Skip to content

Commit

Permalink
add image fetching for CSP
Browse files Browse the repository at this point in the history
Signed-off-by: Moritz Sanft <[email protected]>
  • Loading branch information
msanft committed Oct 18, 2023
1 parent cbf2ead commit a26cdf7
Show file tree
Hide file tree
Showing 4 changed files with 85 additions and 6 deletions.
1 change: 0 additions & 1 deletion .github/actions/constellation_create/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,6 @@ runs:
uses: ./.github/actions/self_managed_create
with:
cloudProvider: ${{ inputs.cloudProvider }}
osImage: ${{ steps.setImage.outputs.image }}

- name: Cdbg deploy
if: inputs.isDebugImage == 'true'
Expand Down
14 changes: 9 additions & 5 deletions .github/actions/self_managed_create/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,6 @@ inputs:
cloudProvider:
description: "The cloud provider the test runs on."
required: true
osImage:
description: "OS image to use."
required: true

runs:
using: "composite"
Expand All @@ -19,14 +16,21 @@ runs:
cp -r ${{ github.workspace }}/cli/internal/terraform/terraform/${{ inputs.cloudProvider }} ${{ github.workspace }}/e2e-infra
cp ${{ github.workspace }}/constellation-conf.yaml ${{ github.workspace }}/e2e-infra
- name: Get CSP image reference
id: get_image
shell: bash
working-directory: ${{ github.workspace }}/e2e-infra
run : |
echo "image_ref=$(bazel run //hack/image-fetch:image-fetch)" >> $GITHUB_OUTPUT
- name: Write Terraform variables
shell: bash
working-directory: ${{ github.workspace }}/e2e-infra
run : |
echo "name = \"$(yq '.name' constellation-conf.yaml)\"" >> terraform.tfvars
echo "debug = $(yq '.debugCluster' constellation-conf.yaml)" >> terraform.tfvars
echo "custom_endpoint = \"$(yq '.customEndpoint' constellation-conf.yaml)\"" >> terraform.tfvars
echo "image_id = \"${{ inputs.osImage }}\"" >> terraform.tfvars
echo "image_id = \"${{ steps.get_image.outputs.image_ref }}\"" >> terraform.tfvars
echo "node_groups = {
control_plane_default = {
role = \"$(yq '.nodeGroups.control_plane_default.role' constellation-conf.yaml)\"
Expand All @@ -52,7 +56,7 @@ runs:
echo "iam_instance_profile_worker_nodes = \"$(yq '.provider.aws.iamProfileWorkerNodes' constellation-conf.yaml)\"" >> terraform.tfvars
echo "region = \"$(yq '.provider.aws.region' constellation-conf.yaml)\"" >> terraform.tfvars
echo "zone = \"$(yq '.provider.aws.zone' constellation-conf.yaml)\"" >> terraform.tfvars
echo "ami = \"$(yq '.provider.aws.zone' constellation-conf.yaml)\"" >> terraform.tfvars
echo "ami = \"${{ steps.get_image.outputs.image_ref }}\"" >> terraform.tfvars
echo "enable_snp = $(yq '.attestation | has("awsSEVSNP")' constellation-conf.yaml)" >> terraform.tfvars
elif [[ "${{ inputs.cloudProvider }}" == 'azure' ]]; then
echo "location = \"$(yq '.provider.azure.location' constellation-conf.yaml)\"" >> terraform.tfvars
Expand Down
22 changes: 22 additions & 0 deletions hack/image-fetch/BUILD.bazel
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")

go_library(
name = "image-fetch_lib",
srcs = ["main.go"],
importpath = "github.com/edgelesssys/constellation/v2/hack/image-fetch",
visibility = ["//visibility:private"],
deps = [
"//internal/api/attestationconfigapi",
"//internal/config",
"//internal/constants",
"//internal/file",
"//internal/imagefetcher",
"@com_github_spf13_afero//:afero",
],
)

go_binary(
name = "image-fetch",
embed = [":image-fetch_lib"],
visibility = ["//visibility:public"],
)
54 changes: 54 additions & 0 deletions hack/image-fetch/main.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/

/*
imagefetch retrieves a CSP image reference from a Constellation config in the CWD.
This is especially useful when using self-managed infrastructure, where the image
reference needs to be chosen by the user, which would usually happen manually.
*/
package main

import (
"context"
"errors"
"fmt"
"os"
"path/filepath"

"github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi"
"github.com/edgelesssys/constellation/v2/internal/config"
"github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/file"
"github.com/edgelesssys/constellation/v2/internal/imagefetcher"
"github.com/spf13/afero"
)

func main() {
cwd := os.Getenv("BUILD_WORKING_DIRECTORY") // set by Bazel, for bazel run compatibility
ctx := context.Background()

fh := file.NewHandler(afero.NewOsFs())
attFetcher := attestationconfigapi.NewFetcher()
conf, err := config.New(fh, filepath.Join(cwd, constants.ConfigFilename), attFetcher, true)
var configValidationErr *config.ValidationError
if errors.As(err, &configValidationErr) {
fmt.Println(configValidationErr.LongMessage())
}
if err != nil {
panic(err)
}

imgFetcher := imagefetcher.New()
provider := conf.GetProvider()
attestationVariant := conf.GetAttestationConfig().GetVariant()
region := conf.GetRegion()
image, err := imgFetcher.FetchReference(ctx, provider, attestationVariant, conf.Image, region)
if err != nil {
panic(err)
}

fmt.Println(image)
}

0 comments on commit a26cdf7

Please sign in to comment.