fix ci

edgelesssys · Dec 12, 2023 · b314c47 · b314c47
1 parent 62fb224
commit b314c47
Show file tree

Hide file tree

Showing 30 changed files with 150 additions and 150 deletions.
diff --git a/.github/actions/self_managed_create/action.yml b/.github/actions/self_managed_create/action.yml
@@ -50,11 +50,11 @@ runs:
           }
         }" >> terraform.tfvars
         if [[ "${{ inputs.cloudProvider }}" == 'aws' ]]; then
-          echo "iam_instance_profile_control_plane = \"$(yq '.provider.aws.iamProfileControlPlane' constellation-conf.yaml)\"" >> terraform.tfvars
-          echo "iam_instance_profile_worker_nodes = \"$(yq '.provider.aws.iamProfileWorkerNodes' constellation-conf.yaml)\"" >> terraform.tfvars
+          echo "iam_instance_profile_name_control_plane = \"$(yq '.provider.aws.iamProfileControlPlane' constellation-conf.yaml)\"" >> terraform.tfvars
+          echo "iam_instance_profile_name_worker_nodes = \"$(yq '.provider.aws.iamProfileWorkerNodes' constellation-conf.yaml)\"" >> terraform.tfvars
           echo "region = \"$(yq '.provider.aws.region' constellation-conf.yaml)\"" >> terraform.tfvars
           echo "zone = \"$(yq '.provider.aws.zone' constellation-conf.yaml)\"" >> terraform.tfvars
-          echo "ami = \"${{ steps.get_image.outputs.image_ref }}\"" >> terraform.tfvars
+          echo "ami_id = \"${{ steps.get_image.outputs.image_ref }}\"" >> terraform.tfvars
           echo "enable_snp = $(yq '.attestation | has("awsSEVSNP")' constellation-conf.yaml)" >> terraform.tfvars
         elif [[ "${{ inputs.cloudProvider }}" == 'azure' ]]; then
           echo "location = \"$(yq '.provider.azure.location' constellation-conf.yaml)\"" >> terraform.tfvars
@@ -84,27 +84,27 @@ runs:
       working-directory: ${{ github.workspace }}/e2e-infra
       if: inputs.cloudProvider == 'azure'
       run: |
-        constellation maa-patch $(terraform output attestationURL | jq -r)
+        constellation maa-patch $(terraform output attestation_url | jq -r)
 
     - name: Write outputs to state file
       shell: bash
       working-directory: ${{ github.workspace }}/e2e-infra
       run: |
         yq eval '.version ="v1"' --inplace ${{ github.workspace }}/constellation-state.yaml
-        yq eval ".infrastructure.initSecret =\"$(terraform output initSecret | jq -r | tr -d '\n' | hexdump -ve '/1 "%02x"' && echo '')\"" --inplace ${{ github.workspace }}/constellation-state.yaml
+        yq eval ".infrastructure.initSecret =\"$(terraform output init_secret | jq -r | tr -d '\n' | hexdump -ve '/1 "%02x"' && echo '')\"" --inplace ${{ github.workspace }}/constellation-state.yaml
         yq eval ".infrastructure.clusterEndpoint =\"$(terraform output out_of_cluster_endpoint | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
         yq eval ".infrastructure.inClusterEndpoint =\"$(terraform output in_cluster_endpoint | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
         yq eval ".infrastructure.ipCidrNode =\"$(terraform output ip_cidr_nodes | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
         yq eval ".infrastructure.uid =\"$(terraform output uid | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
         yq eval ".infrastructure.name =\"$(terraform output name | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
-        yq eval ".infrastructure.apiServerCertSANs =$(terraform output -json api_server_cert_sans)" --inplace ${{ github.workspace }}/constellation-state.yaml
+        yq eval ".infrastructure.apiServerCertSANs =$(terraform output -json extra_api_server_cert_sans)" --inplace ${{ github.workspace }}/constellation-state.yaml
         if [[ "${{ inputs.cloudProvider }}" == 'azure' ]]; then
           yq eval ".infrastructure.azure.resourceGroup =\"$(terraform output resource_group | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
           yq eval ".infrastructure.azure.subscriptionID =\"$(terraform output subscription_id | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
           yq eval ".infrastructure.azure.networkSecurityGroupName =\"$(terraform output network_security_group_name | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
           yq eval ".infrastructure.azure.loadBalancerName =\"$(terraform output loadbalancer_name | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
           yq eval ".infrastructure.azure.userAssignedIdentity =\"$(terraform output user_assigned_identity_client_id | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
-          yq eval ".infrastructure.azure.attestationURL =\"$(terraform output attestationURL | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
+          yq eval ".infrastructure.azure.attestationURL =\"$(terraform output attestation_url | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
         elif [[ "${{ inputs.cloudProvider }}" == 'gcp' ]]; then
           yq eval ".infrastructure.gcp.projectID =\"$(terraform output project | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml
           yq eval ".infrastructure.gcp.ipCidrPod =\"$(terraform output ip_cidr_pods | jq -r)\"" --inplace ${{ github.workspace }}/constellation-state.yaml

diff --git a/.github/workflows/e2e-test-tf-module.yml b/.github/workflows/e2e-test-tf-module.yml
@@ -249,7 +249,7 @@ jobs:
 
       - name: Apply Terraform Cluster
         id: apply_terraform
-        working-directory: ${{ github.workspace }}/terraform-module/${{ inputs.cloudProvider }}-constellation
+        working-directory: ${{ github.workspace }}/terraform-module/legacy-module/${{ inputs.cloudProvider }}-constellation
         shell: bash
         run: |
           cp ../../constellation .
@@ -259,14 +259,14 @@ jobs:
       - name: Destroy Terraform Cluster
       # outcome is part of the steps context (https://docs.github.com/en/actions/learn-github-actions/contexts#steps-context)
         if: always() && steps.apply_terraform.outcome != 'skipped'
-        working-directory: ${{ github.workspace }}/terraform-module/${{ inputs.cloudProvider }}-constellation
+        working-directory: ${{ github.workspace }}/terraform-module/legacy-module/${{ inputs.cloudProvider }}-constellation
         shell: bash
         run: |
           terraform init
           terraform destroy -var-file=terraform.tfvars -auto-approve
 
       - name: Verify cleanup
-        working-directory: ${{ github.workspace }}/terraform-module/${{ inputs.cloudProvider }}-constellation
+        working-directory: ${{ github.workspace }}/terraform-module/legacy-module/${{ inputs.cloudProvider }}-constellation
         shell: bash
         run: |
           if [ -f constellation-mastersecret.json ] || [ -f constellation-conf.yaml ]; then

diff --git a/cli/internal/cmd/iamcreate_test.go b/cli/internal/cmd/iamcreate_test.go
@@ -75,7 +75,7 @@ func TestIAMCreateAWS(t *testing.T) {
 		CloudProvider: cloudprovider.AWS,
 		AWSOutput: cloudcmd.AWSIAMOutput{
 			ControlPlaneInstanceProfile: "test_control_plane_instance_profile",
-			WorkerNodeInstanceProfile:   "test_worker_nodes_instance_profile",
+			WorkerNodeInstanceProfile:   "test_worker_nodes_instance_profile_name",
 		},
 	}
 

diff --git a/cli/internal/terraform/terraform.go b/cli/internal/terraform/terraform.go
@@ -141,15 +141,15 @@ func (c *Client) ShowIAM(ctx context.Context, provider cloudprovider.Provider) (
 			},
 		}, nil
 	case cloudprovider.AWS:
-		controlPlaneProfileRaw, ok := tfState.Values.Outputs["control_plane_instance_profile"]
+		controlPlaneProfileRaw, ok := tfState.Values.Outputs["control_plane_instance_profile_name"]
 		if !ok {
 			return IAMOutput{}, errors.New("no control plane instance profile output found")
 		}
 		controlPlaneProfileOutput, ok := controlPlaneProfileRaw.Value.(string)
 		if !ok {
 			return IAMOutput{}, errors.New("invalid type in control plane instance profile output: not a string")
 		}
-		workerNodeProfileRaw, ok := tfState.Values.Outputs["worker_nodes_instance_profile"]
+		workerNodeProfileRaw, ok := tfState.Values.Outputs["worker_nodes_instance_profile_name"]
 		if !ok {
 			return IAMOutput{}, errors.New("no worker node instance profile output found")
 		}
@@ -196,17 +196,17 @@ func (c *Client) ShowInfrastructure(ctx context.Context, provider cloudprovider.
 		return state.Infrastructure{}, errors.New("invalid type in IP output: not a string")
 	}
 
-	apiServerCertSANsOutput, ok := tfState.Values.Outputs["api_server_cert_sans"]
+	apiServerCertSANsOutput, ok := tfState.Values.Outputs["extra_api_server_cert_sans"]
 	if !ok {
-		return state.Infrastructure{}, errors.New("no api_server_cert_sans output found")
+		return state.Infrastructure{}, errors.New("no extra_api_server_cert_sans output found")
 	}
 	apiServerCertSANsUntyped, ok := apiServerCertSANsOutput.Value.([]any)
 	if !ok {
-		return state.Infrastructure{}, fmt.Errorf("invalid type in api_server_cert_sans output: %s is not a list of elements", apiServerCertSANsOutput.Type.FriendlyName())
+		return state.Infrastructure{}, fmt.Errorf("invalid type in extra_api_server_cert_sans output: %s is not a list of elements", apiServerCertSANsOutput.Type.FriendlyName())
 	}
 	apiServerCertSANs, err := toStringSlice(apiServerCertSANsUntyped)
 	if err != nil {
-		return state.Infrastructure{}, fmt.Errorf("convert api_server_cert_sans output: %w", err)
+		return state.Infrastructure{}, fmt.Errorf("convert extra_api_server_cert_sans output: %w", err)
 	}
 
 	secretOutput, ok := tfState.Values.Outputs["init_secret"]

diff --git a/cli/internal/terraform/terraform_test.go b/cli/internal/terraform/terraform_test.go
@@ -218,13 +218,13 @@ func TestCreateCluster(t *testing.T) {
 					"in_cluster_endpoint": {
 						Value: "192.0.2.101",
 					},
-					"initSecret": {
+					"init_secret": {
 						Value: "initSecret",
 					},
 					"uid": {
 						Value: "12345abc",
 					},
-					"api_server_cert_sans": {
+					"extra_api_server_cert_sans": {
 						Value: []any{"192.0.2.100"},
 					},
 					"name": {
@@ -248,16 +248,16 @@ func TestCreateCluster(t *testing.T) {
 					"in_cluster_endpoint": {
 						Value: "192.0.2.101",
 					},
-					"initSecret": {
+					"init_secret": {
 						Value: "initSecret",
 					},
 					"uid": {
 						Value: "12345abc",
 					},
-					"attestationURL": {
+					"attestation_url": {
 						Value: "https://12345.neu.attest.azure.net",
 					},
-					"api_server_cert_sans": {
+					"extra_api_server_cert_sans": {
 						Value: []any{"192.0.2.100"},
 					},
 					"user_assigned_identity_client_id": {
@@ -460,7 +460,7 @@ func TestCreateCluster(t *testing.T) {
 			tf: &stubTerraform{
 				showState: &tfjson.State{
 					Values: &tfjson.StateValues{
-						Outputs: map[string]*tfjson.StateOutput{"attestationURL": {Value: 42}},
+						Outputs: map[string]*tfjson.StateOutput{"attestation_url": {Value: 42}},
 					},
 				},
 			},
@@ -524,11 +524,11 @@ func TestCreateIAM(t *testing.T) {
 					"application_client_secret_value": {
 						Value: "test_application_client_secret_value",
 					},
-					"control_plane_instance_profile": {
+					"control_plane_instance_profile_name": {
 						Value: "test_control_plane_instance_profile",
 					},
-					"worker_nodes_instance_profile": {
-						Value: "test_worker_nodes_instance_profile",
+					"worker_nodes_instance_profile_name": {
+						Value: "test_worker_nodes_instance_profile_name",
 					},
 				},
 			},
@@ -707,7 +707,7 @@ func TestCreateIAM(t *testing.T) {
 			fs:       afero.NewMemMapFs(),
 			want: IAMOutput{AWS: AWSIAMOutput{
 				ControlPlaneInstanceProfile: "test_control_plane_instance_profile",
-				WorkerNodeInstanceProfile:   "test_worker_nodes_instance_profile",
+				WorkerNodeInstanceProfile:   "test_worker_nodes_instance_profile_name",
 			}},
 		},
 		"aws init fails": {
@@ -734,7 +734,7 @@ func TestCreateIAM(t *testing.T) {
 			fs:       afero.NewMemMapFs(),
 			wantErr:  true,
 		},
-		"aws no control_plane_instance_profile": {
+		"aws no control_plane_instance_profile_name": {
 			pathBase: path.Join(constants.TerraformEmbeddedDir, "iam"),
 			provider: cloudprovider.AWS,
 			vars:     awsVars,
@@ -748,14 +748,14 @@ func TestCreateIAM(t *testing.T) {
 			fs:      afero.NewMemMapFs(),
 			wantErr: true,
 		},
-		"azure control_plane_instance_profile has wrong type": {
+		"azure control_plane_instance_profile_name has wrong type": {
 			pathBase: path.Join(constants.TerraformEmbeddedDir, "iam"),
 			provider: cloudprovider.AWS,
 			vars:     awsVars,
 			tf: &stubTerraform{
 				showState: &tfjson.State{
 					Values: &tfjson.StateValues{
-						Outputs: map[string]*tfjson.StateOutput{"control_plane_instance_profile": {Value: 42}},
+						Outputs: map[string]*tfjson.StateOutput{"control_plane_instance_profile_name": {Value: 42}},
 					},
 				},
 			},
@@ -1226,33 +1226,33 @@ func TestShowIAM(t *testing.T) {
 		"AWS success": {
 			tf: &stubTerraform{
 				showState: getTfjsonState(map[string]any{
-					"control_plane_instance_profile": "profile",
-					"worker_nodes_instance_profile":  "profile",
+					"control_plane_instance_profile_name": "profile",
+					"worker_nodes_instance_profile_name":  "profile",
 				}),
 			},
 			csp: cloudprovider.AWS,
 		},
-		"AWS wrong data type control_plane_instance_profile": {
+		"AWS wrong data type control_plane_instance_profile_name": {
 			tf: &stubTerraform{
 				showState: getTfjsonState(map[string]any{
-					"control_plane_instance_profile": map[string]any{},
-					"worker_nodes_instance_profile":  "profile",
+					"control_plane_instance_profile_name": map[string]any{},
+					"worker_nodes_instance_profile_name":  "profile",
 				}),
 			},
 			csp:     cloudprovider.AWS,
 			wantErr: true,
 		},
-		"AWS wrong data type worker_nodes_instance_profile": {
+		"AWS wrong data type worker_nodes_instance_profile_name": {
 			tf: &stubTerraform{
 				showState: getTfjsonState(map[string]any{
-					"control_plane_instance_profile": "profile",
-					"worker_nodes_instance_profile":  map[string]any{},
+					"control_plane_instance_profile_name": "profile",
+					"worker_nodes_instance_profile":       map[string]any{},
 				}),
 			},
 			csp:     cloudprovider.AWS,
 			wantErr: true,
 		},
-		"AWS missing control_plane_instance_profile": {
+		"AWS missing control_plane_instance_profile_name": {
 			tf: &stubTerraform{
 				showState: getTfjsonState(map[string]any{
 					"worker_nodes_instance_profile": "profile",
@@ -1261,10 +1261,10 @@ func TestShowIAM(t *testing.T) {
 			csp:     cloudprovider.AWS,
 			wantErr: true,
 		},
-		"AWS missing worker_nodes_instance_profile": {
+		"AWS missing worker_nodes_instance_profile_name": {
 			tf: &stubTerraform{
 				showState: getTfjsonState(map[string]any{
-					"control_plane_instance_profile": "profile",
+					"control_plane_instance_profile_name": "profile",
 				}),
 			},
 			csp:     cloudprovider.AWS,

diff --git a/cli/internal/terraform/variables.go b/cli/internal/terraform/variables.go
@@ -53,11 +53,11 @@ type AWSClusterVariables struct {
 	// Zone is the AWS zone to use in the given region.
 	Zone string `hcl:"zone" cty:"zone"`
 	// AMIImageID is the ID of the AMI image to use.
-	AMIImageID string `hcl:"ami" cty:"ami"`
+	AMIImageID string `hcl:"ami_id" cty:"ami_id"`
 	// IAMGroupControlPlane is the IAM group to use for the control-plane nodes.
-	IAMProfileControlPlane string `hcl:"iam_instance_profile_control_plane" cty:"iam_instance_profile_control_plane"`
+	IAMProfileControlPlane string `hcl:"iam_instance_profile_name_control_plane" cty:"iam_instance_profile_name_control_plane"`
 	// IAMGroupWorkerNodes is the IAM group to use for the worker nodes.
-	IAMProfileWorkerNodes string `hcl:"iam_instance_profile_worker_nodes" cty:"iam_instance_profile_worker_nodes"`
+	IAMProfileWorkerNodes string `hcl:"iam_instance_profile_name_worker_nodes" cty:"iam_instance_profile_name_worker_nodes"`
 	// Debug is true if debug mode is enabled.
 	Debug bool `hcl:"debug" cty:"debug"`
 	// EnableSNP controls enablement of the EC2 cpu-option "AmdSevSnp".

diff --git a/cli/internal/terraform/variables_test.go b/cli/internal/terraform/variables_test.go
@@ -47,14 +47,14 @@ func TestAWSClusterVariables(t *testing.T) {
 	}
 
 	// test that the variables are correctly rendered
-	want := `name                               = "cluster-name"
-region                             = "eu-central-1"
-zone                               = "eu-central-1a"
-ami                                = "ami-0123456789abcdef"
-iam_instance_profile_control_plane = "arn:aws:iam::123456789012:instance-profile/cluster-name-controlplane"
-iam_instance_profile_worker_nodes  = "arn:aws:iam::123456789012:instance-profile/cluster-name-worker"
-debug                              = true
-enable_snp                         = true
+	want := `name                                    = "cluster-name"
+region                                  = "eu-central-1"
+zone                                    = "eu-central-1a"
+ami_id                                  = "ami-0123456789abcdef"
+iam_instance_profile_name_control_plane = "arn:aws:iam::123456789012:instance-profile/cluster-name-controlplane"
+iam_instance_profile_name_worker_nodes  = "arn:aws:iam::123456789012:instance-profile/cluster-name-worker"
+debug                                   = true
+enable_snp                              = true
 node_groups = {
   control_plane_default = {
     disk_size     = 30

diff --git a/docs/docs/workflows/config.md b/docs/docs/workflows/config.md
@@ -273,13 +273,13 @@ The following describes the configuration fields and how you obtain the required
 
 * **iamProfileControlPlane**: The name of an IAM instance profile attached to all control-plane nodes.
 
-  You can create the resource with [Terraform](https://www.terraform.io/). For that, use the [provided Terraform script](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam) to generate the necessary profile. The profile name will be provided as Terraform output value: `control_plane_instance_profile`.
+  You can create the resource with [Terraform](https://www.terraform.io/). For that, use the [provided Terraform script](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam) to generate the necessary profile. The profile name will be provided as Terraform output value: `control_plane_instance_profile_name`.
 
   Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.control_plane_policy`.
 
 * **iamProfileWorkerNodes**: The name of an IAM instance profile attached to all worker nodes.
 
-  You can create the resource with [Terraform](https://www.terraform.io/). For that, use the [provided Terraform script](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam) to generate the necessary profile. The profile name will be provided as Terraform output value: `worker_nodes_instance_profile`.
+  You can create the resource with [Terraform](https://www.terraform.io/). For that, use the [provided Terraform script](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam) to generate the necessary profile. The profile name will be provided as Terraform output value: `worker_nodes_instance_profile_name`.
 
   Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`.
 

diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md
@@ -57,7 +57,7 @@ management tooling of your choice. You need to keep the essential functionality
 :::info
 
   On Azure, if the enforcement policy is set to `MAAFallback` in `constellation-config.yaml`, a manual update to the MAA provider's policy is necessary.
-  You can apply the update with the following command after creating the infrastructure, with `<URL>` being the URL of the MAA provider (i.e., `$(terraform output attestationURL | jq -r)`, when using the minimal Terraform configuration).
+  You can apply the update with the following command after creating the infrastructure, with `<URL>` being the URL of the MAA provider (i.e., `$(terraform output attestation_url | jq -r)`, when using the minimal Terraform configuration).
 
   ```bash
   constellation maa-patch <URL>

diff --git a/internal/config/config_test.go b/internal/config/config_test.go
@@ -976,7 +976,7 @@ func TestConfigVersionCompatibility(t *testing.T) {
 					AWS: &AWSConfig{
 						Region:                 "us-east-2",
 						Zone:                   "us-east-2a",
-						IAMProfileControlPlane: "control_plane_instance_profile",
+						IAMProfileControlPlane: "control_plane_instance_profile_name",
 						IAMProfileWorkerNodes:  "node_instance_profile",
 					},
 				},