cloudcmd

package
v2.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 14, 2023 License: AGPL-3.0 Imports: 38 Imported by: 0

Documentation

Overview

Package cloudcmd provides executable commands for the CLI.

This package focuses on the interaction with the cloud provider. It separates the cloud provider specific code from the rest of the CLI, and provides a common interface for all cloud providers.

Exported functions must not be cloud provider specific, but rather take a cloudprovider.Provider as an argument, perform CSP specific logic, and return a universally usable result.

It is used by the "cmd" to handle creation of cloud resources and other CSP specific interactions. User interaction happens in the "cmd" package, and should not happen or pass through this package.

The backend to this package is currently provided by the terraform package.

Copyright (c) Edgeless Systems GmbH

SPDX-License-Identifier: AGPL-3.0-only

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetMarshaledServiceAccountURI added in v2.10.0 

func GetMarshaledServiceAccountURI(provider cloudprovider.Provider, config *config.Config, pf pathprefix.PathPrefixer, log debugLog, fileHandler file.Handler,
) (string, error)

GetMarshaledServiceAccountURI returns the service account URI for the given cloud provider.

func NewValidator 

func NewValidator(cmd *cobra.Command, config config.AttestationCfg, log debugLog) (atls.Validator, error)

NewValidator creates a new Validator.

func TerraformIAMUpgradeVars added in v2.11.0 

func TerraformIAMUpgradeVars(conf *config.Config, fileHandler file.Handler) (terraform.Variables, error)

TerraformIAMUpgradeVars returns variables required to execute IAM upgrades with Terraform.

func TerraformUpgradeVars added in v2.10.0 

func TerraformUpgradeVars(conf *config.Config) (terraform.Variables, error)

TerraformUpgradeVars returns variables required to execute the Terraform scripts.

func UpdateInitMeasurements added in v2.8.0 

func UpdateInitMeasurements(config config.AttestationCfg, ownerID, clusterID string) error

UpdateInitMeasurements sets the owner and cluster measurement values.

func UpgradeRequiresIAMMigration added in v2.11.0 

func UpgradeRequiresIAMMigration(provider cloudprovider.Provider) bool

UpgradeRequiresIAMMigration returns true if the given cloud provider requires an IAM migration.

Types

type AWSIAMConfig added in v2.3.0 

type AWSIAMConfig struct {
	Region string
	Prefix string
}

AWSIAMConfig holds the necessary values for AWS IAM configuration.

type AWSIAMOutput added in v2.10.0 

type AWSIAMOutput struct {
	ControlPlaneInstanceProfile string `json:"controlPlaneInstanceProfile,omitempty"`
	WorkerNodeInstanceProfile   string `json:"workerNodeInstanceProfile,omitempty"`
}

AWSIAMOutput contains the output information of an AWS IAM configuration.

type AzureIAMConfig added in v2.3.0 

type AzureIAMConfig struct {
	Region           string
	ServicePrincipal string
	ResourceGroup    string
}

AzureIAMConfig holds the necessary values for Azure IAM configuration.

type AzureIAMOutput added in v2.10.0 

type AzureIAMOutput struct {
	SubscriptionID string `json:"subscriptionID,omitempty"`
	TenantID       string `json:"tenantID,omitempty"`
	UAMIID         string `json:"uamiID,omitempty"`
}

AzureIAMOutput contains the output information of a Microsoft Azure IAM configuration.

type AzurePolicyPatcher added in v2.8.0 

type AzurePolicyPatcher struct{}

AzurePolicyPatcher patches attestation policies on Azure.

func NewAzurePolicyPatcher added in v2.8.0 

func NewAzurePolicyPatcher() AzurePolicyPatcher

NewAzurePolicyPatcher returns a new AzurePolicyPatcher.

func (AzurePolicyPatcher) Patch added in v2.8.0 

func (p AzurePolicyPatcher) Patch(ctx context.Context, attestationURL string) error

Patch updates the attestation policy to the base64-encoded attestation policy JWT for the given attestation URL. https://learn.microsoft.com/en-us/azure/attestation/author-sign-policy#next-steps

type ClusterUpgrader added in v2.11.0 

type ClusterUpgrader struct {
	// contains filtered or unexported fields
}

ClusterUpgrader is responsible for performing Terraform migrations on cluster upgrades.

func NewClusterUpgrader added in v2.11.0 

func NewClusterUpgrader(ctx context.Context, existingWorkspace, upgradeWorkspace string,
	logLevel terraform.LogLevel, fileHandler file.Handler,
) (*ClusterUpgrader, error)

NewClusterUpgrader initializes and returns a new ClusterUpgrader. existingWorkspace is the directory holding the existing Terraform resources. upgradeWorkspace is the directory to use for holding temporary files and resources required to apply the upgrade.

func (*ClusterUpgrader) ApplyClusterUpgrade added in v2.11.0 

func (u *ClusterUpgrader) ApplyClusterUpgrade(ctx context.Context, csp cloudprovider.Provider) (terraform.ApplyOutput, error)

ApplyClusterUpgrade applies the Terraform migrations planned by PlanClusterUpgrade. On success, the workspace of the Upgrader replaces the existing Terraform workspace.

func (*ClusterUpgrader) PlanClusterUpgrade added in v2.11.0 

func (u *ClusterUpgrader) PlanClusterUpgrade(ctx context.Context, outWriter io.Writer, vars terraform.Variables, csp cloudprovider.Provider,
) (bool, error)

PlanClusterUpgrade prepares the upgrade workspace and plans the possible Terraform migrations for Constellation's cluster resources (Loadbalancers, VMs, networks etc.). In case of possible migrations, the diff is written to outWriter and this function returns true.

type CreateOptions added in v2.8.0 

type CreateOptions struct {
	Provider    cloudprovider.Provider
	Config      *config.Config
	TFWorkspace string

	TFLogLevel terraform.LogLevel
	// contains filtered or unexported fields
}

CreateOptions are the options for creating a Constellation cluster.

type Creator 

type Creator struct {
	// contains filtered or unexported fields
}

Creator creates cloud resources.

func NewCreator 

func NewCreator(out io.Writer) *Creator

NewCreator creates a new creator.

func (*Creator) Create 

func (c *Creator) Create(ctx context.Context, opts CreateOptions) (clusterid.File, error)

Create creates the handed amount of instances and all the needed resources.

type GCPIAMConfig added in v2.3.0 

type GCPIAMConfig struct {
	Region           string
	Zone             string
	ProjectID        string
	ServiceAccountID string
}

GCPIAMConfig holds the necessary values for GCP IAM configuration.

type GCPIAMOutput added in v2.10.0 

type GCPIAMOutput struct {
	ServiceAccountKey string `json:"serviceAccountID,omitempty"`
}

GCPIAMOutput contains the output information of a GCP IAM configuration.

type IAMConfigOptions added in v2.8.0 

type IAMConfigOptions struct {
	GCP         GCPIAMConfig
	Azure       AzureIAMConfig
	AWS         AWSIAMConfig
	TFLogLevel  terraform.LogLevel
	TFWorkspace string
}

IAMConfigOptions holds the necessary values for IAM configuration.

type IAMCreator added in v2.3.0 

type IAMCreator struct {
	// contains filtered or unexported fields
}

IAMCreator creates the IAM configuration on the cloud provider.

func NewIAMCreator added in v2.3.0 

func NewIAMCreator(out io.Writer) *IAMCreator

NewIAMCreator creates a new IAM creator.

func (*IAMCreator) Create added in v2.3.0 

func (c *IAMCreator) Create(ctx context.Context, provider cloudprovider.Provider, opts *IAMConfigOptions) (IAMOutput, error)

Create prepares and hands over the corresponding providers IAM creator.

type IAMDestroyer added in v2.6.0 

type IAMDestroyer struct {
	// contains filtered or unexported fields
}

IAMDestroyer destroys an IAM configuration.

func NewIAMDestroyer added in v2.6.0 

func NewIAMDestroyer() *IAMDestroyer

NewIAMDestroyer creates a new IAM Destroyer.

func (*IAMDestroyer) DestroyIAMConfiguration added in v2.6.0 

func (d *IAMDestroyer) DestroyIAMConfiguration(ctx context.Context, tfWorkspace string, logLevel terraform.LogLevel) error

DestroyIAMConfiguration destroys the previously created IAM configuration and deletes the local IAM terraform files.

func (*IAMDestroyer) GetTfStateServiceAccountKey added in v2.10.0 

func (d *IAMDestroyer) GetTfStateServiceAccountKey(ctx context.Context, tfWorkspace string) (gcpshared.ServiceAccountKey, error)

GetTfStateServiceAccountKey returns the sa_key output from the terraform state.

type IAMOutput added in v2.10.0 

type IAMOutput struct {
	// CloudProvider is the cloud provider of the cluster.
	CloudProvider cloudprovider.Provider `json:"cloudprovider,omitempty"`

	GCPOutput   GCPIAMOutput   `json:"gcpOutput,omitempty"`
	AzureOutput AzureIAMOutput `json:"azureOutput,omitempty"`
	AWSOutput   AWSIAMOutput   `json:"awsOutput,omitempty"`
}

IAMOutput is the output of creating a new IAM profile.

type IAMUpgrader added in v2.11.0 

type IAMUpgrader struct {
	// contains filtered or unexported fields
}

IAMUpgrader handles upgrades to IAM resources required by Constellation.

func NewIAMUpgrader added in v2.11.0 

func NewIAMUpgrader(ctx context.Context, existingWorkspace, upgradeWorkspace string,
	logLevel terraform.LogLevel, fileHandler file.Handler,
) (*IAMUpgrader, error)

NewIAMUpgrader creates and initializes a new IAMUpgrader. existingWorkspace is the directory holding the existing Terraform resources. upgradeWorkspace is the directory to use for holding temporary files and resources required to apply the upgrade.

func (*IAMUpgrader) ApplyIAMUpgrade added in v2.11.0 

func (u *IAMUpgrader) ApplyIAMUpgrade(ctx context.Context, csp cloudprovider.Provider) error

ApplyIAMUpgrade applies the Terraform IAM migrations planned by PlanIAMUpgrade. On success, the workspace of the Upgrader replaces the existing Terraform workspace.

func (*IAMUpgrader) PlanIAMUpgrade added in v2.11.0 

func (u *IAMUpgrader) PlanIAMUpgrade(ctx context.Context, outWriter io.Writer, vars terraform.Variables, csp cloudprovider.Provider) (bool, error)

PlanIAMUpgrade prepares the upgrade workspace and plans the possible Terraform migrations for Constellation's IAM resources (service accounts, permissions etc.). In case of possible migrations, the diff is written to outWriter and this function returns true.

type Terminator 

type Terminator struct {
	// contains filtered or unexported fields
}

Terminator deletes cloud provider resources.

func NewTerminator 

func NewTerminator() *Terminator

NewTerminator create a new cloud terminator.

func (*Terminator) Terminate 

func (t *Terminator) Terminate(ctx context.Context, tfWorkspace string, logLevel terraform.LogLevel) (retErr error)

Terminate deletes the could provider resources.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.