Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-08-13 17:25:32 -04:00
Code Issues Projects Releases Packages Wiki Activity

support to declaratively set attestation policy

Browse source
This commit is contained in:
Moritz Sanft 2023-06-21 11:45:13 +02:00
parent b25228d175
commit dbc495f164
15 changed files with 82 additions and 188 deletions
Download patch file Download diff file Expand all files Collapse all files

20
cli/internal/upgrade/terraform.go
View file

@ -14,7 +14,6 @@ import (
"path/filepath"
"strings"
"github.com/edgelesssys/constellation/v2/cli/internal/cloudcmd"
"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
@ -25,17 +24,15 @@ import (
// NewTerraformUpgrader returns a new TerraformUpgrader.
func NewTerraformUpgrader(tfClient tfClient, outWriter io.Writer) (*TerraformUpgrader, error) {
return &TerraformUpgrader{
tf: tfClient,
policyPatcher: cloudcmd.NewAzurePolicyPatcher(),
outWriter: outWriter,
tf: tfClient,
outWriter: outWriter,
}, nil
}
// TerraformUpgrader is responsible for performing Terraform migrations on cluster upgrades.
type TerraformUpgrader struct {
tf tfClient
policyPatcher policyPatcher
outWriter io.Writer
tf tfClient
outWriter io.Writer
}
// TerraformUpgradeOptions are the options used for the Terraform upgrade.
@ -132,7 +129,7 @@ func (u *TerraformUpgrader) CleanUpTerraformMigrations(fileHandler file.Handler,
return nil
}
// ApplyTerraformMigrations applies the migerations planned by PlanTerraformMigrations.
// ApplyTerraformMigrations applies the migrations planned by PlanTerraformMigrations.
// If PlanTerraformMigrations has not been executed before, it will return an error.
// In case of a successful upgrade, the output will be written to the specified file and the old Terraform directory is replaced
// By the new one.
@ -142,13 +139,6 @@ func (u *TerraformUpgrader) ApplyTerraformMigrations(ctx context.Context, fileHa
return fmt.Errorf("terraform apply: %w", err)
}
// AttestationURL is only set for Azure.
if tfOutput.AttestationURL != "" {
if err := u.policyPatcher.Patch(ctx, tfOutput.AttestationURL); err != nil {
return fmt.Errorf("patching policies: %w", err)
}
}
outputFileContents := clusterid.File{
CloudProvider: opts.CSP,
InitSecret: []byte(tfOutput.Secret),