name: Constellation IAM create description: Create IAM configuration for a Constellation cluster. inputs: cloudProvider: description: "Either 'aws', 'azure' or 'gcp'." required: true attestationVariant: description: "The attestation variant to use." required: true kubernetesVersion: description: "Kubernetes version to create the cluster from." required: false namePrefix: description: "Name prefix to use for resources." required: true additionalTags: description: "Additional resource tags that will be written into the constellation configuration." default: "" required: false # # AWS specific inputs # awsZone: description: "AWS zone to deploy Constellation in." required: false # # Azure specific inputs # azureRegion: description: "Azure region to deploy Constellation in." required: false # # GCP specific inputs # gcpProjectID: description: "The GCP project ID to deploy Constellation in." required: false gcpZone: description: "The GCP zone to deploy Constellation in." required: false runs: using: "composite" steps: - name: Generate config id: generate-config shell: bash run: | kubernetesFlag="" if [[ ! -z "${{ inputs.kubernetesVersion }}" ]]; then kubernetesFlag="--kubernetes=${{ inputs.kubernetesVersion }}" fi # TODO(v2.17): Remove this fallback and always use --tags flag tagsFlag="" if constellation config generate --help | grep -q -- --tags; then tagsFlag="--tags=\"${{ inputs.additionalTags }}\"" fi echo "flag=--update-config" | tee -a "$GITHUB_OUTPUT" constellation config generate ${{ inputs.cloudProvider }} ${kubernetesFlag} --attestation ${{ inputs.attestationVariant }} ${tagsFlag} - name: Constellation iam create aws shell: bash if: inputs.cloudProvider == 'aws' run: | constellation iam create aws \ --zone="${{ inputs.awsZone }}" \ --prefix="${{ inputs.namePrefix }}" \ --update-config \ --tf-log=DEBUG \ --yes - name: Constellation iam create azure shell: bash if: inputs.cloudProvider == 'azure' run: | constellation iam create azure \ --region="${{ inputs.azureRegion }}" \ --resourceGroup="${{ inputs.namePrefix }}-rg" \ --servicePrincipal="${{ inputs.namePrefix }}-sp" \ --update-config \ --tf-log=DEBUG \ --yes - name: Constellation iam create gcp shell: bash if: inputs.cloudProvider == 'gcp' run: | constellation iam create gcp \ --projectID="${{ inputs.gcpProjectID }}" \ --zone="${{ inputs.gcpZone }}" \ --serviceAccountID="${{ inputs.namePrefix }}-sa" \ --update-config \ --tf-log=DEBUG \ --yes