mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-24 06:59:40 -05:00
constants: make VersionInfo readonly (#1316)
The variable VersionInfo is supposed to be set by `go build -X ...` during link time but should not be modified at runtime. This change ensures the underlying var is private and can only be accessed by a public getter.
This commit is contained in:
parent
0157537852
commit
fc33a74c78
@ -46,7 +46,7 @@ add_custom_target(upgrade-agent ALL
|
||||
# cli
|
||||
#
|
||||
add_custom_target(cli ALL
|
||||
CGO_ENABLED=0 go build -o ${CMAKE_BINARY_DIR}/constellation -tags='${CLI_BUILD_TAGS}' -ldflags "-buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.VersionInfo=${PROJECT_VERSION}"
|
||||
CGO_ENABLED=0 go build -o ${CMAKE_BINARY_DIR}/constellation -tags='${CLI_BUILD_TAGS}' -ldflags "-buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.versionInfo=${PROJECT_VERSION}"
|
||||
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/cli
|
||||
BYPRODUCTS constellation
|
||||
)
|
||||
@ -73,7 +73,7 @@ add_custom_target(debugd ALL
|
||||
# cdbg
|
||||
#
|
||||
add_custom_target(cdbg ALL
|
||||
CGO_ENABLED=0 go build -o ${CMAKE_BINARY_DIR}/cdbg -buildvcs=false -ldflags "-buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.VersionInfo=${PROJECT_VERSION}"
|
||||
CGO_ENABLED=0 go build -o ${CMAKE_BINARY_DIR}/cdbg -buildvcs=false -ldflags "-buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.versionInfo=${PROJECT_VERSION}"
|
||||
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/debugd/cmd/cdbg
|
||||
BYPRODUCTS cdbg
|
||||
)
|
||||
|
@ -28,19 +28,19 @@ FROM build AS build-bootstrapper
|
||||
WORKDIR /constellation/bootstrapper/
|
||||
|
||||
ARG PROJECT_VERSION
|
||||
RUN --mount=type=cache,target=/root/.cache/go-build go build -o bootstrapper -tags=disable_tpm_simulator -buildvcs=false -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.VersionInfo=${PROJECT_VERSION}" ./cmd/bootstrapper/
|
||||
RUN --mount=type=cache,target=/root/.cache/go-build go build -o bootstrapper -tags=disable_tpm_simulator -buildvcs=false -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.versionInfo=${PROJECT_VERSION}" ./cmd/bootstrapper/
|
||||
|
||||
FROM build AS build-disk-mapper
|
||||
WORKDIR /constellation/disk-mapper/
|
||||
|
||||
ARG PROJECT_VERSION
|
||||
RUN --mount=type=cache,target=/root/.cache/go-build go build -o disk-mapper -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.VersionInfo=${PROJECT_VERSION}" ./cmd/
|
||||
RUN --mount=type=cache,target=/root/.cache/go-build go build -o disk-mapper -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.versionInfo=${PROJECT_VERSION}" ./cmd/
|
||||
|
||||
FROM build AS build-upgrade-agent
|
||||
WORKDIR /constellation/upgrade-agent/
|
||||
|
||||
ARG PROJECT_VERSION
|
||||
RUN --mount=type=cache,target=/root/.cache/go-build go build -o upgrade-agent -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.VersionInfo=${PROJECT_VERSION}" ./cmd/
|
||||
RUN --mount=type=cache,target=/root/.cache/go-build go build -o upgrade-agent -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.versionInfo=${PROJECT_VERSION}" ./cmd/
|
||||
|
||||
FROM scratch AS bootstrapper
|
||||
COPY --from=build-bootstrapper /constellation/bootstrapper/bootstrapper /
|
||||
|
@ -32,7 +32,7 @@ func run(issuer atls.Issuer, tpm vtpm.TPMOpenFunc, fileHandler file.Handler,
|
||||
) {
|
||||
defer cloudLogger.Close()
|
||||
|
||||
log.With(zap.String("version", constants.VersionInfo)).Infof("Starting bootstrapper")
|
||||
log.With(zap.String("version", constants.VersionInfo())).Infof("Starting bootstrapper")
|
||||
cloudLogger.Disclose("bootstrapper started running...")
|
||||
|
||||
uuid, err := getDiskUUID()
|
||||
|
@ -250,7 +250,6 @@ func TestConfigFetchMeasurements(t *testing.T) {
|
||||
|
||||
gcpConfig := defaultConfigWithExpectedMeasurements(t, config.Default(), cloudprovider.GCP)
|
||||
gcpConfig.Image = "v999.999.999"
|
||||
constants.VersionInfo = "v999.999.999"
|
||||
|
||||
err := fileHandler.WriteYAML(constants.ConfigFilename, gcpConfig, file.OptMkdirAll)
|
||||
require.NoError(err)
|
||||
|
@ -79,7 +79,7 @@ func runUpgradeCheck(cmd *cobra.Command, args []string) error {
|
||||
client: http.DefaultClient,
|
||||
rekor: rekor,
|
||||
flags: flags,
|
||||
cliVersion: compatibility.EnsurePrefixV(constants.VersionInfo),
|
||||
cliVersion: compatibility.EnsurePrefixV(constants.VersionInfo()),
|
||||
log: log,
|
||||
},
|
||||
log: log,
|
||||
|
@ -233,7 +233,6 @@ func TestUpgradeCheck(t *testing.T) {
|
||||
assert := assert.New(t)
|
||||
require := require.New(t)
|
||||
|
||||
constants.VersionInfo = "v0.0.0"
|
||||
fileHandler := file.NewHandler(afero.NewMemMapFs())
|
||||
cfg := defaultConfigWithExpectedMeasurements(t, config.Default(), tc.csp)
|
||||
require.NoError(fileHandler.WriteYAML(tc.flags.configPath, cfg))
|
||||
|
@ -34,7 +34,7 @@ func runVersion(cmd *cobra.Command, args []string) {
|
||||
|
||||
commit, state, date, goVersion, compiler, platform := parseBuildInfo(buildInfo)
|
||||
|
||||
cmd.Printf("Version:\t%s (%s)\n", constants.VersionInfo, constants.VersionBuild)
|
||||
cmd.Printf("Version:\t%s (%s)\n", constants.VersionInfo(), constants.VersionBuild)
|
||||
cmd.Printf("GitCommit:\t%s\n", commit)
|
||||
cmd.Printf("GitTreeState:\t%s\n", state)
|
||||
cmd.Printf("BuildDate:\t%s\n", date)
|
||||
|
@ -28,7 +28,7 @@ func TestVersionCmd(t *testing.T) {
|
||||
|
||||
s, err := io.ReadAll(b)
|
||||
assert.NoError(err)
|
||||
assert.Contains(string(s), constants.VersionInfo)
|
||||
assert.Contains(string(s), constants.VersionInfo())
|
||||
}
|
||||
|
||||
func TestParseBuildInfo(t *testing.T) {
|
||||
|
@ -149,11 +149,11 @@ func (c *Client) upgradeRelease(
|
||||
values = loader.loadCertManagerValues()
|
||||
case conOperatorsReleaseName:
|
||||
// ensure that the operator chart has the same version as the CLI
|
||||
updateVersions(chart, compatibility.EnsurePrefixV(constants.VersionInfo))
|
||||
updateVersions(chart, compatibility.EnsurePrefixV(constants.VersionInfo()))
|
||||
values, err = loader.loadOperatorsValues()
|
||||
case conServicesReleaseName:
|
||||
// ensure that the services chart has the same version as the CLI
|
||||
updateVersions(chart, compatibility.EnsurePrefixV(constants.VersionInfo))
|
||||
updateVersions(chart, compatibility.EnsurePrefixV(constants.VersionInfo()))
|
||||
values, err = loader.loadConstellationServicesValues()
|
||||
default:
|
||||
return fmt.Errorf("invalid release name: %s", releaseName)
|
||||
|
@ -283,7 +283,7 @@ func (i *ChartLoader) loadOperators() (helm.Release, error) {
|
||||
return helm.Release{}, fmt.Errorf("loading operators chart: %w", err)
|
||||
}
|
||||
|
||||
updateVersions(chart, compatibility.EnsurePrefixV(constants.VersionInfo))
|
||||
updateVersions(chart, compatibility.EnsurePrefixV(constants.VersionInfo()))
|
||||
|
||||
values, err := i.loadOperatorsValues()
|
||||
if err != nil {
|
||||
@ -370,7 +370,7 @@ func (i *ChartLoader) loadConstellationServices() (helm.Release, error) {
|
||||
return helm.Release{}, fmt.Errorf("loading constellation-services chart: %w", err)
|
||||
}
|
||||
|
||||
updateVersions(chart, compatibility.EnsurePrefixV(constants.VersionInfo))
|
||||
updateVersions(chart, compatibility.EnsurePrefixV(constants.VersionInfo()))
|
||||
|
||||
values, err := i.loadConstellationServicesValues()
|
||||
if err != nil {
|
||||
|
@ -57,7 +57,7 @@ func main() {
|
||||
|
||||
flag.Parse()
|
||||
log := logger.New(logger.JSONLog, logger.VerbosityFromInt(*verbosity))
|
||||
log.With(zap.String("version", constants.VersionInfo), zap.String("cloudProvider", *csp)).
|
||||
log.With(zap.String("version", constants.VersionInfo()), zap.String("cloudProvider", *csp)).
|
||||
Infof("Starting disk-mapper")
|
||||
|
||||
// set up metadata API and quote issuer for aTLS connections
|
||||
|
@ -14,7 +14,6 @@ import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/edgelesssys/constellation/v2/internal/constants"
|
||||
"golang.org/x/mod/semver"
|
||||
)
|
||||
|
||||
@ -93,8 +92,8 @@ func IsValidUpgrade(a, b string) error {
|
||||
}
|
||||
|
||||
// BinaryWith tests that this binarie's version is greater or equal than some target version, but not further away than one minor version.
|
||||
func BinaryWith(target string) error {
|
||||
binaryVersion := EnsurePrefixV(constants.VersionInfo)
|
||||
func BinaryWith(binaryVersion, target string) error {
|
||||
binaryVersion = EnsurePrefixV(binaryVersion)
|
||||
target = EnsurePrefixV(target)
|
||||
if !semver.IsValid(binaryVersion) || !semver.IsValid(target) {
|
||||
return ErrSemVer
|
||||
|
@ -9,7 +9,6 @@ package compatibility
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/edgelesssys/constellation/v2/internal/constants"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
@ -144,8 +143,7 @@ func TestBinaryWith(t *testing.T) {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
assert := assert.New(t)
|
||||
|
||||
constants.VersionInfo = tc.cli
|
||||
err := BinaryWith(tc.target)
|
||||
err := BinaryWith(tc.cli, tc.target)
|
||||
if tc.wantError {
|
||||
assert.Error(err)
|
||||
return
|
||||
|
@ -279,7 +279,7 @@ func Default() *Config {
|
||||
Version: Version2,
|
||||
Image: defaultImage,
|
||||
Name: defaultName,
|
||||
MicroserviceVersion: compatibility.EnsurePrefixV(constants.VersionInfo),
|
||||
MicroserviceVersion: compatibility.EnsurePrefixV(constants.VersionInfo()),
|
||||
KubernetesVersion: string(versions.Default),
|
||||
StateDiskSizeGB: 30,
|
||||
DebugCluster: toPtr(false),
|
||||
|
@ -366,18 +366,19 @@ func registerVersionCompatibilityError(ut ut.Translator) error {
|
||||
}
|
||||
|
||||
func translateVersionCompatibilityError(ut ut.Translator, fe validator.FieldError) string {
|
||||
err := validateVersionCompatibilityHelper(fe.Field(), fe.Value().(string))
|
||||
binaryVersion := constants.VersionInfo()
|
||||
err := validateVersionCompatibilityHelper(binaryVersion, fe.Field(), fe.Value().(string))
|
||||
var msg string
|
||||
|
||||
switch {
|
||||
case errors.Is(err, compatibility.ErrSemVer):
|
||||
msg = fmt.Sprintf("configured version (%s) does not adhere to SemVer syntax", fe.Value().(string))
|
||||
case errors.Is(err, compatibility.ErrMajorMismatch):
|
||||
msg = fmt.Sprintf("the CLI's major version (%s) has to match your configured major version (%s). Use --force to ignore the version mismatch.", constants.VersionInfo, fe.Value().(string))
|
||||
msg = fmt.Sprintf("the CLI's major version (%s) has to match your configured major version (%s). Use --force to ignore the version mismatch.", constants.VersionInfo(), fe.Value().(string))
|
||||
case errors.Is(err, compatibility.ErrMinorDrift):
|
||||
msg = fmt.Sprintf("the CLI's minor version (%s) and the configured version (%s) are more than one minor version apart. Use --force to ignore the version mismatch.", constants.VersionInfo, fe.Value().(string))
|
||||
msg = fmt.Sprintf("the CLI's minor version (%s) and the configured version (%s) are more than one minor version apart. Use --force to ignore the version mismatch.", constants.VersionInfo(), fe.Value().(string))
|
||||
case errors.Is(err, compatibility.ErrOutdatedCLI):
|
||||
msg = fmt.Sprintf("the CLI's version (%s) is older than the configured version (%s). Use --force to ignore the version mismatch.", constants.VersionInfo, fe.Value().(string))
|
||||
msg = fmt.Sprintf("the CLI's version (%s) is older than the configured version (%s). Use --force to ignore the version mismatch.", constants.VersionInfo(), fe.Value().(string))
|
||||
default:
|
||||
msg = err.Error()
|
||||
}
|
||||
@ -389,14 +390,15 @@ func translateVersionCompatibilityError(ut ut.Translator, fe validator.FieldErro
|
||||
|
||||
// Check that the validated field and the CLI version are not more than one minor version apart.
|
||||
func validateVersionCompatibility(fl validator.FieldLevel) bool {
|
||||
if err := validateVersionCompatibilityHelper(fl.FieldName(), fl.Field().String()); err != nil {
|
||||
binaryVersion := constants.VersionInfo()
|
||||
if err := validateVersionCompatibilityHelper(binaryVersion, fl.FieldName(), fl.Field().String()); err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
func validateVersionCompatibilityHelper(fieldName string, configuredVersion string) error {
|
||||
func validateVersionCompatibilityHelper(binaryVersion, fieldName, configuredVersion string) error {
|
||||
if fieldName == "Image" {
|
||||
imageVersion, err := versionsapi.NewVersionFromShortPath(configuredVersion, versionsapi.VersionKindImage)
|
||||
if err != nil {
|
||||
@ -406,14 +408,14 @@ func validateVersionCompatibilityHelper(fieldName string, configuredVersion stri
|
||||
}
|
||||
|
||||
if fieldName == "MicroserviceVersion" {
|
||||
cliVersion := compatibility.EnsurePrefixV(constants.VersionInfo)
|
||||
cliVersion := compatibility.EnsurePrefixV(binaryVersion)
|
||||
serviceVersion := compatibility.EnsurePrefixV(configuredVersion)
|
||||
if semver.Compare(cliVersion, serviceVersion) == -1 {
|
||||
return fmt.Errorf("the CLI's version (%s) is older than the configured version (%s)", cliVersion, serviceVersion)
|
||||
}
|
||||
}
|
||||
|
||||
return compatibility.BinaryWith(configuredVersion)
|
||||
return compatibility.BinaryWith(binaryVersion, configuredVersion)
|
||||
}
|
||||
|
||||
func returnsTrue(fl validator.FieldLevel) bool {
|
||||
|
@ -9,7 +9,6 @@ package config
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/edgelesssys/constellation/v2/internal/constants"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
@ -39,8 +38,7 @@ func TestValidateVersionCompatibilityHelper(t *testing.T) {
|
||||
t.Run(name, func(t *testing.T) {
|
||||
assert := assert.New(t)
|
||||
|
||||
constants.VersionInfo = tc.cli
|
||||
err := validateVersionCompatibilityHelper("Image", tc.target)
|
||||
err := validateVersionCompatibilityHelper(tc.cli, "Image", tc.target)
|
||||
if tc.wantError {
|
||||
assert.Error(err)
|
||||
return
|
||||
|
@ -182,5 +182,10 @@ const (
|
||||
CDNAPIPrefix = "constellation/v1"
|
||||
)
|
||||
|
||||
// VersionInfo is the version of a binary. Left as a separate variable to allow override during build.
|
||||
var VersionInfo = "0.0.0"
|
||||
// VersionInfo returns the version of a binary.
|
||||
func VersionInfo() string {
|
||||
return versionInfo
|
||||
}
|
||||
|
||||
// versionInfo is the version of a binary. Left as a separate variable to allow override during build.
|
||||
var versionInfo = "0.0.0"
|
||||
|
@ -70,7 +70,7 @@ func (v Semver) IsUpgradeTo(other Semver) bool {
|
||||
// CompatibleWithBinary returns if a version is compatible version of the current built binary.
|
||||
// It checks if the version of the binary is equal or greater than the current version and allows a drift of at most one minor version.
|
||||
func (v Semver) CompatibleWithBinary() bool {
|
||||
binaryVersion, err := NewSemver(constants.VersionInfo)
|
||||
binaryVersion, err := NewSemver(constants.VersionInfo())
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
@ -23,7 +23,7 @@ RUN rm -rf ./hack/
|
||||
|
||||
WORKDIR /constellation/joinservice
|
||||
ARG PROJECT_VERSION=0.0.0
|
||||
RUN --mount=type=cache,target=/root/.cache/go-build CGO_ENABLED=0 go build -o join-service -trimpath -buildvcs=false -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.VersionInfo=${PROJECT_VERSION}" ./cmd/
|
||||
RUN --mount=type=cache,target=/root/.cache/go-build CGO_ENABLED=0 go build -o join-service -trimpath -buildvcs=false -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.versionInfo=${PROJECT_VERSION}" ./cmd/
|
||||
|
||||
# Use gcr.io/distroless/static here since we need CA certificates to be installed for aTLS operations on GCP.
|
||||
FROM gcr.io/distroless/static@sha256:5b2fa762fb6ebf66ff88ae1db2dc4ad8fc6ddf1164477297dfac1a09f20e7339 as release
|
||||
|
@ -45,7 +45,7 @@ func main() {
|
||||
flag.Parse()
|
||||
|
||||
log := logger.New(logger.JSONLog, logger.VerbosityFromInt(*verbosity))
|
||||
log.With(zap.String("version", constants.VersionInfo), zap.String("cloudProvider", *provider)).
|
||||
log.With(zap.String("version", constants.VersionInfo()), zap.String("cloudProvider", *provider)).
|
||||
Infof("Constellation Node Join Service")
|
||||
|
||||
handler := file.NewHandler(afero.NewOsFs())
|
||||
|
@ -24,7 +24,7 @@ RUN rm -rf ./hack/
|
||||
RUN mkdir -p /constellation/build
|
||||
WORKDIR /constellation/keyservice/cmd
|
||||
ARG PROJECT_VERSION=0.0.0
|
||||
RUN --mount=type=cache,target=/root/.cache/go-build CGO_ENABLED=0 go build -o /constellation/build/keyservice -trimpath -buildvcs=false -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.VersionInfo=${PROJECT_VERSION}"
|
||||
RUN --mount=type=cache,target=/root/.cache/go-build CGO_ENABLED=0 go build -o /constellation/build/keyservice -trimpath -buildvcs=false -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.versionInfo=${PROJECT_VERSION}"
|
||||
|
||||
FROM gcr.io/distroless/static:nonroot@sha256:9ec950c09380320e203369982691eb821df6a6974edf9f4bb8e661d4b77b9d99 as release
|
||||
COPY --from=build /constellation/build/keyservice /keyservice
|
||||
|
@ -33,7 +33,7 @@ func main() {
|
||||
flag.Parse()
|
||||
log := logger.New(logger.JSONLog, logger.VerbosityFromInt(*verbosity))
|
||||
|
||||
log.With(zap.String("version", constants.VersionInfo)).
|
||||
log.With(zap.String("version", constants.VersionInfo())).
|
||||
Infof("Constellation Key Management Service")
|
||||
|
||||
// read master secret and salt
|
||||
|
@ -23,7 +23,7 @@ RUN rm -rf ./hack/
|
||||
|
||||
WORKDIR /constellation/verify
|
||||
ARG PROJECT_VERSION=0.0.0
|
||||
RUN --mount=type=cache,target=/root/.cache/go-build CGO_ENABLED=0 go build -o verify-service -trimpath -buildvcs=false -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.VersionInfo=${PROJECT_VERSION}" ./cmd/
|
||||
RUN --mount=type=cache,target=/root/.cache/go-build CGO_ENABLED=0 go build -o verify-service -trimpath -buildvcs=false -ldflags "-s -w -buildid='' -X github.com/edgelesssys/constellation/v2/internal/constants.versionInfo=${PROJECT_VERSION}" ./cmd/
|
||||
|
||||
FROM scratch AS release
|
||||
COPY --from=build /constellation/verify/verify-service /verify
|
||||
|
@ -29,7 +29,7 @@ func main() {
|
||||
flag.Parse()
|
||||
log := logger.New(logger.JSONLog, logger.VerbosityFromInt(*verbosity))
|
||||
|
||||
log.With(zap.String("version", constants.VersionInfo), zap.String("cloudProvider", *provider)).
|
||||
log.With(zap.String("version", constants.VersionInfo()), zap.String("cloudProvider", *provider)).
|
||||
Infof("Constellation Verification Service")
|
||||
|
||||
var issuer server.AttestationIssuer
|
||||
|
Loading…
Reference in New Issue
Block a user