From 2f102236828c60a17d8f0b2d79a171bf0512624b Mon Sep 17 00:00:00 2001 From: 3u13r Date: Wed, 27 Dec 2023 17:04:35 +0100 Subject: [PATCH] terraform-provider: fix parsing `api_server_cert_sans` (#2758) * tf: don't double quote cert sans * tf: improve provider examples --- .../examples/full/aws_cluster.tf | 4 +++- .../examples/full/azure_cluster.tf | 10 ++++++---- .../examples/full/gcp_cluster.tf | 14 ++++++++------ .../internal/provider/cluster_resource.go | 16 +++++++++++++--- 4 files changed, 30 insertions(+), 14 deletions(-) diff --git a/terraform-provider-constellation/examples/full/aws_cluster.tf b/terraform-provider-constellation/examples/full/aws_cluster.tf index f5bc2ffecc..55c46bba5e 100644 --- a/terraform-provider-constellation/examples/full/aws_cluster.tf +++ b/terraform-provider-constellation/examples/full/aws_cluster.tf @@ -53,7 +53,7 @@ module "aws_infrastructure" { instance_type = "m6a.xlarge" disk_size = 30 disk_type = "gp3" - initial_count = 2 + initial_count = 3 zone = local.zone }, worker_default = { @@ -70,6 +70,7 @@ module "aws_infrastructure" { image_id = data.constellation_image.bar.image.reference region = local.region zone = local.zone + internal_load_balancer = false debug = false enable_snp = true custom_endpoint = "" @@ -100,6 +101,7 @@ resource "constellation_cluster" "aws_example" { measurement_salt = local.measurement_salt out_of_cluster_endpoint = module.aws_infrastructure.out_of_cluster_endpoint in_cluster_endpoint = module.aws_infrastructure.in_cluster_endpoint + api_server_cert_sans = module.aws_infrastructure.api_server_cert_sans network_config = { ip_cidr_node = module.aws_infrastructure.ip_cidr_node ip_cidr_service = "10.96.0.0/12" diff --git a/terraform-provider-constellation/examples/full/azure_cluster.tf b/terraform-provider-constellation/examples/full/azure_cluster.tf index 1e60b5b540..81242811e6 100644 --- a/terraform-provider-constellation/examples/full/azure_cluster.tf +++ b/terraform-provider-constellation/examples/full/azure_cluster.tf @@ -64,10 +64,11 @@ module "azure_infrastructure" { initial_count = 2 } } - location = local.location - image_id = data.constellation_image.bar.image.reference - resource_group = module.azure_iam.base_resource_group - create_maa = true + location = local.location + image_id = data.constellation_image.bar.image.reference + resource_group = module.azure_iam.base_resource_group + internal_load_balancer = false + create_maa = true } data "constellation_attestation" "foo" { @@ -95,6 +96,7 @@ resource "constellation_cluster" "azure_example" { measurement_salt = local.measurement_salt out_of_cluster_endpoint = module.azure_infrastructure.out_of_cluster_endpoint in_cluster_endpoint = module.azure_infrastructure.in_cluster_endpoint + api_server_cert_sans = module.azure_infrastructure.api_server_cert_sans azure = { tenant_id = module.azure_iam.tenant_id subscription_id = module.azure_iam.subscription_id diff --git a/terraform-provider-constellation/examples/full/gcp_cluster.tf b/terraform-provider-constellation/examples/full/gcp_cluster.tf index c7ef60deea..759b3baeca 100644 --- a/terraform-provider-constellation/examples/full/gcp_cluster.tf +++ b/terraform-provider-constellation/examples/full/gcp_cluster.tf @@ -56,7 +56,7 @@ module "gcp_infrastructure" { instance_type = "n2d-standard-4" disk_size = 30 disk_type = "pd-ssd" - initial_count = 2 + initial_count = 3 zone = local.zone }, worker_default = { @@ -68,11 +68,12 @@ module "gcp_infrastructure" { zone = local.zone } } - image_id = data.constellation_image.bar.image.reference - debug = false - zone = local.zone - region = local.region - project = local.project_id + image_id = data.constellation_image.bar.image.reference + debug = false + zone = local.zone + region = local.region + project = local.project_id + internal_load_balancer = false } data "constellation_attestation" "foo" { @@ -99,6 +100,7 @@ resource "constellation_cluster" "gcp_example" { measurement_salt = local.measurement_salt out_of_cluster_endpoint = module.gcp_infrastructure.out_of_cluster_endpoint in_cluster_endpoint = module.gcp_infrastructure.in_cluster_endpoint + api_server_cert_sans = module.gcp_infrastructure.api_server_cert_sans gcp = { project_id = module.gcp_infrastructure.project service_account_key = module.gcp_iam.service_account_key diff --git a/terraform-provider-constellation/internal/provider/cluster_resource.go b/terraform-provider-constellation/internal/provider/cluster_resource.go index 6798b67b3c..ef5587e3e0 100644 --- a/terraform-provider-constellation/internal/provider/cluster_resource.go +++ b/terraform-provider-constellation/internal/provider/cluster_resource.go @@ -685,9 +685,10 @@ func (r *ClusterResource) apply(ctx context.Context, data *ClusterResourceModel, } // parse API server certificate SANs - apiServerCertSANs := make([]string, 0, len(data.APIServerCertSANs.Elements())) - for _, san := range data.APIServerCertSANs.Elements() { - apiServerCertSANs = append(apiServerCertSANs, san.String()) + apiServerCertSANs, convertDiags := r.getAPIServerCertSANs(ctx, data) + diags.Append(convertDiags...) + if diags.HasError() { + return diags } // parse network config @@ -1210,6 +1211,15 @@ func (r *ClusterResource) getNetworkConfig(ctx context.Context, data *ClusterRes return networkCfg, diags } +func (r *ClusterResource) getAPIServerCertSANs(ctx context.Context, data *ClusterResourceModel) ([]string, diag.Diagnostics) { + if data.APIServerCertSANs.IsNull() { + return nil, nil + } + apiServerCertSANs := make([]string, 0, len(data.APIServerCertSANs.Elements())) + diags := data.APIServerCertSANs.ElementsAs(ctx, &apiServerCertSANs, false) + return apiServerCertSANs, diags +} + // tfContextLogger is a logging adapter between the tflog package and // Constellation's logger. type tfContextLogger struct {