cli: use state file on init and upgrade (#2395)

* [wip] use state file in CLI Signed-off-by: Moritz Sanft <[email protected]> tidy Signed-off-by: Moritz Sanft <[email protected]> * use state file in CLI Signed-off-by: Moritz Sanft <[email protected]> take clusterConfig from IDFile for compat Signed-off-by: Moritz Sanft <[email protected]> various fixes Signed-off-by: Moritz Sanft <[email protected]> wip Signed-off-by: Moritz Sanft <[email protected]> * add GCP-specific values in Helm loader test Signed-off-by: Moritz Sanft <[email protected]> * remove unnecessary pointer Signed-off-by: Moritz Sanft <[email protected]> * write ClusterValues in one step Signed-off-by: Moritz Sanft <[email protected]> * move stub to test file Signed-off-by: Moritz Sanft <[email protected]> * remove mention of id-file Signed-off-by: Moritz Sanft <[email protected]> * move output to `migrateTerraform` Signed-off-by: Moritz Sanft <[email protected]> * unconditional assignments converting from idFile Signed-off-by: Moritz Sanft <[email protected]> * move require block in go modules file Signed-off-by: Moritz Sanft <[email protected]> * fall back to id file on upgrade Signed-off-by: Moritz Sanft <[email protected]> * tidy Signed-off-by: Moritz Sanft <[email protected]> * fix linter check Signed-off-by: Moritz Sanft <[email protected]> * add notice to remove Terraform state check on manual migration Signed-off-by: Moritz Sanft <[email protected]> * add `name` field Signed-off-by: Moritz Sanft <[email protected]> fix name tests Signed-off-by: Moritz Sanft <[email protected]> * return early if no Terraform diff Signed-off-by: Moritz Sanft <[email protected]> * tidy Signed-off-by: Moritz Sanft <[email protected]> * return infrastructure state even if no diff exists Signed-off-by: Moritz Sanft <[email protected]> * add TODO to remove comment Signed-off-by: Moritz Sanft <[email protected]> * use state-file in miniconstellation Signed-off-by: Moritz Sanft <[email protected]> * cli: remove id-file (#2402) * remove id-file from `constellation create` Signed-off-by: Moritz Sanft <[email protected]> * add file renaming to handler * rename id-file after upgrade * use idFile on `constellation init` Signed-off-by: Moritz Sanft <[email protected]> * remove id-file from `constellation verify` Signed-off-by: Moritz Sanft <[email protected]> * linter fixes Signed-off-by: Moritz Sanft <[email protected]> * remove id-file from `constellation mini` * remove id-file from `constellation recover` * linter fixes * remove id-file from `constellation terminate` * fix initSecret type * fix recover argument precedence * fix terminate test * generate * add TODO to remove id-file removal * Update cli/internal/cmd/init.go Co-authored-by: Adrian Stobbe <[email protected]> * fix verify arg parse logic Signed-off-by: Moritz Sanft <[email protected]> * add version test Signed-off-by: Moritz Sanft <[email protected]> * remove id-file from docs * add file not found log * use state-file in miniconstellation Signed-off-by: Moritz Sanft <[email protected]> * remove id-file from `constellation iam destroy` Signed-off-by: Moritz Sanft <[email protected]> * remove id-file from `cdbg deploy` Signed-off-by: Moritz Sanft <[email protected]> --------- Signed-off-by: Moritz Sanft <[email protected]> Co-authored-by: Adrian Stobbe <[email protected]> * use state-file in CI Signed-off-by: Moritz Sanft <[email protected]> * update orchestration docs --------- Signed-off-by: Moritz Sanft <[email protected]> Co-authored-by: Adrian Stobbe <[email protected]>
edgelesssys · Oct 9, 2023 · f91e892 · f91e892
1 parent 3f285da
commit f91e892
Show file tree

Hide file tree

Showing 51 changed files with 1,183 additions and 491 deletions.
diff --git a/.github/actions/constellation_create/action.yml b/.github/actions/constellation_create/action.yml
@@ -181,7 +181,7 @@ runs:
         CSP: ${{ inputs.cloudProvider }}
       run: |
         echo "::group::Download boot logs"
-        CONSTELL_UID=$(yq '.uid' constellation-id.json)
+        CONSTELL_UID=$(yq '.infrastructure.uid' constellation-state.yaml)
         case $CSP in
           azure)
             AZURE_RESOURCE_GROUP=$(yq eval ".provider.azure.resourceGroup" constellation-conf.yaml)

diff --git a/.github/actions/e2e_verify/action.yml b/.github/actions/e2e_verify/action.yml
@@ -39,14 +39,14 @@ runs:
 
     - name: Constellation verify
       shell: bash
-      run: constellation verify --cluster-id $(jq -r ".clusterID" constellation-id.json) --force
+      run: constellation verify --cluster-id $(jq -r ".clusterValues.clusterID" constellation-state.yaml) --force
 
     - name: Verify all nodes
       shell: bash
       env:
         KUBECONFIG: ${{ inputs.kubeconfig }}
       run: |
-        clusterID=$(jq -r ".clusterID" constellation-id.json)
+        clusterID=$(jq -r ".clusterValues.clusterID" constellation-state.yaml)
         nodes=$(kubectl get nodes -o json | jq -r ".items[].metadata.name")
 
         for node in $nodes ; do

diff --git a/bazel/toolchains/go_module_deps.bzl b/bazel/toolchains/go_module_deps.bzl
@@ -15,6 +15,14 @@ def go_dependencies():
         sum = "h1:tdpHgTbmbvEIARu+bixzmleMi14+3imnpoFXz+Qzjp4=",
         version = "v1.31.0-20230802163732-1c33ebd9ecfa.1",
     )
+    go_repository(
+        name = "cat_dario_mergo",
+        build_file_generation = "on",
+        build_file_proto_mode = "disable_global",
+        importpath = "dario.cat/mergo",
+        sum = "h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=",
+        version = "v1.0.0",
+    )
 
     go_repository(
         name = "cc_mvdan_editorconfig",

diff --git a/cli/internal/cloudcmd/clients_test.go b/cli/internal/cloudcmd/clients_test.go
@@ -48,7 +48,7 @@ type stubTerraformClient struct {
 func (c *stubTerraformClient) ApplyCluster(_ context.Context, _ cloudprovider.Provider, _ terraform.LogLevel) (state.Infrastructure, error) {
 	return state.Infrastructure{
 		ClusterEndpoint: c.ip,
-		InitSecret:      c.initSecret,
+		InitSecret:      []byte(c.initSecret),
 		UID:             c.uid,
 		Azure: &state.Azure{
 			AttestationURL: c.attestationURL,

diff --git a/cli/internal/cmd/BUILD.bazel b/cli/internal/cmd/BUILD.bazel
@@ -151,6 +151,7 @@ go_test(
         "//internal/cloud/gcpshared",
         "//internal/config",
         "//internal/constants",
+        "//internal/crypto",
         "//internal/crypto/testvector",
         "//internal/file",
         "//internal/grpc/atlscredentials",

diff --git a/cli/internal/cmd/create.go b/cli/internal/cmd/create.go
@@ -12,14 +12,12 @@ import (
 	"io/fs"
 
 	"github.com/edgelesssys/constellation/v2/cli/internal/cloudcmd"
-	"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
 	"github.com/edgelesssys/constellation/v2/cli/internal/cmd/pathprefix"
 	"github.com/edgelesssys/constellation/v2/cli/internal/state"
 	"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
 	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi"
 	"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
-	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
 	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/file"
@@ -172,35 +170,15 @@ func (c *createCmd) create(cmd *cobra.Command, creator cloudCreator, fileHandler
 	}
 	c.log.Debugf("Successfully created the cloud resources for the cluster")
 
-	idFile := convertToIDFile(infraState, provider)
-	if err := fileHandler.WriteJSON(constants.ClusterIDsFilename, idFile, file.OptNone); err != nil {
-		return err
-	}
-	state := state.NewState(infraState)
-
-	if err := fileHandler.WriteYAML(constants.StateFilename, state, file.OptNone); err != nil {
-		return err
+	state := state.New().SetInfrastructure(infraState)
+	if err := state.WriteToFile(fileHandler, constants.StateFilename); err != nil {
+		return fmt.Errorf("writing state file: %w", err)
 	}
 
 	cmd.Println("Your Constellation cluster was created successfully.")
 	return nil
 }
 
-func convertToIDFile(infra state.Infrastructure, provider cloudprovider.Provider) clusterid.File {
-	var file clusterid.File
-	file.CloudProvider = provider
-	file.IP = infra.ClusterEndpoint
-	file.APIServerCertSANs = infra.APIServerCertSANs
-	file.InitSecret = []byte(infra.InitSecret) // Convert string to []byte
-	file.UID = infra.UID
-
-	if infra.Azure != nil {
-		file.AttestationURL = infra.Azure.AttestationURL
-	}
-
-	return file
-}
-
 // parseCreateFlags parses the flags of the create command.
 func (c *createCmd) parseCreateFlags(cmd *cobra.Command) (createFlags, error) {
 	yes, err := cmd.Flags().GetBool("yes")
@@ -256,9 +234,9 @@ func (c *createCmd) checkDirClean(fileHandler file.Handler) error {
 	if _, err := fileHandler.Stat(constants.MasterSecretFilename); !errors.Is(err, fs.ErrNotExist) {
 		return fmt.Errorf("file '%s' already exists in working directory. Constellation won't overwrite previous master secrets. Move it somewhere or delete it before creating a new cluster", c.pf.PrefixPrintablePath(constants.MasterSecretFilename))
 	}
-	c.log.Debugf("Checking cluster IDs file")
-	if _, err := fileHandler.Stat(constants.ClusterIDsFilename); !errors.Is(err, fs.ErrNotExist) {
-		return fmt.Errorf("file '%s' already exists in working directory. Constellation won't overwrite previous cluster IDs. Move it somewhere or delete it before creating a new cluster", c.pf.PrefixPrintablePath(constants.ClusterIDsFilename))
+	c.log.Debugf("Checking state file")
+	if _, err := fileHandler.Stat(constants.StateFilename); !errors.Is(err, fs.ErrNotExist) {
+		return fmt.Errorf("file '%s' already exists in working directory. Constellation won't overwrite previous cluster state. Move it somewhere or delete it before creating a new cluster", c.pf.PrefixPrintablePath(constants.StateFilename))
 	}
 
 	return nil

diff --git a/cli/internal/cmd/create_test.go b/cli/internal/cmd/create_test.go
@@ -11,7 +11,6 @@ import (
 	"errors"
 	"testing"
 
-	"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
 	"github.com/edgelesssys/constellation/v2/cli/internal/state"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
 	"github.com/edgelesssys/constellation/v2/internal/config"
@@ -154,22 +153,16 @@ func TestCreate(t *testing.T) {
 					assert.False(tc.creator.createCalled)
 				} else {
 					assert.True(tc.creator.createCalled)
-					var gotIDFile clusterid.File
-					require.NoError(fileHandler.ReadJSON(constants.ClusterIDsFilename, &gotIDFile))
-					assert.Equal(gotIDFile, clusterid.File{
-						IP:            infraState.ClusterEndpoint,
-						CloudProvider: tc.provider,
-					})
 
 					var gotState state.State
 					expectedState := state.Infrastructure{
 						ClusterEndpoint:   "192.0.2.1",
 						APIServerCertSANs: []string{},
+						InitSecret:        []byte{},
 					}
 					require.NoError(fileHandler.ReadYAML(constants.StateFilename, &gotState))
 					assert.Equal("v1", gotState.Version)
 					assert.Equal(expectedState, gotState.Infrastructure)
-
 				}
 			}
 		})

diff --git a/cli/internal/cmd/iamdestroy.go b/cli/internal/cmd/iamdestroy.go
@@ -67,10 +67,10 @@ func (c *destroyCmd) iamDestroy(cmd *cobra.Command, spinner spinnerInterf, destr
 	if !errors.Is(err, os.ErrNotExist) {
 		return fmt.Errorf("file %q still exists, please make sure to terminate your cluster before destroying your IAM configuration", c.pf.PrefixPrintablePath(constants.AdminConfFilename))
 	}
-	c.log.Debugf("Checking if %q exists", c.pf.PrefixPrintablePath(constants.ClusterIDsFilename))
-	_, err = fsHandler.Stat(constants.ClusterIDsFilename)
+	c.log.Debugf("Checking if %q exists", c.pf.PrefixPrintablePath(constants.StateFilename))
+	_, err = fsHandler.Stat(constants.StateFilename)
 	if !errors.Is(err, os.ErrNotExist) {
-		return fmt.Errorf("file %q still exists, please make sure to terminate your cluster before destroying your IAM configuration", c.pf.PrefixPrintablePath(constants.ClusterIDsFilename))
+		return fmt.Errorf("file %q still exists, please make sure to terminate your cluster before destroying your IAM configuration", c.pf.PrefixPrintablePath(constants.StateFilename))
 	}
 
 	gcpFileExists := false

diff --git a/cli/internal/cmd/iamdestroy_test.go b/cli/internal/cmd/iamdestroy_test.go
@@ -36,9 +36,9 @@ func TestIAMDestroy(t *testing.T) {
 		require.NoError(fh.Write(constants.AdminConfFilename, []byte("")))
 		return fh
 	}
-	newFsWithClusterIDFile := func() file.Handler {
+	newFsWithStateFile := func() file.Handler {
 		fh := file.NewHandler(afero.NewMemMapFs())
-		require.NoError(fh.Write(constants.ClusterIDsFilename, []byte("")))
+		require.NoError(fh.Write(constants.StateFilename, []byte("")))
 		return fh
 	}
 
@@ -56,8 +56,8 @@ func TestIAMDestroy(t *testing.T) {
 			yesFlag:      "false",
 			wantErr:      true,
 		},
-		"cluster running cluster ids": {
-			fh:           newFsWithClusterIDFile(),
+		"cluster running cluster state": {
+			fh:           newFsWithStateFile(),
 			iamDestroyer: &stubIAMDestroyer{},
 			yesFlag:      "false",
 			wantErr:      true,