constellation-lib: add Helm wrapper (#2680)

* Add Helm wrapper to constellation-lib * Move helm package to constellation-lib --------- Signed-off-by: Daniel Weiße <[email protected]>
edgelesssys · Dec 6, 2023 · b7425db · b7425db
1 parent 3691def
commit b7425db
Show file tree

Hide file tree

Showing 705 changed files with 176 additions and 162 deletions.
diff --git a/.github/workflows/check-links.yml b/.github/workflows/check-links.yml
@@ -27,7 +27,7 @@ jobs:
       - name: Link Checker
         uses: lycheeverse/lychee-action@ec3ed119d4f44ad2673a7232460dc7dff59d2421 # v1.8.0
         with:
-          args: "--verbose --no-progress --max-concurrency 5 --exclude-path './internal/helm/charts/cilium' './**/*.md' './**/*.html'"
+          args: "--verbose --no-progress --max-concurrency 5 --exclude-path './internal/constellation/helm/charts/cilium' './**/*.md' './**/*.html'"
           fail: true
         env:
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/test-unittest.yml b/.github/workflows/test-unittest.yml
@@ -14,7 +14,7 @@ on:
       - ".github/workflows/test-unittest.yml"
   pull_request:
     paths:
-      - "internal/helm/**"
+      - "internal/constellation/helm/**"
       - "**.go"
       - "**/go.mod"
       - "**/go.sum"

diff --git a/CODEOWNERS b/CODEOWNERS
@@ -40,7 +40,7 @@
 /internal/featureset @malt3
 /internal/file @daniel-weisse
 /internal/grpc @thomasten
-/internal/helm @derpsteb
+/internal/constellation/helm @derpsteb
 /internal/imagefetcher @malt3
 /internal/installer @3u13r
 /internal/kms @daniel-weisse

diff --git a/bazel/ci/shellcheck.sh.in b/bazel/ci/shellcheck.sh.in
@@ -25,7 +25,7 @@ readarray -t <<< "${scriptsStr}"
 scripts=("${MAPFILE[@]}")
 
 excludeDirs=(
-  "internal/helm/charts/cilium"
+  "internal/constellation/helm/charts/cilium"
   "build"
   "docs/node_modules"
 )

diff --git a/bazel/ci/shfmt.sh.in b/bazel/ci/shfmt.sh.in
@@ -23,7 +23,7 @@ readarray -t <<< "${scriptsStr}"
 scripts=("${MAPFILE[@]}")
 
 excludeDirs=(
-  "internal/helm/charts/cilium"
+  "internal/constellation/helm/charts/cilium"
   "build"
   "docs/node_modules"
 )

diff --git a/cli/internal/cmd/BUILD.bazel b/cli/internal/cmd/BUILD.bazel
@@ -73,13 +73,13 @@ go_library(
         "//internal/config/migration",
         "//internal/constants",
         "//internal/constellation",
+        "//internal/constellation/helm",
         "//internal/constellation/kubecmd",
         "//internal/crypto",
         "//internal/featureset",
         "//internal/file",
         "//internal/grpc/dialer",
         "//internal/grpc/retry",
-        "//internal/helm",
         "//internal/imagefetcher",
         "//internal/kms/uri",
         # keep
@@ -165,14 +165,14 @@ go_test(
         "//internal/config",
         "//internal/constants",
         "//internal/constellation",
+        "//internal/constellation/helm",
         "//internal/constellation/kubecmd",
         "//internal/crypto",
         "//internal/crypto/testvector",
         "//internal/file",
         "//internal/grpc/atlscredentials",
         "//internal/grpc/dialer",
         "//internal/grpc/testdialer",
-        "//internal/helm",
         "//internal/kms/uri",
         "//internal/logger",
         "//internal/semver",

diff --git a/cli/internal/cmd/apply.go b/cli/internal/cmd/apply.go
@@ -30,10 +30,10 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/constellation"
+	"github.com/edgelesssys/constellation/v2/internal/constellation/helm"
 	"github.com/edgelesssys/constellation/v2/internal/constellation/kubecmd"
 	"github.com/edgelesssys/constellation/v2/internal/file"
 	"github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
-	"github.com/edgelesssys/constellation/v2/internal/helm"
 	"github.com/edgelesssys/constellation/v2/internal/imagefetcher"
 	"github.com/edgelesssys/constellation/v2/internal/kms/uri"
 	"github.com/edgelesssys/constellation/v2/internal/semver"
@@ -230,14 +230,6 @@ func runApply(cmd *cobra.Command, _ []string) error {
 		return dialer.New(nil, validator, &net.Dialer{})
 	}
 
-	newHelmClient := func(kubeConfigPath string, log debugLog) (helmApplier, error) {
-		kubeConfig, err := fileHandler.Read(kubeConfigPath)
-		if err != nil {
-			return nil, fmt.Errorf("reading kubeconfig: %w", err)
-		}
-		return helm.NewClient(kubeConfig, log)
-	}
-
 	upgradeID := generateUpgradeID(upgradeCmdKindApply)
 	upgradeDir := filepath.Join(constants.UpgradeDir, upgradeID)
 
@@ -261,7 +253,6 @@ func runApply(cmd *cobra.Command, _ []string) error {
 		wLog:            &warnLogger{cmd: cmd, log: log},
 		spinner:         spinner,
 		merger:          &kubeconfigMerger{log: log},
-		newHelmClient:   newHelmClient,
 		newInfraApplier: newInfraApplier,
 		imageFetcher:    imagefetcher.New(),
 		applier:         applier,
@@ -287,39 +278,9 @@ type applyCmd struct {
 	imageFetcher imageFetcher
 	applier      applier
 
-	newHelmClient   func(kubeConfigPath string, log debugLog) (helmApplier, error)
 	newInfraApplier func(context.Context) (cloudApplier, func(), error)
 }
 
-type applier interface {
-	SetKubeConfig(kubeConfig []byte) error
-	CheckLicense(ctx context.Context, csp cloudprovider.Provider, licenseID string) (int, error)
-	GenerateMasterSecret() (uri.MasterSecret, error)
-	GenerateMeasurementSalt() ([]byte, error)
-	Init(
-		ctx context.Context,
-		validator atls.Validator,
-		state *state.State,
-		clusterLogWriter io.Writer,
-		payload constellation.InitPayload,
-	) (
-		*initproto.InitSuccessResponse,
-		error,
-	)
-	ExtendClusterConfigCertSANs(ctx context.Context, clusterEndpoint, customEndpoint string, additionalAPIServerCertSANs []string) error
-	GetClusterAttestationConfig(ctx context.Context, variant variant.Variant) (config.AttestationCfg, error)
-	ApplyJoinConfig(ctx context.Context, newAttestConfig config.AttestationCfg, measurementSalt []byte) error
-	UpgradeNodeImage(ctx context.Context, imageVersion semver.Semver, imageReference string, force bool) error
-	UpgradeKubernetesVersion(ctx context.Context, kubernetesVersion versions.ValidK8sVersion, force bool) error
-	BackupCRDs(ctx context.Context, fileHandler file.Handler, upgradeDir string) ([]apiextensionsv1.CustomResourceDefinition, error)
-	BackupCRs(ctx context.Context, fileHandler file.Handler, crds []apiextensionsv1.CustomResourceDefinition, upgradeDir string) error
-}
-
-type warnLog interface {
-	Warnf(format string, args ...any)
-	Infof(format string, args ...any)
-}
-
 /*
 apply updates a Constellation cluster by applying a user's config.
 The control flow is as follows:
@@ -845,6 +806,42 @@ func (wl warnLogger) Warnf(fmtStr string, args ...any) {
 	wl.cmd.PrintErrf("Warning: %s\n", fmt.Sprintf(fmtStr, args...))
 }
 
+type warnLog interface {
+	Warnf(format string, args ...any)
+	Infof(format string, args ...any)
+}
+
+// applier is used to run the different phases of the apply command.
+type applier interface {
+	SetKubeConfig(kubeConfig []byte) error
+	CheckLicense(ctx context.Context, csp cloudprovider.Provider, licenseID string) (int, error)
+
+	// methods required by "init"
+
+	GenerateMasterSecret() (uri.MasterSecret, error)
+	GenerateMeasurementSalt() ([]byte, error)
+	Init(
+		ctx context.Context, validator atls.Validator, state *state.State,
+		clusterLogWriter io.Writer, payload constellation.InitPayload,
+	) (*initproto.InitSuccessResponse, error)
+
+	// methods required to install/upgrade Helm charts
+
+	PrepareHelmCharts(
+		flags helm.Options, state *state.State, serviceAccURI string, masterSecret uri.MasterSecret, openStackCfg *config.OpenStackConfig,
+	) (helm.Applier, bool, error)
+
+	// methods to interact with Kubernetes
+
+	ExtendClusterConfigCertSANs(ctx context.Context, clusterEndpoint, customEndpoint string, additionalAPIServerCertSANs []string) error
+	GetClusterAttestationConfig(ctx context.Context, variant variant.Variant) (config.AttestationCfg, error)
+	ApplyJoinConfig(ctx context.Context, newAttestConfig config.AttestationCfg, measurementSalt []byte) error
+	UpgradeNodeImage(ctx context.Context, imageVersion semver.Semver, imageReference string, force bool) error
+	UpgradeKubernetesVersion(ctx context.Context, kubernetesVersion versions.ValidK8sVersion, force bool) error
+	BackupCRDs(ctx context.Context, fileHandler file.Handler, upgradeDir string) ([]apiextensionsv1.CustomResourceDefinition, error)
+	BackupCRs(ctx context.Context, fileHandler file.Handler, crds []apiextensionsv1.CustomResourceDefinition, upgradeDir string) error
+}
+
 // imageFetcher gets an image reference from the versionsapi.
 type imageFetcher interface {
 	FetchReference(ctx context.Context,

diff --git a/cli/internal/cmd/apply_test.go b/cli/internal/cmd/apply_test.go
@@ -24,8 +24,8 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/constellation"
+	"github.com/edgelesssys/constellation/v2/internal/constellation/helm"
 	"github.com/edgelesssys/constellation/v2/internal/file"
-	"github.com/edgelesssys/constellation/v2/internal/helm"
 	"github.com/edgelesssys/constellation/v2/internal/kms/uri"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/edgelesssys/constellation/v2/internal/state"
@@ -193,8 +193,10 @@ func TestBackupHelmCharts(t *testing.T) {
 
 			a := applyCmd{
 				fileHandler: file.NewHandler(afero.NewMemMapFs()),
-				applier:     &stubConstellApplier{stubKubernetesUpgrader: tc.backupClient},
-				log:         logger.NewTest(t),
+				applier: &stubConstellApplier{
+					stubKubernetesUpgrader: tc.backupClient,
+				},
+				log: logger.NewTest(t),
 			}
 
 			err := a.backupHelmCharts(context.Background(), tc.helmApplier, tc.includesUpgrades, "")
@@ -502,6 +504,7 @@ type stubConstellApplier struct {
 	initErr                    error
 	initResponse               *initproto.InitSuccessResponse
 	*stubKubernetesUpgrader
+	helmApplier
 }
 
 func (s *stubConstellApplier) SetKubeConfig([]byte) error { return nil }
@@ -521,3 +524,10 @@ func (s *stubConstellApplier) GenerateMeasurementSalt() ([]byte, error) {
 func (s *stubConstellApplier) Init(context.Context, atls.Validator, *state.State, io.Writer, constellation.InitPayload) (*initproto.InitSuccessResponse, error) {
 	return s.initResponse, s.initErr
 }
+
+type helmApplier interface {
+	PrepareHelmCharts(
+		flags helm.Options, stateFile *state.State, serviceAccURI string, masterSecret uri.MasterSecret, openStackCfg *config.OpenStackConfig,
+	) (
+		helm.Applier, bool, error)
+}
diff --git a/cli/internal/cmd/applyhelm.go b/cli/internal/cmd/applyhelm.go
@@ -16,7 +16,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/compatibility"
 	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
-	"github.com/edgelesssys/constellation/v2/internal/helm"
+	"github.com/edgelesssys/constellation/v2/internal/constellation/helm"
 	"github.com/edgelesssys/constellation/v2/internal/kms/uri"
 	"github.com/edgelesssys/constellation/v2/internal/state"
 	"github.com/spf13/cobra"
@@ -32,16 +32,16 @@ func (a *applyCmd) runHelmApply(cmd *cobra.Command, conf *config.Config, stateFi
 	}
 
 	options := helm.Options{
-		DeployCSIDriver:  conf.DeployCSIDriver(),
-		Force:            a.flags.force,
-		Conformance:      a.flags.conformance,
-		HelmWaitMode:     a.flags.helmWaitMode,
-		ApplyTimeout:     a.flags.helmTimeout,
-		AllowDestructive: helm.DenyDestructive,
-	}
-	helmApplier, err := a.newHelmClient(constants.AdminConfFilename, a.log)
-	if err != nil {
-		return fmt.Errorf("creating Helm client: %w", err)
+		CSP:                 conf.GetProvider(),
+		AttestationVariant:  conf.GetAttestationConfig().GetVariant(),
+		K8sVersion:          conf.KubernetesVersion,
+		MicroserviceVersion: conf.MicroserviceVersion,
+		DeployCSIDriver:     conf.DeployCSIDriver(),
+		Force:               a.flags.force,
+		Conformance:         a.flags.conformance,
+		HelmWaitMode:        a.flags.helmWaitMode,
+		ApplyTimeout:        a.flags.helmTimeout,
+		AllowDestructive:    helm.DenyDestructive,
 	}
 
 	a.log.Debugf("Getting service account URI")
@@ -51,8 +51,7 @@ func (a *applyCmd) runHelmApply(cmd *cobra.Command, conf *config.Config, stateFi
 	}
 
 	a.log.Debugf("Preparing Helm charts")
-	executor, includesUpgrades, err := helmApplier.PrepareApply(conf.GetProvider(), conf.GetAttestationConfig().GetVariant(),
-		conf.KubernetesVersion, conf.MicroserviceVersion, stateFile, options, serviceAccURI, masterSecret, conf.Provider.OpenStack)
+	executor, includesUpgrades, err := a.applier.PrepareHelmCharts(options, stateFile, serviceAccURI, masterSecret, conf.Provider.OpenStack)
 	if errors.Is(err, helm.ErrConfirmationMissing) {
 		if !a.flags.yes {
 			cmd.PrintErrln("WARNING: Upgrading cert-manager will destroy all custom resources you have manually created that are based on the current version of cert-manager.")
@@ -66,8 +65,7 @@ func (a *applyCmd) runHelmApply(cmd *cobra.Command, conf *config.Config, stateFi
 			}
 		}
 		options.AllowDestructive = helm.AllowDestructive
-		executor, includesUpgrades, err = helmApplier.PrepareApply(conf.GetProvider(), conf.GetAttestationConfig().GetVariant(),
-			conf.KubernetesVersion, conf.MicroserviceVersion, stateFile, options, serviceAccURI, masterSecret, conf.Provider.OpenStack)
+		executor, includesUpgrades, err = a.applier.PrepareHelmCharts(options, stateFile, serviceAccURI, masterSecret, conf.Provider.OpenStack)
 	}
 	var upgradeErr *compatibility.InvalidUpgradeError
 	if err != nil {

diff --git a/cli/internal/cmd/init.go b/cli/internal/cmd/init.go
@@ -20,15 +20,7 @@ import (
 	clientcodec "k8s.io/client-go/tools/clientcmd/api/latest"
 	"sigs.k8s.io/yaml"
 
-	"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
-	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
-	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/file"
-	"github.com/edgelesssys/constellation/v2/internal/helm"
-	"github.com/edgelesssys/constellation/v2/internal/kms/uri"
-	"github.com/edgelesssys/constellation/v2/internal/semver"
-	"github.com/edgelesssys/constellation/v2/internal/state"
-	"github.com/edgelesssys/constellation/v2/internal/versions"
 )
 
 // NewInitCmd returns a new cobra.Command for the init command.
@@ -116,10 +108,3 @@ func (c *kubeconfigMerger) kubeconfigEnvVar() string {
 type grpcDialer interface {
 	Dial(ctx context.Context, target string) (*grpc.ClientConn, error)
 }
-type helmApplier interface {
-	PrepareApply(
-		csp cloudprovider.Provider, attestationVariant variant.Variant, k8sVersion versions.ValidK8sVersion, microserviceVersion semver.Semver, stateFile *state.State,
-		flags helm.Options, serviceAccURI string, masterSecret uri.MasterSecret, openStackCfg *config.OpenStackConfig,
-	) (
-		helm.Applier, bool, error)
-}
diff --git a/cli/internal/cmd/init_test.go b/cli/internal/cmd/init_test.go
@@ -18,14 +18,13 @@ import (
 	"github.com/edgelesssys/constellation/v2/bootstrapper/initproto"
 	"github.com/edgelesssys/constellation/v2/cli/internal/cmd/pathprefix"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
-	"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/gcpshared"
 	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/constellation"
+	"github.com/edgelesssys/constellation/v2/internal/constellation/helm"
 	"github.com/edgelesssys/constellation/v2/internal/file"
-	"github.com/edgelesssys/constellation/v2/internal/helm"
 	"github.com/edgelesssys/constellation/v2/internal/kms/uri"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/edgelesssys/constellation/v2/internal/semver"
@@ -233,9 +232,6 @@ func TestInitialize(t *testing.T) {
 				log:     logger.NewTest(t),
 				spinner: &nopSpinner{},
 				merger:  &stubMerger{},
-				newHelmClient: func(string, debugLog) (helmApplier, error) {
-					return &stubHelmApplier{}, nil
-				},
 				applier: &stubConstellApplier{
 					masterSecret: uri.MasterSecret{
 						Key:  bytes.Repeat([]byte{0x01}, 32),
@@ -248,6 +244,7 @@ func TestInitialize(t *testing.T) {
 						// On init, no attestation config exists yet
 						getClusterAttestationConfigErr: k8serrors.NewNotFound(schema.GroupResource{}, ""),
 					},
+					helmApplier: &stubHelmApplier{},
 				},
 			}
 
@@ -282,9 +279,8 @@ type stubHelmApplier struct {
 	err error
 }
 
-func (s stubHelmApplier) PrepareApply(
-	_ cloudprovider.Provider, _ variant.Variant, _ versions.ValidK8sVersion, _ semver.Semver,
-	_ *state.State, _ helm.Options, _ string, _ uri.MasterSecret, _ *config.OpenStackConfig,
+func (s stubHelmApplier) PrepareHelmCharts(
+	_ helm.Options, _ *state.State, _ string, _ uri.MasterSecret, _ *config.OpenStackConfig,
 ) (helm.Applier, bool, error) {
 	return stubRunner{}, false, s.err
 }

diff --git a/cli/internal/cmd/status.go b/cli/internal/cmd/status.go
@@ -16,9 +16,9 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
 	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
+	"github.com/edgelesssys/constellation/v2/internal/constellation/helm"
 	"github.com/edgelesssys/constellation/v2/internal/constellation/kubecmd"
 	"github.com/edgelesssys/constellation/v2/internal/file"
-	"github.com/edgelesssys/constellation/v2/internal/helm"
 	"github.com/spf13/afero"
 	"github.com/spf13/cobra"
 	"gopkg.in/yaml.v3"