terraform-provider: fix parsing api_server_cert_sans (#2758)

* tf: don't double quote cert sans * tf: improve provider examples
edgelesssys · Dec 27, 2023 · 2f10223 · 2f10223
1 parent 2ce73c1
commit 2f10223
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 14 deletions.
diff --git a/terraform-provider-constellation/examples/full/aws_cluster.tf b/terraform-provider-constellation/examples/full/aws_cluster.tf
@@ -53,7 +53,7 @@ module "aws_infrastructure" {
       instance_type = "m6a.xlarge"
       disk_size     = 30
       disk_type     = "gp3"
-      initial_count = 2
+      initial_count = 3
       zone          = local.zone
     },
     worker_default = {
@@ -70,6 +70,7 @@ module "aws_infrastructure" {
   image_id                                = data.constellation_image.bar.image.reference
   region                                  = local.region
   zone                                    = local.zone
+  internal_load_balancer                  = false
   debug                                   = false
   enable_snp                              = true
   custom_endpoint                         = ""
@@ -100,6 +101,7 @@ resource "constellation_cluster" "aws_example" {
   measurement_salt        = local.measurement_salt
   out_of_cluster_endpoint = module.aws_infrastructure.out_of_cluster_endpoint
   in_cluster_endpoint     = module.aws_infrastructure.in_cluster_endpoint
+  api_server_cert_sans    = module.aws_infrastructure.api_server_cert_sans
   network_config = {
     ip_cidr_node    = module.aws_infrastructure.ip_cidr_node
     ip_cidr_service = "10.96.0.0/12"

diff --git a/terraform-provider-constellation/examples/full/azure_cluster.tf b/terraform-provider-constellation/examples/full/azure_cluster.tf
@@ -64,10 +64,11 @@ module "azure_infrastructure" {
       initial_count = 2
     }
   }
-  location       = local.location
-  image_id       = data.constellation_image.bar.image.reference
-  resource_group = module.azure_iam.base_resource_group
-  create_maa     = true
+  location               = local.location
+  image_id               = data.constellation_image.bar.image.reference
+  resource_group         = module.azure_iam.base_resource_group
+  internal_load_balancer = false
+  create_maa             = true
 }
 
 data "constellation_attestation" "foo" {
@@ -95,6 +96,7 @@ resource "constellation_cluster" "azure_example" {
   measurement_salt        = local.measurement_salt
   out_of_cluster_endpoint = module.azure_infrastructure.out_of_cluster_endpoint
   in_cluster_endpoint     = module.azure_infrastructure.in_cluster_endpoint
+  api_server_cert_sans    = module.azure_infrastructure.api_server_cert_sans
   azure = {
     tenant_id                   = module.azure_iam.tenant_id
     subscription_id             = module.azure_iam.subscription_id

diff --git a/terraform-provider-constellation/examples/full/gcp_cluster.tf b/terraform-provider-constellation/examples/full/gcp_cluster.tf
@@ -56,7 +56,7 @@ module "gcp_infrastructure" {
       instance_type = "n2d-standard-4"
       disk_size     = 30
       disk_type     = "pd-ssd"
-      initial_count = 2
+      initial_count = 3
       zone          = local.zone
     },
     worker_default = {
@@ -68,11 +68,12 @@ module "gcp_infrastructure" {
       zone          = local.zone
     }
   }
-  image_id = data.constellation_image.bar.image.reference
-  debug    = false
-  zone     = local.zone
-  region   = local.region
-  project  = local.project_id
+  image_id               = data.constellation_image.bar.image.reference
+  debug                  = false
+  zone                   = local.zone
+  region                 = local.region
+  project                = local.project_id
+  internal_load_balancer = false
 }
 
 data "constellation_attestation" "foo" {
@@ -99,6 +100,7 @@ resource "constellation_cluster" "gcp_example" {
   measurement_salt        = local.measurement_salt
   out_of_cluster_endpoint = module.gcp_infrastructure.out_of_cluster_endpoint
   in_cluster_endpoint     = module.gcp_infrastructure.in_cluster_endpoint
+  api_server_cert_sans    = module.gcp_infrastructure.api_server_cert_sans
   gcp = {
     project_id          = module.gcp_infrastructure.project
     service_account_key = module.gcp_iam.service_account_key

diff --git a/terraform-provider-constellation/internal/provider/cluster_resource.go b/terraform-provider-constellation/internal/provider/cluster_resource.go
@@ -685,9 +685,10 @@ func (r *ClusterResource) apply(ctx context.Context, data *ClusterResourceModel,
 	}
 
 	// parse API server certificate SANs
-	apiServerCertSANs := make([]string, 0, len(data.APIServerCertSANs.Elements()))
-	for _, san := range data.APIServerCertSANs.Elements() {
-		apiServerCertSANs = append(apiServerCertSANs, san.String())
+	apiServerCertSANs, convertDiags := r.getAPIServerCertSANs(ctx, data)
+	diags.Append(convertDiags...)
+	if diags.HasError() {
+		return diags
 	}
 
 	// parse network config
@@ -1210,6 +1211,15 @@ func (r *ClusterResource) getNetworkConfig(ctx context.Context, data *ClusterRes
 	return networkCfg, diags
 }
 
+func (r *ClusterResource) getAPIServerCertSANs(ctx context.Context, data *ClusterResourceModel) ([]string, diag.Diagnostics) {
+	if data.APIServerCertSANs.IsNull() {
+		return nil, nil
+	}
+	apiServerCertSANs := make([]string, 0, len(data.APIServerCertSANs.Elements()))
+	diags := data.APIServerCertSANs.ElementsAs(ctx, &apiServerCertSANs, false)
+	return apiServerCertSANs, diags
+}
+
 // tfContextLogger is a logging adapter between the tflog package and
 // Constellation's logger.
 type tfContextLogger struct {