constellation/cli/internal/cloudcmd/terraform.go

/*
Copyright (c) Edgeless Systems GmbH

SPDX-License-Identifier: AGPL-3.0-only
*/

package cloudcmd

import (
	"fmt"
	"strings"

	"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
	"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
	"github.com/edgelesssys/constellation/v2/internal/config"
	"github.com/edgelesssys/constellation/v2/internal/role"
)

// TerraformUpgradeVars returns variables required to execute the Terraform scripts.
func TerraformUpgradeVars(conf *config.Config) (terraform.Variables, error) {
	// Note that we pass "" as imageRef, as we ignore changes to the image in the terraform.
	// The image is updates via our operator.
	switch conf.GetProvider() {
	case cloudprovider.AWS:
		vars := awsTerraformVars(conf, "")
		return vars, nil
	case cloudprovider.Azure:
		vars := azureTerraformVars(conf, "")
		return vars, nil
	case cloudprovider.GCP:
		vars := gcpTerraformVars(conf, "")
		return vars, nil
	default:
		return nil, fmt.Errorf("unsupported provider: %s", conf.GetProvider())
	}
}

// awsTerraformVars provides variables required to execute the Terraform scripts.
// It should be the only place to declare the AWS variables.
func awsTerraformVars(conf *config.Config, imageRef string) *terraform.AWSClusterVariables {
	nodeGroups := make(map[string]terraform.AWSNodeGroup)
	for groupName, group := range conf.NodeGroups {
		nodeGroups[groupName] = terraform.AWSNodeGroup{
			Role:            role.FromString(group.Role).TFString(),
			StateDiskSizeGB: group.StateDiskSizeGB,
			InitialCount:    group.InitialCount,
			Zone:            group.Zone,
			InstanceType:    group.InstanceType,
			DiskType:        group.StateDiskType,
		}
	}
	return &terraform.AWSClusterVariables{
		Name:                   conf.Name,
		NodeGroups:             nodeGroups,
		Region:                 conf.Provider.AWS.Region,
		Zone:                   conf.Provider.AWS.Zone,
		AMIImageID:             imageRef,
		IAMProfileControlPlane: conf.Provider.AWS.IAMProfileControlPlane,
		IAMProfileWorkerNodes:  conf.Provider.AWS.IAMProfileWorkerNodes,
		Debug:                  conf.IsDebugCluster(),
		EnableSNP:              conf.GetAttestationConfig().GetVariant().Equal(variant.AWSSEVSNP{}),
		CustomEndpoint:         conf.CustomEndpoint,
	}
}

// azureTerraformVars provides variables required to execute the Terraform scripts.
// It should be the only place to declare the Azure variables.
func azureTerraformVars(conf *config.Config, imageRef string) *terraform.AzureClusterVariables {
	nodeGroups := make(map[string]terraform.AzureNodeGroup)
	for groupName, group := range conf.NodeGroups {
		zones := strings.Split(group.Zone, ",")
		if len(zones) == 0 || (len(zones) == 1 && zones[0] == "") {
			zones = nil
		}
		nodeGroups[groupName] = terraform.AzureNodeGroup{
			Role:         role.FromString(group.Role).TFString(),
			InitialCount: group.InitialCount,
			InstanceType: group.InstanceType,
			DiskSizeGB:   group.StateDiskSizeGB,
			DiskType:     group.StateDiskType,
			Zones:        zones,
		}
	}
	vars := &terraform.AzureClusterVariables{
		Name:                 conf.Name,
		NodeGroups:           nodeGroups,
		Location:             conf.Provider.Azure.Location,
		ImageID:              imageRef,
		CreateMAA:            toPtr(conf.GetAttestationConfig().GetVariant().Equal(variant.AzureSEVSNP{})),
		Debug:                toPtr(conf.IsDebugCluster()),
		ConfidentialVM:       toPtr(conf.GetAttestationConfig().GetVariant().Equal(variant.AzureSEVSNP{})),
		SecureBoot:           conf.Provider.Azure.SecureBoot,
		UserAssignedIdentity: conf.Provider.Azure.UserAssignedIdentity,
		ResourceGroup:        conf.Provider.Azure.ResourceGroup,
		CustomEndpoint:       conf.CustomEndpoint,
	}

	vars = normalizeAzureURIs(vars)
	return vars
}

// gcpTerraformVars provides variables required to execute the Terraform scripts.
// It should be the only place to declare the GCP variables.
func gcpTerraformVars(conf *config.Config, imageRef string) *terraform.GCPClusterVariables {
	nodeGroups := make(map[string]terraform.GCPNodeGroup)
	for groupName, group := range conf.NodeGroups {
		nodeGroups[groupName] = terraform.GCPNodeGroup{
			Role:            role.FromString(group.Role).TFString(),
			StateDiskSizeGB: group.StateDiskSizeGB,
			InitialCount:    group.InitialCount,
			Zone:            group.Zone,
			InstanceType:    group.InstanceType,
			DiskType:        group.StateDiskType,
		}
	}
	return &terraform.GCPClusterVariables{
		Name:           conf.Name,
		NodeGroups:     nodeGroups,
		Project:        conf.Provider.GCP.Project,
		Region:         conf.Provider.GCP.Region,
		Zone:           conf.Provider.GCP.Zone,
		ImageID:        imageRef,
		Debug:          conf.IsDebugCluster(),
		CustomEndpoint: conf.CustomEndpoint,
	}
}

// openStackTerraformVars provides variables required to execute the Terraform scripts.
// It should be the only place to declare the OpenStack variables.
func openStackTerraformVars(conf *config.Config, imageRef string) *terraform.OpenStackClusterVariables {
	nodeGroups := make(map[string]terraform.OpenStackNodeGroup)
	for groupName, group := range conf.NodeGroups {
		nodeGroups[groupName] = terraform.OpenStackNodeGroup{
			Role:            role.FromString(group.Role).TFString(),
			StateDiskSizeGB: group.StateDiskSizeGB,
			InitialCount:    group.InitialCount,
			FlavorID:        group.InstanceType,
			Zone:            group.Zone,
			StateDiskType:   group.StateDiskType,
		}
	}
	return &terraform.OpenStackClusterVariables{
		Name:                    conf.Name,
		Cloud:                   toPtr(conf.Provider.OpenStack.Cloud),
		FloatingIPPoolID:        conf.Provider.OpenStack.FloatingIPPoolID,
		ImageURL:                imageRef,
		DirectDownload:          *conf.Provider.OpenStack.DirectDownload,
		OpenstackUserDomainName: conf.Provider.OpenStack.UserDomainName,
		OpenstackUsername:       conf.Provider.OpenStack.Username,
		OpenstackPassword:       conf.Provider.OpenStack.Password,
		Debug:                   conf.IsDebugCluster(),
		NodeGroups:              nodeGroups,
		CustomEndpoint:          conf.CustomEndpoint,
	}
}

// qemuTerraformVars provides variables required to execute the Terraform scripts.
// It should be the only place to declare the QEMU variables.
func qemuTerraformVars(conf *config.Config, imageRef string, libvirtURI, libvirtSocketPath, metadataLibvirtURI string) *terraform.QEMUVariables {
	nodeGroups := make(map[string]terraform.QEMUNodeGroup)
	for groupName, group := range conf.NodeGroups {
		nodeGroups[groupName] = terraform.QEMUNodeGroup{
			Role:         role.FromString(group.Role).TFString(),
			InitialCount: group.InitialCount,
			DiskSize:     group.StateDiskSizeGB,
			CPUCount:     conf.Provider.QEMU.VCPUs,
			MemorySize:   conf.Provider.QEMU.Memory,
		}
	}
	return &terraform.QEMUVariables{
		Name:              conf.Name,
		LibvirtURI:        libvirtURI,
		LibvirtSocketPath: libvirtSocketPath,
		// TODO(malt3): auto select boot mode based on attestation variant.
		// requires image info v2.
		BootMode:           "uefi",
		ImagePath:          imageRef,
		ImageFormat:        conf.Provider.QEMU.ImageFormat,
		NodeGroups:         nodeGroups,
		Machine:            "q35", // TODO(elchead): make configurable AB#3225
		MetadataAPIImage:   conf.Provider.QEMU.MetadataAPIImage,
		MetadataLibvirtURI: metadataLibvirtURI,
		NVRAM:              conf.Provider.QEMU.NVRAM,
		// TODO(malt3) enable once we have a way to auto-select values for these
		// requires image info v2.
		// BzImagePath:        placeholder,
		// InitrdPath:         placeholder,
		// KernelCmdline:      placeholder,
	}
}