Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-01-22 13:21:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
37b42ea3d7
constellation/.github/actions/constellation_iam_create/action.yml

126 lines
3.9 KiB
YAML
Raw Blame History

name: Constellation IAM create
description: Create IAM configuration for a Constellation cluster.
inputs:
cloudProvider:
description: "Either 'aws', 'azure' or 'gcp'."
required: true
attestationVariant:
description: "The attestation variant to use."
required: true
kubernetesVersion:
description: "Kubernetes version to create the cluster from."
required: false
namePrefix:
description: "Name prefix to use for resources."
required: true
additionalTags:
description: "Additional resource tags that will be written into the constellation configuration."
default: ""
required: false
#
# AWS specific inputs
#
awsZone:
description: "AWS zone to deploy Constellation in."
required: false
#
# Azure specific inputs
#
azureSubscriptionID:
description: "Azure subscription ID to deploy Constellation in."
required: true
azureRegion:
description: "Azure region to deploy Constellation in."
required: false
#
# GCP specific inputs
#
gcpProjectID:
description: "The GCP project ID to deploy Constellation in."
required: false
gcpZone:
description: "The GCP zone to deploy Constellation in."
required: false
#
# STACKIT specific inputs
#
stackitZone:
description: "The STACKIT zone to deploy Constellation in."
required: false
stackitProjectID:
description: "The STACKIT project ID to deploy Constellation in."
required: false
runs:
using: "composite"
steps:
- name: Generate config
id: generate-config
shell: bash
run: |
kubernetesFlag=""
if [[ ! -z "${{ inputs.kubernetesVersion }}" ]]; then
kubernetesFlag="--kubernetes=${{ inputs.kubernetesVersion }}"
fi
# TODO(v2.17): Remove this fallback and always use --tags flag
tagsFlag=""
if constellation config generate --help | grep -q -- --tags; then
tagsFlag="--tags=\"${{ inputs.additionalTags }}\""
fi
echo "flag=--update-config" | tee -a "$GITHUB_OUTPUT"
constellation config generate ${{ inputs.cloudProvider }} ${kubernetesFlag} --attestation ${{ inputs.attestationVariant }} ${tagsFlag}
- name: Constellation iam create aws
shell: bash
if: inputs.cloudProvider == 'aws'
run: |
constellation iam create aws \
--zone="${{ inputs.awsZone }}" \
--prefix="${{ inputs.namePrefix }}" \
--update-config \
--tf-log=DEBUG \
--yes
- name: Constellation iam create azure
shell: bash
if: inputs.cloudProvider == 'azure'
run: |
extraFlags=""
if [[ $(constellation iam create azure --help | grep -c -- --subscriptionID) -ne 0 ]]; then
extraFlags="--subscriptionID=${{ inputs.azureSubscriptionID }}"
fi
constellation iam create azure \
--region="${{ inputs.azureRegion }}" \
--resourceGroup="${{ inputs.namePrefix }}-rg" \
--servicePrincipal="${{ inputs.namePrefix }}-sp" \
--update-config \
--tf-log=DEBUG \
--yes ${extraFlags}
- name: Constellation iam create gcp
shell: bash
if: inputs.cloudProvider == 'gcp'
run: |
constellation iam create gcp \
--projectID="${{ inputs.gcpProjectID }}" \
--zone="${{ inputs.gcpZone }}" \
--serviceAccountID="${{ inputs.namePrefix }}-sa" \
--update-config \
--tf-log=DEBUG \
--yes
- name: Set STACKIT-specific configuration
shell: bash
if: inputs.cloudProvider == 'stackit'
env:
STACKIT_PROJECT_ID: ${{ inputs.stackitProjectID }}
run: |
yq eval -i "(.provider.openstack.stackitProjectID) = \"${STACKIT_PROJECT_ID}\"" constellation-conf.yaml
yq eval -i "(.provider.openstack.availabilityZone) = \"${{ inputs.stackitZone }}\"" constellation-conf.yaml
yq eval -i "(.nodeGroups.[].zone) = \"${{ inputs.stackitZone }}\"" constellation-conf.yaml
Reference in New Issue View Git Blame Copy Permalink