cli: add --workspace flag to set base directory for Constellation workspace (#2148)

* Remove `--config` and `--master-secret` falgs * Add `--workspace` flag * In CLI, only work on files with paths created from `cli/internal/cmd` * Properly print values for GCP on IAM create when not directly updating the config --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-12-15 16:09:39 -05:00 · 2023-08-04 13:53:51 +02:00 · 2023-08-04 13:53:51 +02:00 · d1ace13713
commit d1ace13713
parent ec33530c38
57 changed files with 966 additions and 1145 deletions
--- a/cli/internal/cmd/verify.go
+++ b/cli/internal/cmd/verify.go
@ -43,7 +43,7 @@ func NewVerifyCmd() *cobra.Command {
 		Use:   "verify",
 		Short: "Verify the confidential properties of a Constellation cluster",
 		Long: "Verify the confidential properties of a Constellation cluster.\n" +
-			"If arguments aren't specified, values are read from `" + constants.ClusterIDsFileName + "`.",
+			"If arguments aren't specified, values are read from `" + constants.ClusterIDsFilename + "`.",
 		Args: cobra.ExactArgs(0),
 		RunE: runVerify,
 	}
@ -85,8 +85,8 @@ func (c *verifyCmd) verify(cmd *cobra.Command, fileHandler file.Handler, verifyC
 	}
 	c.log.Debugf("Using flags: %+v", flags)

-	c.log.Debugf("Loading configuration file from %q", flags.configPath)
-	conf, err := config.New(fileHandler, flags.configPath, configFetcher, flags.force)
+	c.log.Debugf("Loading configuration file from %q", configPath(flags.workspace))
+	conf, err := config.New(fileHandler, constants.ConfigFilename, configFetcher, flags.force)
 	var configValidationErr *config.ValidationError
 	if errors.As(err, &configValidationErr) {
 		cmd.PrintErrln(configValidationErr.LongMessage())
@ -138,11 +138,11 @@ func (c *verifyCmd) verify(cmd *cobra.Command, fileHandler file.Handler, verifyC
 }

 func (c *verifyCmd) parseVerifyFlags(cmd *cobra.Command, fileHandler file.Handler) (verifyFlags, error) {
-	configPath, err := cmd.Flags().GetString("config")
+	workspace, err := cmd.Flags().GetString("workspace")
 	if err != nil {
 		return verifyFlags{}, fmt.Errorf("parsing config path argument: %w", err)
 	}
-	c.log.Debugf("Flag 'config' set to %q", configPath)
+	c.log.Debugf("Flag 'workspace' set to %q", workspace)

 	ownerID := ""
 	clusterID, err := cmd.Flags().GetString("cluster-id")
@ -170,7 +170,7 @@ func (c *verifyCmd) parseVerifyFlags(cmd *cobra.Command, fileHandler file.Handle
 	c.log.Debugf("Flag 'raw' set to %t", force)

 	var idFile clusterid.File
-	if err := fileHandler.ReadJSON(constants.ClusterIDsFileName, &idFile); err != nil && !errors.Is(err, afero.ErrFileNotFound) {
+	if err := fileHandler.ReadJSON(constants.ClusterIDsFilename, &idFile); err != nil && !errors.Is(err, afero.ErrFileNotFound) {
 		return verifyFlags{}, fmt.Errorf("reading cluster ID file: %w", err)
 	}

@ -178,13 +178,13 @@ func (c *verifyCmd) parseVerifyFlags(cmd *cobra.Command, fileHandler file.Handle
 	emptyEndpoint := endpoint == ""
 	emptyIDs := ownerID == "" && clusterID == ""
 	if emptyEndpoint || emptyIDs {
-		c.log.Debugf("Trying to supplement empty flag values from %q", constants.ClusterIDsFileName)
+		c.log.Debugf("Trying to supplement empty flag values from %q", clusterIDsPath(workspace))
 		if emptyEndpoint {
-			cmd.Printf("Using endpoint from %q. Specify --node-endpoint to override this.\n", constants.ClusterIDsFileName)
+			cmd.Printf("Using endpoint from %q. Specify --node-endpoint to override this.\n", clusterIDsPath(workspace))
 			endpoint = idFile.IP
 		}
 		if emptyIDs {
-			cmd.Printf("Using ID from %q. Specify --cluster-id to override this.\n", constants.ClusterIDsFileName)
+			cmd.Printf("Using ID from %q. Specify --cluster-id to override this.\n", clusterIDsPath(workspace))
 			ownerID = idFile.OwnerID
 			clusterID = idFile.ClusterID
 		}
@ -200,24 +200,24 @@ func (c *verifyCmd) parseVerifyFlags(cmd *cobra.Command, fileHandler file.Handle
 	}

 	return verifyFlags{
-		endpoint:   endpoint,
-		configPath: configPath,
-		ownerID:    ownerID,
-		clusterID:  clusterID,
-		maaURL:     idFile.AttestationURL,
-		rawOutput:  raw,
-		force:      force,
+		endpoint:  endpoint,
+		workspace: workspace,
+		ownerID:   ownerID,
+		clusterID: clusterID,
+		maaURL:    idFile.AttestationURL,
+		rawOutput: raw,
+		force:     force,
 	}, nil
 }

 type verifyFlags struct {
-	endpoint   string
-	ownerID    string
-	clusterID  string
-	configPath string
-	maaURL     string
-	rawOutput  bool
-	force      bool
+	endpoint  string
+	ownerID   string
+	clusterID string
+	workspace string
+	maaURL    string
+	rawOutput bool
+	force     bool
 }

 func addPortIfMissing(endpoint string, defaultPort int) (string, error) {