Remove manual state migration steps for AWS

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

cli/internal/cmd/BUILD.bazel

@@ -18,7 +18,6 @@ go_library(
         "iamupgradeapply.go",
         "init.go",
         "log.go",
-        "manualtfstatemigration.go",
         "mini.go",
         "minidown.go",
         "miniup.go",

cli/internal/cmd/manualtfstatemigration.go

@@ -1,78 +0,0 @@
-/*
-Copyright (c) Edgeless Systems GmbH
-
-SPDX-License-Identifier: AGPL-3.0-only
-*/
-
-package cmd
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
-	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
-)
-
-// terraformMigrationAWSNodeGroups migrates the AWS node groups from the old state to the new state.
-// TODO(AB#3248): Remove this migration after we can assume that all existing clusters have been migrated.
-func terraformMigrationAWSNodeGroups(csp cloudprovider.Provider, zone string) []terraform.StateMigration {
-	if csp != cloudprovider.AWS {
-		return nil
-	}
-	return []terraform.StateMigration{
-		{
-			DisplayName: "AWS node groups",
-			Hook: func(ctx context.Context, tfClient terraform.TFMigrator) error {
-				fromTo := []struct {
-					from string
-					to   string
-				}{
-					{
-						from: "aws_eip.lb",
-						to:   fmt.Sprintf("aws_eip.lb[%q]", zone),
-					},
-					{
-						from: "module.public_private_subnet.aws_eip.nat",
-						to:   fmt.Sprintf("module.public_private_subnet.aws_eip.nat[%q]", zone),
-					},
-					{
-						from: "module.public_private_subnet.aws_nat_gateway.gw",
-						to:   fmt.Sprintf("module.public_private_subnet.aws_nat_gateway.gw[%q]", zone),
-					},
-					{
-						from: "module.public_private_subnet.aws_route_table.private_nat",
-						to:   fmt.Sprintf("module.public_private_subnet.aws_route_table.private_nat[%q]", zone),
-					},
-					{
-						from: "module.public_private_subnet.aws_route_table.public_igw",
-						to:   fmt.Sprintf("module.public_private_subnet.aws_route_table.public_igw[%q]", zone),
-					},
-					{
-						from: "module.public_private_subnet.aws_route_table_association.private-nat",
-						to:   fmt.Sprintf("module.public_private_subnet.aws_route_table_association.private_nat[%q]", zone),
-					},
-					{
-						from: "module.public_private_subnet.aws_route_table_association.route_to_internet",
-						to:   fmt.Sprintf("module.public_private_subnet.aws_route_table_association.route_to_internet[%q]", zone),
-					},
-					{
-						from: "module.public_private_subnet.aws_subnet.private",
-						to:   fmt.Sprintf("module.public_private_subnet.aws_subnet.private[%q]", zone),
-					},
-					{
-						from: "module.public_private_subnet.aws_subnet.public",
-						to:   fmt.Sprintf("module.public_private_subnet.aws_subnet.public[%q]", zone),
-					},
-				}
-
-				for _, move := range fromTo {
-					// we need to drop the error here, because the migration has to be idempotent
-					// and state mv will fail if the state is already migrated
-					_ = tfClient.StateMv(ctx, move.from, move.to)
-				}
-				return nil
-			},
-		},
-	}
-}

cli/internal/cmd/upgradeapply.go

@@ -221,17 +221,6 @@ func (u *upgradeApplyCmd) migrateTerraform(
 		return fmt.Errorf("checking workspace: %w", err)
 	}
 
-	// TODO(AB#3248): Remove this migration after we can assume that all existing clusters have been migrated.
-	var awsZone string
-	if conf.GetProvider() == cloudprovider.AWS {
-		awsZone = conf.Provider.AWS.Zone
-	}
-	manualMigrations := terraformMigrationAWSNodeGroups(conf.GetProvider(), awsZone)
-	for _, migration := range manualMigrations {
-		u.log.Debugf("Adding manual Terraform migration: %s", migration.DisplayName)
-		u.upgrader.AddManualStateMigration(migration)
-	}
-
 	imageRef, err := getImage(cmd.Context(), conf, fetcher)
 	if err != nil {
 		return fmt.Errorf("fetching image reference: %w", err)
@@ -252,6 +241,15 @@ func (u *upgradeApplyCmd) migrateTerraform(
 	}
 
 	// Check if there are any Terraform migrations to apply
+
+	// Add manual migrations here if required
+	//
+	// var manualMigrations []terraform.StateMigration
+	// for _, migration := range manualMigrations {
+	// 	  u.log.Debugf("Adding manual Terraform migration: %s", migration.DisplayName)
+	// 	  u.upgrader.AddManualStateMigration(migration)
+	// }
+
 	hasDiff, err := u.upgrader.PlanTerraformMigrations(cmd.Context(), opts)
 	if err != nil {
 		return fmt.Errorf("planning terraform migrations: %w", err)
@@ -447,6 +445,5 @@ type cloudUpgrader interface {
 	ApplyTerraformMigrations(ctx context.Context, opts upgrade.TerraformUpgradeOptions) (clusterid.File, error)
 	CheckTerraformMigrations(upgradeWorkspace string) error
 	CleanUpTerraformMigrations(upgradeWorkspace string) error
-	AddManualStateMigration(migration terraform.StateMigration)
 	GetUpgradeID() string
 }

cli/internal/cmd/upgradeapply_test.go

@@ -16,7 +16,6 @@ import (
 
 	"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
 	"github.com/edgelesssys/constellation/v2/cli/internal/kubernetes"
-	"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
 	"github.com/edgelesssys/constellation/v2/cli/internal/upgrade"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
@@ -228,12 +227,6 @@ func (u stubUpgrader) ExtendClusterConfigCertSANs(_ context.Context, _ []string)
 	return nil
 }
 
-// AddManualStateMigration is not used in this test.
-// TODO(AB#3248): remove this method together with the definition in the interfaces.
-func (u stubUpgrader) AddManualStateMigration(_ terraform.StateMigration) {
-	panic("unused")
-}
-
 type stubImageFetcher struct {
 	fetchReferenceErr error
 }

cli/internal/cmd/upgradecheck.go

@@ -206,22 +206,16 @@ func (u *upgradeCheckCmd) upgradeCheck(cmd *cobra.Command, fileHandler file.Hand
 	}
 
 	u.log.Debugf("Planning Terraform migrations")
-	if err := u.checker.CheckTerraformMigrations(constants.UpgradeDir); err != nil { // Why is this run twice?????
-		return fmt.Errorf("checking workspace: %w", err)
-	}
 
-	// TODO(AB#3248): Remove this migration after we can assume that all existing clusters have been migrated.
+	// Add manual migrations here if required
-	var awsZone string
+	//
-	if csp == cloudprovider.AWS {
+	// var manualMigrations []terraform.StateMigration
-		awsZone = conf.Provider.AWS.Zone
+	// for _, migration := range manualMigrations {
-	}
+	// 	  u.log.Debugf("Adding manual Terraform migration: %s", migration.DisplayName)
-	manualMigrations := terraformMigrationAWSNodeGroups(csp, awsZone)
+	// 	  u.upgrader.AddManualStateMigration(migration)
-	for _, migration := range manualMigrations {
+	// }
-		u.log.Debugf("Adding manual Terraform migration: %s", migration.DisplayName)
-		u.checker.AddManualStateMigration(migration)
-	}
 
-	if err := u.checker.CheckTerraformMigrations(constants.UpgradeDir); err != nil { // Why is this run twice?????
+	if err := u.checker.CheckTerraformMigrations(constants.UpgradeDir); err != nil {
 		return fmt.Errorf("checking workspace: %w", err)
 	}
 
@@ -765,7 +759,6 @@ type upgradeChecker interface {
 	PlanTerraformMigrations(ctx context.Context, opts upgrade.TerraformUpgradeOptions) (bool, error)
 	CheckTerraformMigrations(upgradeWorkspace string) error
 	CleanUpTerraformMigrations(upgradeWorkspace string) error
-	AddManualStateMigration(migration terraform.StateMigration)
 }
 
 type versionListFetcher interface {

cli/internal/cmd/upgradecheck_test.go

@@ -15,7 +15,6 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
 	"github.com/edgelesssys/constellation/v2/cli/internal/upgrade"
 	"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
@@ -349,12 +348,6 @@ func (u stubUpgradeChecker) CleanUpTerraformMigrations(_ string) error {
 	return u.err
 }
 
-// AddManualStateMigration is not used in this test.
-// TODO(AB#3248): remove this method together with the definition in the interfaces.
-func (u stubUpgradeChecker) AddManualStateMigration(_ terraform.StateMigration) {
-	panic("unused")
-}
-
 func TestNewCLIVersions(t *testing.T) {
 	someErr := errors.New("some error")
 	minorList := func() versionsapi.List {

cli/internal/kubernetes/upgrade.go

@@ -93,8 +93,6 @@ type Upgrader struct {
 	helmClient       helmInterface
 	imageFetcher     imageFetcher
 	outWriter        io.Writer
-	// TODO(AB#3248): Remove this tfClient after we can assume that all existing clusters have been migrated.
-	tfClient   *terraform.Client
 	tfUpgrader       *upgrade.TerraformUpgrader
 	log              debugLog
 	upgradeID        string
@@ -147,7 +145,6 @@ func NewUpgrader(
 	if err != nil {
 		return nil, fmt.Errorf("setting up terraform client: %w", err)
 	}
-	u.tfClient = tfClient
 
 	tfUpgrader, err := upgrade.NewTerraformUpgrader(tfClient, outWriter, fileHandler)
 	if err != nil {
@@ -163,12 +160,6 @@ func (u *Upgrader) GetUpgradeID() string {
 	return u.upgradeID
 }
 
-// AddManualStateMigration adds a manual state migration to the Terraform client.
-// TODO(AB#3248): Remove this method after we can assume that all existing clusters have been migrated.
-func (u *Upgrader) AddManualStateMigration(migration terraform.StateMigration) {
-	u.tfClient.WithManualStateMigration(migration)
-}
-
 // CheckTerraformMigrations checks whether Terraform migrations are possible in the current workspace.
 // If the files that will be written during the upgrade already exist, it returns an error.
 func (u *Upgrader) CheckTerraformMigrations(upgradeWorkspace string) error {

cli/internal/terraform/terraform.go

@@ -597,7 +597,6 @@ func (c *Client) setLogLevel(logLevel LogLevel) error {
 }
 
 // StateMigration is a manual state migration that is not handled by Terraform due to missing features.
-// TODO(AB#3248): Remove this after we can assume that all existing clusters have been migrated.
 type StateMigration struct {
 	DisplayName string
 	Hook        func(ctx context.Context, tfClient TFMigrator) error
@@ -628,7 +627,6 @@ type tfInterface interface {
 }
 
 // TFMigrator is an interface for manual terraform state migrations (terraform state mv).
-// TODO(AB#3248): Remove this after we can assume that all existing clusters have been migrated.
 type TFMigrator interface {
 	StateMv(ctx context.Context, src, dst string, opts ...tfexec.StateMvCmdOption) error
 }

cli/internal/terraform/terraform/aws/main.tf

@@ -283,15 +283,3 @@ module "instance_group" {
     { "kubernetes.io/cluster/${local.name}" = "owned" }
   )
 }
-
-// TODO(AB#3248): Remove this migration after we can assume that all existing clusters have been migrated.
-moved {
-  from = module.instance_group_control_plane
-  to   = module.instance_group["control_plane_default"]
-}
-
-// TODO(AB#3248): Remove this migration after we can assume that all existing clusters have been migrated.
-moved {
-  from = module.instance_group_worker_nodes
-  to   = module.instance_group["worker_default"]
-}