GO-2024-2727: Constellation has pods exposed to peers in VPC in github.com/edgelesssys/constellation

state

package

v2.13.0 Latest Latest Go to latest Published: Nov 15, 2023 License: AGPL-3.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/edgelesssys/constellation

Links

Open Source Insights

Documentation ¶

Overview ¶

package state defines the structure of the Constellation state file.

Index ¶

Constants
Variables
func GetConfigurationDoc() *encoder.FileDoc
type Azure
- func (_ Azure) Doc() *encoder.Doc
type ClusterValues
- func (_ ClusterValues) Doc() *encoder.Doc
type ConstraintSet
type GCP
- func (_ GCP) Doc() *encoder.Doc
type HexBytes
- func (h HexBytes) MarshalYAML() (any, error)
- func (h *HexBytes) UnmarshalYAML(unmarshal func(any) error) error
type Infrastructure
- func (_ Infrastructure) Doc() *encoder.Doc
type State

Constants ¶

View Source

const (
	// Version1 is the first version of the state file.
	Version1 = "v1"
)

Variables ¶

View Source

var (
	StateDoc          encoder.Doc
	ClusterValuesDoc  encoder.Doc
	InfrastructureDoc encoder.Doc
	GCPDoc            encoder.Doc
	AzureDoc          encoder.Doc
)

Functions ¶

func GetConfigurationDoc ¶ added in v2.13.0

func GetConfigurationDoc() *encoder.FileDoc

GetConfigurationDoc returns documentation for the file ./state_doc.go.

Types ¶

type Azure ¶

type Azure struct {
	// description: |
	//   Resource Group the cluster's resources are placed in.
	ResourceGroup string `yaml:"resourceGroup"`
	// description: |
	//   ID of the Azure subscription the cluster is running in.
	SubscriptionID string `yaml:"subscriptionID"`
	// description: |
	//   Security group name of the cluster's resource group.
	NetworkSecurityGroupName string `yaml:"networkSecurityGroupName"`
	// description: |
	//   Name of the cluster's load balancer.
	LoadBalancerName string `yaml:"loadBalancerName"`
	// description: |
	//   ID of the UAMI the cluster's nodes are running with.
	UserAssignedIdentity string `yaml:"userAssignedIdentity"`
	// description: |
	//   MAA endpoint that can be used as a fallback for veryifying the ID key digests
	//   in the cluster's attestation report if the enforcement policy is set accordingly.
	//   Can be left empty otherwise.
	AttestationURL string `yaml:"attestationURL"`
}

Azure describes the infra state related to Azure.

func (Azure) Doc ¶ added in v2.13.0

func (_ Azure) Doc() *encoder.Doc

type ClusterValues ¶

type ClusterValues struct {
	// description: |
	//   Unique identifier of the cluster.
	ClusterID string `yaml:"clusterID"`
	// description: |
	//   Unique identifier of the owner of the cluster.
	OwnerID string `yaml:"ownerID"`
	// description: |
	//   Salt used to generate the ClusterID on the bootstrapping node.
	MeasurementSalt HexBytes `yaml:"measurementSalt"`
}

ClusterValues describe the (Kubernetes) cluster state, set during initialization of the cluster.

func (ClusterValues) Doc ¶ added in v2.13.0

func (_ ClusterValues) Doc() *encoder.Doc

type ConstraintSet ¶ added in v2.13.0

type ConstraintSet int

ConstraintSet defines which constraints the state file should be validated against.

const (
	// PreCreate are the constraints that should be enforced when the state file
	// is validated before cloud infrastructure is created.
	PreCreate ConstraintSet = iota
	// PreInit are the constraints that should be enforced when the state file
	// is validated before the first Constellation node is initialized.
	PreInit
	// PostInit are the constraints that should be enforced when the state file
	// is validated after the cluster was initialized.
	PostInit
)

type GCP ¶

type GCP struct {
	// description: |
	//   Project ID of the GCP project the cluster is running in.
	ProjectID string `yaml:"projectID"`
	// description: |
	//   CIDR range of the cluster's pods.
	IPCidrPod string `yaml:"ipCidrPod"`
}

GCP describes the infra state related to GCP.

func (GCP) Doc ¶ added in v2.13.0

func (_ GCP) Doc() *encoder.Doc

type HexBytes ¶ added in v2.13.0

type HexBytes []byte

HexBytes is a byte slice that is marshalled to and from a hex string.

func (HexBytes) MarshalYAML ¶ added in v2.13.0

func (h HexBytes) MarshalYAML() (any, error)

MarshalYAML implements the yaml.Marshaler interface.

func (*HexBytes) UnmarshalYAML ¶ added in v2.13.0

func (h *HexBytes) UnmarshalYAML(unmarshal func(any) error) error

UnmarshalYAML implements the yaml.Unmarshaler interface.

type Infrastructure ¶

type Infrastructure struct {
	// description: |
	//   Unique identifier the cluster's cloud resources are tagged with.
	UID string `yaml:"uid"`
	// description: |
	//   Endpoint the cluster can be reached at. This is the endpoint that is being used by the CLI.
	ClusterEndpoint string `yaml:"clusterEndpoint"`
	// description: |
	//   The Cluster uses to reach itself. This might differ from the ClusterEndpoint in case e.g.,
	//   an internal load balancer is used.
	InClusterEndpoint string `yaml:"inClusterEndpoint"`
	// description: |
	//   Secret used to authenticate the bootstrapping node.
	InitSecret HexBytes `yaml:"initSecret"`
	// description: |
	//   List of Subject Alternative Names (SANs) to add to the Kubernetes API server certificate.
	// 	 If no SANs should be added, this field can be left empty.
	APIServerCertSANs []string `yaml:"apiServerCertSANs"`
	// description: |
	//   Name used in the cluster's named resources.
	Name string `yaml:"name"`
	// description: |
	//   CIDR range of the cluster's nodes.
	IPCidrNode string `yaml:"ipCidrNode"`
	// description: |
	//   Values specific to a Constellation cluster running on Azure.
	Azure *Azure `yaml:"azure,omitempty"`
	// description: |
	//   Values specific to a Constellation cluster running on GCP.
	GCP *GCP `yaml:"gcp,omitempty"`
}

Infrastructure describe the state related to the cloud resources of the cluster.

func (Infrastructure) Doc ¶ added in v2.13.0

func (_ Infrastructure) Doc() *encoder.Doc

type State ¶

type State struct {
	// description: |
	//   Schema version of this state file.
	Version string `yaml:"version"`

	// description: |
	//   State of the cluster's cloud resources. These values are retrieved during
	//   cluster creation. In the case of self-managed infrastructure, the marked
	//   fields in this struct should be filled by the user as per
	//   https://docs.edgeless.systems/constellation/workflows/create.
	Infrastructure Infrastructure `yaml:"infrastructure"`
	// description: |
	//   DO NOT EDIT. State of the Constellation Kubernetes cluster.
	//   These values are set during cluster initialization and should not be changed.
	ClusterValues ClusterValues `yaml:"clusterValues"`
}

State describe the entire state to describe a Constellation cluster.

func CreateOrRead ¶ added in v2.13.0

func CreateOrRead(fileHandler file.Handler, path string) (*State, error)

CreateOrRead reads the state file at the given path, if it exists, and returns the state. If the file does not exist, a new state is created and written to disk.

func New ¶

func New() *State

New creates a new cluster state (file).

func ReadFromFile ¶

func ReadFromFile(fileHandler file.Handler, path string) (*State, error)

ReadFromFile reads the state file at the given path and validates it. If the state file is valid, the state is returned. Otherwise, an error describing why the validation failed is returned.

func (*State) Constraints ¶ added in v2.13.0

func (s *State) Constraints() []*validation.Constraint

Constraints is a no-op implementation to fulfill the "Validatable" interface.

func (State) Doc ¶ added in v2.13.0

func (_ State) Doc() *encoder.Doc

func (*State) Merge ¶

func (s *State) Merge(other *State) (*State, error)

Merge merges the state information from other into the current state. If a field is set in both states, the value of the other state is used.

func (*State) Migrate ¶ added in v2.13.0

func (s *State) Migrate() error

Migrate migrates the state to the current version. This is mostly done to pass the validation of the current version. The infrastructure will be overwritten by the terraform outputs after the validation.

func (*State) SetClusterValues ¶

func (s *State) SetClusterValues(clusterValues ClusterValues) *State

SetClusterValues sets the cluster values.

func (*State) SetInfrastructure ¶

func (s *State) SetInfrastructure(infrastructure Infrastructure) *State

SetInfrastructure sets the infrastructure state.

func (*State) Validate ¶ added in v2.13.0

func (s *State) Validate(constraintSet ConstraintSet, csp cloudprovider.Provider) error

Validate validates the state against the given constraint set and CSP, which can be one of

PreCreate, which is the constraint set that should be enforced before "constellation create" is run.
PreInit, which is the constraint set that should be enforced before "constellation apply" is run.
PostInit, which is the constraint set that should be enforced after "constellation apply" is run.

func (*State) WriteToFile ¶

func (s *State) WriteToFile(fileHandler file.Handler, path string) error

WriteToFile writes the state to the given path, overwriting any existing file.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL