mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-11 00:44:20 -05:00
405db3286e
* There are now two attestation packages on azure. The issuer on the server side is created base on successfully querying the idkeydigest from the TPM. Fallback on err: Trusted Launch. * The bootstrapper's issuer choice is validated by the CLI's validator, which is created based on the local config. * Add "azureCVM" field to new "internal-config" cm. This field is populated by the bootstrapper. * Group attestation OIDs by CSP (#42) * Bootstrapper now uses IssuerWrapper type to pass the issuer (and some context info) to the initserver. * Introduce VMType package akin to cloudprovider. Used by IssuerWrapper. * Extend unittests. * Remove CSP specific attestation integration tests Co-authored-by: <dw@edgeless.systems> Signed-off-by: Otto Bittner <cobittner@posteo.net>
221 lines
7.6 KiB
Go
221 lines
7.6 KiB
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
package cmd
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"io/fs"
|
|
|
|
"github.com/edgelesssys/constellation/cli/internal/cloudcmd"
|
|
"github.com/edgelesssys/constellation/internal/cloud/cloudprovider"
|
|
"github.com/edgelesssys/constellation/internal/constants"
|
|
"github.com/edgelesssys/constellation/internal/file"
|
|
"github.com/edgelesssys/constellation/internal/state"
|
|
"github.com/spf13/afero"
|
|
"github.com/spf13/cobra"
|
|
)
|
|
|
|
// NewCreateCmd returns a new cobra.Command for the create command.
|
|
func NewCreateCmd() *cobra.Command {
|
|
cmd := &cobra.Command{
|
|
Use: "create {aws|azure|gcp}",
|
|
Short: "Create instances on a cloud platform for your Constellation cluster",
|
|
Long: "Create instances on a cloud platform for your Constellation cluster.",
|
|
Args: cobra.MatchAll(
|
|
cobra.ExactArgs(1),
|
|
isCloudProvider(0),
|
|
warnAWS(0),
|
|
),
|
|
ValidArgsFunction: createCompletion,
|
|
RunE: runCreate,
|
|
}
|
|
cmd.Flags().String("name", "constell", "create the cluster with the specified name")
|
|
cmd.Flags().BoolP("yes", "y", false, "create the cluster without further confirmation")
|
|
cmd.Flags().IntP("control-plane-nodes", "c", 0, "number of control-plane nodes (required)")
|
|
must(cobra.MarkFlagRequired(cmd.Flags(), "control-plane-nodes"))
|
|
cmd.Flags().IntP("worker-nodes", "w", 0, "number of worker nodes (required)")
|
|
must(cobra.MarkFlagRequired(cmd.Flags(), "worker-nodes"))
|
|
return cmd
|
|
}
|
|
|
|
func runCreate(cmd *cobra.Command, args []string) error {
|
|
provider := cloudprovider.FromString(args[0])
|
|
fileHandler := file.NewHandler(afero.NewOsFs())
|
|
creator := cloudcmd.NewCreator(cmd.OutOrStdout())
|
|
|
|
return create(cmd, creator, fileHandler, provider)
|
|
}
|
|
|
|
func create(cmd *cobra.Command, creator cloudCreator, fileHandler file.Handler, provider cloudprovider.Provider,
|
|
) (retErr error) {
|
|
flags, err := parseCreateFlags(cmd)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := checkDirClean(fileHandler); err != nil {
|
|
return err
|
|
}
|
|
|
|
config, err := readConfig(cmd.OutOrStdout(), fileHandler, flags.configPath, provider)
|
|
if err != nil {
|
|
return fmt.Errorf("reading and validating config: %w", err)
|
|
}
|
|
|
|
if config.IsImageDebug() {
|
|
cmd.Println("Configured image does not look like a released production image. Double check image before deploying to production.")
|
|
}
|
|
|
|
if config.IsAzureNonCVM() {
|
|
cmd.Println("Disabling Confidential VMs is insecure. Use only for evaluation purposes.")
|
|
if config.EnforcesIdKeyDigest() {
|
|
cmd.Println("Your config asks for enforcing the idkeydigest. This is only available on Confidential VMs. It will not be enforced.")
|
|
}
|
|
}
|
|
|
|
var instanceType string
|
|
switch provider {
|
|
case cloudprovider.Azure:
|
|
instanceType = config.Provider.Azure.InstanceType
|
|
case cloudprovider.GCP:
|
|
instanceType = config.Provider.GCP.InstanceType
|
|
}
|
|
|
|
if !flags.yes {
|
|
// Ask user to confirm action.
|
|
cmd.Printf("The following Constellation cluster will be created:\n")
|
|
cmd.Printf("%d control-planes nodes of type %s will be created.\n", flags.controllerCount, instanceType)
|
|
cmd.Printf("%d worker nodes of type %s will be created.\n", flags.workerCount, instanceType)
|
|
ok, err := askToConfirm(cmd, "Do you want to create this cluster?")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if !ok {
|
|
cmd.Println("The creation of the cluster was aborted.")
|
|
return nil
|
|
}
|
|
}
|
|
|
|
state, err := creator.Create(cmd.Context(), provider, config, flags.name, instanceType, flags.controllerCount, flags.workerCount)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := fileHandler.WriteJSON(constants.StateFilename, state, file.OptNone); err != nil {
|
|
return err
|
|
}
|
|
|
|
if err := writeIPtoIDFile(fileHandler, state); err != nil {
|
|
return err
|
|
}
|
|
|
|
cmd.Println("Your Constellation cluster was created successfully.")
|
|
return nil
|
|
}
|
|
|
|
// parseCreateFlags parses the flags of the create command.
|
|
func parseCreateFlags(cmd *cobra.Command) (createFlags, error) {
|
|
controllerCount, err := cmd.Flags().GetInt("control-plane-nodes")
|
|
if err != nil {
|
|
return createFlags{}, fmt.Errorf("parsing number of control-plane nodes: %w", err)
|
|
}
|
|
if controllerCount < constants.MinControllerCount {
|
|
return createFlags{}, fmt.Errorf("number of control-plane nodes must be at least %d", constants.MinControllerCount)
|
|
}
|
|
|
|
workerCount, err := cmd.Flags().GetInt("worker-nodes")
|
|
if err != nil {
|
|
return createFlags{}, fmt.Errorf("parsing number of worker nodes: %w", err)
|
|
}
|
|
if workerCount < constants.MinWorkerCount {
|
|
return createFlags{}, fmt.Errorf("number of worker nodes must be at least %d", constants.MinWorkerCount)
|
|
}
|
|
|
|
name, err := cmd.Flags().GetString("name")
|
|
if err != nil {
|
|
return createFlags{}, fmt.Errorf("parsing name argument: %w", err)
|
|
}
|
|
if len(name) > constants.ConstellationNameLength {
|
|
return createFlags{}, fmt.Errorf(
|
|
"name for Constellation cluster too long, maximum length is %d, got %d: %s",
|
|
constants.ConstellationNameLength, len(name), name,
|
|
)
|
|
}
|
|
|
|
yes, err := cmd.Flags().GetBool("yes")
|
|
if err != nil {
|
|
return createFlags{}, fmt.Errorf("%w; Set '-yes' without a value to automatically confirm", err)
|
|
}
|
|
|
|
configPath, err := cmd.Flags().GetString("config")
|
|
if err != nil {
|
|
return createFlags{}, fmt.Errorf("parsing config path argument: %w", err)
|
|
}
|
|
|
|
return createFlags{
|
|
controllerCount: controllerCount,
|
|
workerCount: workerCount,
|
|
name: name,
|
|
configPath: configPath,
|
|
yes: yes,
|
|
}, nil
|
|
}
|
|
|
|
// createFlags contains the parsed flags of the create command.
|
|
type createFlags struct {
|
|
controllerCount int
|
|
workerCount int
|
|
name string
|
|
configPath string
|
|
yes bool
|
|
}
|
|
|
|
// checkDirClean checks if files of a previous Constellation are left in the current working dir.
|
|
func checkDirClean(fileHandler file.Handler) error {
|
|
if _, err := fileHandler.Stat(constants.StateFilename); !errors.Is(err, fs.ErrNotExist) {
|
|
return fmt.Errorf("file '%s' already exists in working directory, run 'constellation terminate' before creating a new one", constants.StateFilename)
|
|
}
|
|
if _, err := fileHandler.Stat(constants.AdminConfFilename); !errors.Is(err, fs.ErrNotExist) {
|
|
return fmt.Errorf("file '%s' already exists in working directory, run 'constellation terminate' before creating a new one", constants.AdminConfFilename)
|
|
}
|
|
if _, err := fileHandler.Stat(constants.MasterSecretFilename); !errors.Is(err, fs.ErrNotExist) {
|
|
return fmt.Errorf("file '%s' already exists in working directory. Constellation won't overwrite previous master secrets. Move it somewhere or delete it before creating a new cluster", constants.MasterSecretFilename)
|
|
}
|
|
if _, err := fileHandler.Stat(constants.ClusterIDsFileName); !errors.Is(err, fs.ErrNotExist) {
|
|
return fmt.Errorf("file '%s' already exists in working directory. Constellation won't overwrite previous cluster IDs. Move it somewhere or delete it before creating a new cluster", constants.ClusterIDsFileName)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func writeIPtoIDFile(fileHandler file.Handler, state state.ConstellationState) error {
|
|
ip := state.LoadBalancerIP
|
|
if ip == "" {
|
|
return fmt.Errorf("bootstrapper ip not found")
|
|
}
|
|
idFile := clusterIDsFile{IP: ip}
|
|
return fileHandler.WriteJSON(constants.ClusterIDsFileName, idFile, file.OptNone)
|
|
}
|
|
|
|
// createCompletion handles the completion of the create command. It is frequently called
|
|
// while the user types arguments of the command to suggest completion.
|
|
func createCompletion(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
|
|
switch len(args) {
|
|
case 0:
|
|
return []string{"aws", "gcp", "azure"}, cobra.ShellCompDirectiveNoFileComp
|
|
default:
|
|
return []string{}, cobra.ShellCompDirectiveError
|
|
}
|
|
}
|
|
|
|
func must(err error) {
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
}
|