)
} }

3
internal/helm/BUILD.bazel
View file

@ -457,6 +457,7 @@ go_library(
importpath = "github.com/edgelesssys/constellation/v2/internal/helm", importpath = "github.com/edgelesssys/constellation/v2/internal/helm",
visibility = ["//:__subpackages__"], visibility = ["//:__subpackages__"],
deps = [ deps = [
"//internal/attestation/variant",
"//internal/cloud/azureshared", "//internal/cloud/azureshared",
"//internal/cloud/cloudprovider", "//internal/cloud/cloudprovider",
"//internal/cloud/gcpshared", "//internal/cloud/gcpshared",
@ -501,6 +502,7 @@ go_test(
embed = [":helm"], embed = [":helm"],
deps = [ deps = [
"//internal/attestation/measurements", "//internal/attestation/measurements",
"//internal/attestation/variant",
"//internal/cloud/azureshared", "//internal/cloud/azureshared",
"//internal/cloud/cloudprovider", "//internal/cloud/cloudprovider",
"//internal/cloud/gcpshared", "//internal/cloud/gcpshared",
@ -510,6 +512,7 @@ go_test(
"//internal/logger", "//internal/logger",
"//internal/semver", "//internal/semver",
"//internal/state", "//internal/state",
"//internal/versions",
"@com_github_pkg_errors//:errors", "@com_github_pkg_errors//:errors",
"@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//assert",
"@com_github_stretchr_testify//mock", "@com_github_stretchr_testify//mock",

22
internal/helm/helm.go
View file

@ -33,6 +33,8 @@ import (
"fmt" "fmt"
"time" "time"
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
"github.com/edgelesssys/constellation/v2/internal/config" "github.com/edgelesssys/constellation/v2/internal/config"
"github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/file"
@ -40,6 +42,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/kubernetes/kubectl" "github.com/edgelesssys/constellation/v2/internal/kubernetes/kubectl"
"github.com/edgelesssys/constellation/v2/internal/semver" "github.com/edgelesssys/constellation/v2/internal/semver"
"github.com/edgelesssys/constellation/v2/internal/state" "github.com/edgelesssys/constellation/v2/internal/state"
"github.com/edgelesssys/constellation/v2/internal/versions"
) )
const ( const (
@ -80,36 +83,37 @@ func NewClient(kubeConfig []byte, log debugLog) (*Client, error) {
type Options struct { type Options struct {
Conformance bool Conformance bool
HelmWaitMode WaitMode HelmWaitMode WaitMode
DeployCSIDriver bool
AllowDestructive bool AllowDestructive bool
Force bool Force bool
ApplyTimeout time.Duration ApplyTimeout time.Duration
} }
// PrepareApply loads the charts and returns the executor to apply them. // PrepareApply loads the charts and returns the executor to apply them.
// TODO(elchead): remove validK8sVersion by putting ValidK8sVersion into config.Config, see AB#3374.
func (h Client) PrepareApply( func (h Client) PrepareApply(
conf *config.Config, stateFile *state.State, csp cloudprovider.Provider, attestationVariant variant.Variant, k8sVersion versions.ValidK8sVersion,
flags Options, serviceAccURI string, masterSecret uri.MasterSecret, microserviceVersion semver.Semver, stateFile *state.State, flags Options, serviceAccURI string,
masterSecret uri.MasterSecret, openStackCfg *config.OpenStackConfig,
) (Applier, bool, error) { ) (Applier, bool, error) {
releases, err := h.loadReleases(conf, masterSecret, stateFile, flags, serviceAccURI) releases, err := h.loadReleases(csp, attestationVariant, k8sVersion, masterSecret, stateFile, flags, serviceAccURI, openStackCfg)
if err != nil { if err != nil {
return nil, false, fmt.Errorf("loading Helm releases: %w", err) return nil, false, fmt.Errorf("loading Helm releases: %w", err)
} }
h.log.Debugf("Loaded Helm releases") h.log.Debugf("Loaded Helm releases")
actions, includesUpgrades, err := h.factory.GetActions( actions, includesUpgrades, err := h.factory.GetActions(
releases, conf.MicroserviceVersion, flags.Force, flags.AllowDestructive, flags.ApplyTimeout, releases, microserviceVersion, flags.Force, flags.AllowDestructive, flags.ApplyTimeout,
) )
return &ChartApplyExecutor{actions: actions, log: h.log}, includesUpgrades, err return &ChartApplyExecutor{actions: actions, log: h.log}, includesUpgrades, err
} }
func (h Client) loadReleases( func (h Client) loadReleases(
conf *config.Config, secret uri.MasterSecret, csp cloudprovider.Provider, attestationVariant variant.Variant, k8sVersion versions.ValidK8sVersion, secret uri.MasterSecret,
stateFile *state.State, flags Options, serviceAccURI string, stateFile *state.State, flags Options, serviceAccURI string, openStackCfg *config.OpenStackConfig,
) ([]release, error) { ) ([]release, error) {
helmLoader := newLoader(conf, stateFile, h.cliVersion) helmLoader := newLoader(csp, attestationVariant, k8sVersion, stateFile, h.cliVersion)
h.log.Debugf("Created new Helm loader") h.log.Debugf("Created new Helm loader")
return helmLoader.loadReleases(flags.Conformance, flags.HelmWaitMode, secret, serviceAccURI) return helmLoader.loadReleases(flags.Conformance, flags.DeployCSIDriver, flags.HelmWaitMode, secret, serviceAccURI, openStackCfg)
} }
// Applier runs the Helm actions. // Applier runs the Helm actions.

12
internal/helm/helm_test.go
View file

@ -10,13 +10,14 @@ import (
"errors" "errors"
"testing" "testing"
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
"github.com/edgelesssys/constellation/v2/internal/compatibility" "github.com/edgelesssys/constellation/v2/internal/compatibility"
"github.com/edgelesssys/constellation/v2/internal/config"
"github.com/edgelesssys/constellation/v2/internal/kms/uri" "github.com/edgelesssys/constellation/v2/internal/kms/uri"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/semver" "github.com/edgelesssys/constellation/v2/internal/semver"
"github.com/edgelesssys/constellation/v2/internal/state" "github.com/edgelesssys/constellation/v2/internal/state"
"github.com/edgelesssys/constellation/v2/internal/versions"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock" "github.com/stretchr/testify/mock"
"helm.sh/helm/v3/pkg/action" "helm.sh/helm/v3/pkg/action"
@ -121,6 +122,7 @@ func TestMergeMaps(t *testing.T) {
func TestHelmApply(t *testing.T) { func TestHelmApply(t *testing.T) {
cliVersion := semver.NewFromInt(1, 99, 0, "") cliVersion := semver.NewFromInt(1, 99, 0, "")
csp := cloudprovider.AWS // using AWS since it has an additional chart: aws-load-balancer-controller csp := cloudprovider.AWS // using AWS since it has an additional chart: aws-load-balancer-controller
attestationVariant := variant.AWSSEVSNP{}
microserviceCharts := []string{ microserviceCharts := []string{
"constellation-services", "constellation-services",
"constellation-operators", "constellation-operators",
@ -171,11 +173,9 @@ func TestHelmApply(t *testing.T) {
}, },
} }
cfg := config.Default()
cfg.RemoveProviderAndAttestationExcept(csp)
cfg.MicroserviceVersion = cliVersion
log := logger.NewTest(t) log := logger.NewTest(t)
options := Options{ options := Options{
DeployCSIDriver: true,
Conformance: false, Conformance: false,
HelmWaitMode: WaitModeWait, HelmWaitMode: WaitModeWait,
AllowDestructive: true, AllowDestructive: true,
@ -206,12 +206,12 @@ func TestHelmApply(t *testing.T) {
helmListVersion(lister, "aws-load-balancer-controller", awsLbVersion) helmListVersion(lister, "aws-load-balancer-controller", awsLbVersion)
options.AllowDestructive = tc.allowDestructive options.AllowDestructive = tc.allowDestructive
ex, includesUpgrade, err := sut.PrepareApply(cfg, ex, includesUpgrade, err := sut.PrepareApply(csp, attestationVariant, versions.Default, cliVersion,
state.New(). state.New().
SetInfrastructure(state.Infrastructure{UID: "testuid"}). SetInfrastructure(state.Infrastructure{UID: "testuid"}).
SetClusterValues(state.ClusterValues{MeasurementSalt: []byte{0x41}}), SetClusterValues(state.ClusterValues{MeasurementSalt: []byte{0x41}}),
options, fakeServiceAccURI(csp), options, fakeServiceAccURI(csp),
uri.MasterSecret{Key: []byte("secret"), Salt: []byte("masterSalt")}) uri.MasterSecret{Key: []byte("secret"), Salt: []byte("masterSalt")}, nil)
var upgradeErr *compatibility.InvalidUpgradeError var upgradeErr *compatibility.InvalidUpgradeError
if tc.expectError { if tc.expectError {
assert.Error(t, err) assert.Error(t, err)

24
internal/helm/loader.go
View file

@ -19,6 +19,7 @@ import (
"helm.sh/helm/v3/pkg/chart" "helm.sh/helm/v3/pkg/chart"
"helm.sh/helm/v3/pkg/chart/loader" "helm.sh/helm/v3/pkg/chart/loader"
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
"github.com/edgelesssys/constellation/v2/internal/config" "github.com/edgelesssys/constellation/v2/internal/config"
"github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/constants"
@ -59,7 +60,7 @@ var (
// chartLoader loads embedded helm charts. // chartLoader loads embedded helm charts.
type chartLoader struct { type chartLoader struct {
csp cloudprovider.Provider csp cloudprovider.Provider
config *config.Config attestationVariant variant.Variant
joinServiceImage string joinServiceImage string
keyServiceImage string keyServiceImage string
ccmImage string // cloud controller manager image ccmImage string // cloud controller manager image
@ -76,12 +77,10 @@ type chartLoader struct {
} }
// newLoader creates a new ChartLoader. // newLoader creates a new ChartLoader.
func newLoader(config *config.Config, stateFile *state.State, cliVersion semver.Semver) *chartLoader { func newLoader(csp cloudprovider.Provider, attestationVariant variant.Variant, k8sVersion versions.ValidK8sVersion, stateFile *state.State, cliVersion semver.Semver) *chartLoader {
// TODO(malt3): Allow overriding container image registry + prefix for all images // TODO(malt3): Allow overriding container image registry + prefix for all images
// (e.g. for air-gapped environments). // (e.g. for air-gapped environments).
var ccmImage, cnmImage string var ccmImage, cnmImage string
csp := config.GetProvider()
k8sVersion := config.KubernetesVersion
switch csp { switch csp {
case cloudprovider.AWS: case cloudprovider.AWS:
ccmImage = versions.VersionConfigs[k8sVersion].CloudControllerManagerImageAWS ccmImage = versions.VersionConfigs[k8sVersion].CloudControllerManagerImageAWS
@ -96,10 +95,10 @@ func newLoader(config *config.Config, stateFile *state.State, cliVersion semver.
return &chartLoader{ return &chartLoader{
cliVersion: cliVersion, cliVersion: cliVersion,
csp: csp, csp: csp,
attestationVariant: attestationVariant,
stateFile: stateFile, stateFile: stateFile,
ccmImage: ccmImage, ccmImage: ccmImage,
azureCNMImage: cnmImage, azureCNMImage: cnmImage,
config: config,
joinServiceImage: imageversion.JoinService("", ""), joinServiceImage: imageversion.JoinService("", ""),
keyServiceImage: imageversion.KeyService("", ""), keyServiceImage: imageversion.KeyService("", ""),
autoscalerImage: versions.VersionConfigs[k8sVersion].ClusterAutoscalerImage, autoscalerImage: versions.VersionConfigs[k8sVersion].ClusterAutoscalerImage,
@ -118,14 +117,14 @@ func newLoader(config *config.Config, stateFile *state.State, cliVersion semver.
type releaseApplyOrder []release type releaseApplyOrder []release
// loadReleases loads the embedded helm charts and returns them as a HelmReleases object. // loadReleases loads the embedded helm charts and returns them as a HelmReleases object.
func (i *chartLoader) loadReleases(conformanceMode bool, helmWaitMode WaitMode, masterSecret uri.MasterSecret, func (i *chartLoader) loadReleases(conformanceMode, deployCSIDriver bool, helmWaitMode WaitMode, masterSecret uri.MasterSecret,
serviceAccURI string, serviceAccURI string, openStackCfg *config.OpenStackConfig,
) (releaseApplyOrder, error) { ) (releaseApplyOrder, error) {
ciliumRelease, err := i.loadRelease(ciliumInfo, helmWaitMode) ciliumRelease, err := i.loadRelease(ciliumInfo, helmWaitMode)
if err != nil { if err != nil {
return nil, fmt.Errorf("loading cilium: %w", err) return nil, fmt.Errorf("loading cilium: %w", err)
} }
ciliumVals := extraCiliumValues(i.config.GetProvider(), conformanceMode, i.stateFile.Infrastructure) ciliumVals := extraCiliumValues(i.csp, conformanceMode, i.stateFile.Infrastructure)
ciliumRelease.values = mergeMaps(ciliumRelease.values, ciliumVals) ciliumRelease.values = mergeMaps(ciliumRelease.values, ciliumVals)
certManagerRelease, err := i.loadRelease(certManagerInfo, helmWaitMode) certManagerRelease, err := i.loadRelease(certManagerInfo, helmWaitMode)
@ -144,26 +143,27 @@ func (i *chartLoader) loadReleases(conformanceMode bool, helmWaitMode WaitMode,
return nil, fmt.Errorf("loading constellation-services: %w", err) return nil, fmt.Errorf("loading constellation-services: %w", err)
} }
svcVals, err := extraConstellationServicesValues(i.config, masterSecret, serviceAccURI, i.stateFile.Infrastructure) svcVals, err := extraConstellationServicesValues(i.csp, i.attestationVariant, masterSecret,
serviceAccURI, i.stateFile.Infrastructure, openStackCfg)
if err != nil { if err != nil {
return nil, fmt.Errorf("extending constellation-services values: %w", err) return nil, fmt.Errorf("extending constellation-services values: %w", err)
} }
conServicesRelease.values = mergeMaps(conServicesRelease.values, svcVals) conServicesRelease.values = mergeMaps(conServicesRelease.values, svcVals)
releases := releaseApplyOrder{ciliumRelease, conServicesRelease, certManagerRelease} releases := releaseApplyOrder{ciliumRelease, conServicesRelease, certManagerRelease}
if i.config.DeployCSIDriver() { if deployCSIDriver {
csiRelease, err := i.loadRelease(csiInfo, helmWaitMode) csiRelease, err := i.loadRelease(csiInfo, helmWaitMode)
if err != nil { if err != nil {
return nil, fmt.Errorf("loading snapshot CRDs: %w", err) return nil, fmt.Errorf("loading snapshot CRDs: %w", err)
} }
extraCSIvals, err := extraCSIValues(i.config.GetProvider(), serviceAccURI) extraCSIvals, err := extraCSIValues(i.csp, serviceAccURI)
if err != nil { if err != nil {
return nil, fmt.Errorf("extending CSI values: %w", err) return nil, fmt.Errorf("extending CSI values: %w", err)
} }
csiRelease.values = mergeMaps(csiRelease.values, extraCSIvals) csiRelease.values = mergeMaps(csiRelease.values, extraCSIvals)
releases = append(releases, csiRelease) releases = append(releases, csiRelease)
} }
if i.config.HasProvider(cloudprovider.AWS) { if i.csp == cloudprovider.AWS {
awsRelease, err := i.loadRelease(awsLBControllerInfo, helmWaitMode) awsRelease, err := i.loadRelease(awsLBControllerInfo, helmWaitMode)
if err != nil { if err != nil {
return nil, fmt.Errorf("loading aws-services: %w", err) return nil, fmt.Errorf("loading aws-services: %w", err)

14
internal/helm/loader_test.go
View file

@ -23,6 +23,7 @@ import (
"helm.sh/helm/v3/pkg/engine" "helm.sh/helm/v3/pkg/engine"
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
"github.com/edgelesssys/constellation/v2/internal/cloud/azureshared" "github.com/edgelesssys/constellation/v2/internal/cloud/azureshared"
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
"github.com/edgelesssys/constellation/v2/internal/cloud/gcpshared" "github.com/edgelesssys/constellation/v2/internal/cloud/gcpshared"
@ -30,6 +31,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/kms/uri" "github.com/edgelesssys/constellation/v2/internal/kms/uri"
"github.com/edgelesssys/constellation/v2/internal/semver" "github.com/edgelesssys/constellation/v2/internal/semver"
"github.com/edgelesssys/constellation/v2/internal/state" "github.com/edgelesssys/constellation/v2/internal/state"
"github.com/edgelesssys/constellation/v2/internal/versions"
) )
func fakeServiceAccURI(provider cloudprovider.Provider) string { func fakeServiceAccURI(provider cloudprovider.Provider) string {
@ -64,9 +66,8 @@ func fakeServiceAccURI(provider cloudprovider.Provider) string {
func TestLoadReleases(t *testing.T) { func TestLoadReleases(t *testing.T) {
assert := assert.New(t) assert := assert.New(t)
require := require.New(t) require := require.New(t)
config := &config.Config{Provider: config.ProviderConfig{GCP: &config.GCPConfig{}}}
chartLoader := newLoader( chartLoader := newLoader(
config, cloudprovider.GCP, variant.GCPSEVES{}, versions.Default,
state.New(). state.New().
SetInfrastructure(state.Infrastructure{ SetInfrastructure(state.Infrastructure{
GCP: &state.GCP{ GCP: &state.GCP{
@ -78,9 +79,9 @@ func TestLoadReleases(t *testing.T) {
semver.NewFromInt(2, 10, 0, ""), semver.NewFromInt(2, 10, 0, ""),
) )
helmReleases, err := chartLoader.loadReleases( helmReleases, err := chartLoader.loadReleases(
true, WaitModeAtomic, true, false, WaitModeAtomic,
uri.MasterSecret{Key: []byte("secret"), Salt: []byte("masterSalt")}, uri.MasterSecret{Key: []byte("secret"), Salt: []byte("masterSalt")},
fakeServiceAccURI(cloudprovider.GCP), fakeServiceAccURI(cloudprovider.GCP), nil,
) )
require.NoError(err) require.NoError(err)
for _, release := range helmReleases { for _, release := range helmReleases {
@ -92,7 +93,6 @@ func TestLoadReleases(t *testing.T) {
func TestLoadAWSLoadBalancerValues(t *testing.T) { func TestLoadAWSLoadBalancerValues(t *testing.T) {
sut := chartLoader{ sut := chartLoader{
config: &config.Config{Name: "testCluster"},
clusterName: "testCluster", clusterName: "testCluster",
stateFile: state.New().SetInfrastructure(state.Infrastructure{UID: "testuid", Name: "testCluster-testuid"}), stateFile: state.New().SetInfrastructure(state.Infrastructure{UID: "testuid", Name: "testCluster-testuid"}),
} }
@ -180,14 +180,14 @@ func TestConstellationServices(t *testing.T) {
values := chartLoader.loadConstellationServicesValues() values := chartLoader.loadConstellationServicesValues()
serviceAccURI := fakeServiceAccURI(tc.config.GetProvider()) serviceAccURI := fakeServiceAccURI(tc.config.GetProvider())
extraVals, err := extraConstellationServicesValues( extraVals, err := extraConstellationServicesValues(
tc.config, uri.MasterSecret{ tc.config.GetProvider(), tc.config.GetAttestationConfig().GetVariant(), uri.MasterSecret{
Key: []byte("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"), Key: []byte("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"),
Salt: []byte("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"), Salt: []byte("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"),
}, serviceAccURI, state.Infrastructure{ }, serviceAccURI, state.Infrastructure{
UID: "uid", UID: "uid",
Azure: &state.Azure{}, Azure: &state.Azure{},
GCP: &state.GCP{}, GCP: &state.GCP{},
}) }, tc.config.Provider.OpenStack)
require.NoError(err) require.NoError(err)
values = mergeMaps(values, extraVals) values = mergeMaps(values, extraVals)

25
internal/helm/overrides.go
View file

@ -13,6 +13,7 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
"github.com/edgelesssys/constellation/v2/internal/cloud/azureshared" "github.com/edgelesssys/constellation/v2/internal/cloud/azureshared"
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
"github.com/edgelesssys/constellation/v2/internal/cloud/gcpshared" "github.com/edgelesssys/constellation/v2/internal/cloud/gcpshared"
@ -64,14 +65,15 @@ func extraCiliumValues(provider cloudprovider.Provider, conformanceMode bool, ou
// extraConstellationServicesValues extends the given values map by some values depending on user input. // extraConstellationServicesValues extends the given values map by some values depending on user input.
// Values set inside this function are only applied during init, not during upgrade. // Values set inside this function are only applied during init, not during upgrade.
func extraConstellationServicesValues( func extraConstellationServicesValues(
cfg *config.Config, masterSecret uri.MasterSecret, serviceAccURI string, output state.Infrastructure, csp cloudprovider.Provider, attestationVariant variant.Variant, masterSecret uri.MasterSecret, serviceAccURI string,
output state.Infrastructure, openStackCfg *config.OpenStackConfig,
) (map[string]any, error) { ) (map[string]any, error) {
extraVals := map[string]any{} extraVals := map[string]any{}
extraVals["join-service"] = map[string]any{ extraVals["join-service"] = map[string]any{
"attestationVariant": cfg.GetAttestationConfig().GetVariant().String(), "attestationVariant": attestationVariant.String(),
} }
extraVals["verification-service"] = map[string]any{ extraVals["verification-service"] = map[string]any{
"attestationVariant": cfg.GetAttestationConfig().GetVariant().String(), "attestationVariant": attestationVariant.String(),
} }
extraVals["konnectivity"] = map[string]any{ extraVals["konnectivity"] = map[string]any{
"loadBalancerIP": output.ClusterEndpoint, "loadBalancerIP": output.ClusterEndpoint,
@ -81,19 +83,22 @@ func extraConstellationServicesValues(
"masterSecret": base64.StdEncoding.EncodeToString(masterSecret.Key), "masterSecret": base64.StdEncoding.EncodeToString(masterSecret.Key),
"salt": base64.StdEncoding.EncodeToString(masterSecret.Salt), "salt": base64.StdEncoding.EncodeToString(masterSecret.Salt),
} }
switch cfg.GetProvider() { switch csp {
case cloudprovider.OpenStack: case cloudprovider.OpenStack:
extraVals["openstack"] = map[string]any{ if openStackCfg == nil {
"deployYawolLoadBalancer": cfg.DeployYawolLoadBalancer(), return nil, fmt.Errorf("no OpenStack config")
} }
if cfg.DeployYawolLoadBalancer() { extraVals["openstack"] = map[string]any{
"deployYawolLoadBalancer": openStackCfg.DeployYawolLoadBalancer != nil && *openStackCfg.DeployYawolLoadBalancer,
}
if openStackCfg.DeployYawolLoadBalancer != nil && *openStackCfg.DeployYawolLoadBalancer {
extraVals["yawol-controller"] = map[string]any{ extraVals["yawol-controller"] = map[string]any{
"yawolOSSecretName": "yawolkey", "yawolOSSecretName": "yawolkey",
// has to be larger than ~30s to account for slow OpenStack API calls. // has to be larger than ~30s to account for slow OpenStack API calls.
"openstackTimeout": "1m", "openstackTimeout": "1m",
"yawolFloatingID": cfg.Provider.OpenStack.FloatingIPPoolID, "yawolFloatingID": openStackCfg.FloatingIPPoolID,
"yawolFlavorID": cfg.Provider.OpenStack.YawolFlavorID, "yawolFlavorID": openStackCfg.YawolFlavorID,
"yawolImageID": cfg.Provider.OpenStack.YawolImageID, "yawolImageID": openStackCfg.YawolImageID,
} }
} }
case cloudprovider.GCP: case cloudprovider.GCP: