github.com/openshift/installer@v1.4.17/pkg/tfvars/gcp/gcp.go (about) 1 package gcp 2 3 import ( 4 "encoding/json" 5 "fmt" 6 7 machineapi "github.com/openshift/api/machine/v1beta1" 8 gcpconsts "github.com/openshift/installer/pkg/constants/gcp" 9 "github.com/openshift/installer/pkg/types" 10 ) 11 12 const ( 13 kmsKeyNameFmt = "projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s" 14 ) 15 16 // Auth is the collection of credentials that will be used by terrform. 17 type Auth struct { 18 ProjectID string `json:"gcp_project_id,omitempty"` 19 NetworkProjectID string `json:"gcp_network_project_id,omitempty"` 20 ServiceAccount string `json:"gcp_service_account,omitempty"` 21 } 22 23 type config struct { 24 Auth `json:",inline"` 25 Region string `json:"gcp_region,omitempty"` 26 BootstrapInstanceType string `json:"gcp_bootstrap_instance_type,omitempty"` 27 CreateFirewallRules bool `json:"gcp_create_firewall_rules"` 28 MasterInstanceType string `json:"gcp_master_instance_type,omitempty"` 29 MasterAvailabilityZones []string `json:"gcp_master_availability_zones"` 30 Image string `json:"gcp_image,omitempty"` 31 InstanceServiceAccount string `json:"gcp_instance_service_account,omitempty"` 32 VolumeType string `json:"gcp_master_root_volume_type"` 33 VolumeSize int64 `json:"gcp_master_root_volume_size"` 34 VolumeKMSKeyLink string `json:"gcp_root_volume_kms_key_link"` 35 PublicZoneName string `json:"gcp_public_zone_name,omitempty"` 36 PrivateZoneName string `json:"gcp_private_zone_name,omitempty"` 37 PublishStrategy string `json:"gcp_publish_strategy,omitempty"` 38 PreexistingNetwork bool `json:"gcp_preexisting_network,omitempty"` 39 ClusterNetwork string `json:"gcp_cluster_network,omitempty"` 40 ControlPlaneSubnet string `json:"gcp_control_plane_subnet,omitempty"` 41 ComputeSubnet string `json:"gcp_compute_subnet,omitempty"` 42 ControlPlaneTags []string `json:"gcp_control_plane_tags,omitempty"` 43 SecureBoot string `json:"gcp_master_secure_boot,omitempty"` 44 OnHostMaintenance string `json:"gcp_master_on_host_maintenance,omitempty"` 45 EnableConfidentialCompute string `json:"gcp_master_confidential_compute,omitempty"` 46 ExtraLabels map[string]string `json:"gcp_extra_labels,omitempty"` 47 UserProvisionedDNS bool `json:"gcp_user_provisioned_dns,omitempty"` 48 ExtraTags map[string]string `json:"gcp_extra_tags,omitempty"` 49 IgnitionShim string `json:"gcp_ignition_shim,omitempty"` 50 PresignedURL string `json:"gcp_signed_url"` 51 } 52 53 // TFVarsSources contains the parameters to be converted into Terraform variables 54 type TFVarsSources struct { 55 Auth Auth 56 CreateFirewallRules bool 57 MasterConfigs []*machineapi.GCPMachineProviderSpec 58 WorkerConfigs []*machineapi.GCPMachineProviderSpec 59 PublicZoneName string 60 PrivateZoneName string 61 PublishStrategy types.PublishingStrategy 62 PreexistingNetwork bool 63 InfrastructureName string 64 UserProvisionedDNS bool 65 UserTags map[string]string 66 IgnitionShim string 67 PresignedURL string 68 } 69 70 // TFVars generates gcp-specific Terraform variables launching the cluster. 71 func TFVars(sources TFVarsSources) ([]byte, error) { 72 masterConfig := sources.MasterConfigs[0] 73 workerConfig := sources.WorkerConfigs[0] 74 masterAvailabilityZones := make([]string, len(sources.MasterConfigs)) 75 for i, c := range sources.MasterConfigs { 76 masterAvailabilityZones[i] = c.Zone 77 } 78 79 labels := make(map[string]string, len(masterConfig.Labels)+1) 80 // add OCP default label 81 labels[fmt.Sprintf(gcpconsts.ClusterIDLabelFmt, sources.InfrastructureName)] = "owned" 82 for k, v := range masterConfig.Labels { 83 labels[k] = v 84 } 85 86 cfg := &config{ 87 Auth: sources.Auth, 88 Region: masterConfig.Region, 89 BootstrapInstanceType: masterConfig.MachineType, 90 CreateFirewallRules: sources.CreateFirewallRules, 91 MasterInstanceType: masterConfig.MachineType, 92 MasterAvailabilityZones: masterAvailabilityZones, 93 VolumeType: masterConfig.Disks[0].Type, 94 VolumeSize: masterConfig.Disks[0].SizeGB, 95 Image: masterConfig.Disks[0].Image, 96 PublicZoneName: sources.PublicZoneName, 97 PrivateZoneName: sources.PrivateZoneName, 98 PublishStrategy: string(sources.PublishStrategy), 99 ClusterNetwork: masterConfig.NetworkInterfaces[0].Network, 100 ControlPlaneSubnet: masterConfig.NetworkInterfaces[0].Subnetwork, 101 ComputeSubnet: workerConfig.NetworkInterfaces[0].Subnetwork, 102 PreexistingNetwork: sources.PreexistingNetwork, 103 ControlPlaneTags: masterConfig.Tags, 104 SecureBoot: string(masterConfig.ShieldedInstanceConfig.SecureBoot), 105 EnableConfidentialCompute: string(masterConfig.ConfidentialCompute), 106 OnHostMaintenance: string(masterConfig.OnHostMaintenance), 107 ExtraLabels: labels, 108 UserProvisionedDNS: sources.UserProvisionedDNS, 109 ExtraTags: sources.UserTags, 110 IgnitionShim: sources.IgnitionShim, 111 PresignedURL: sources.PresignedURL, 112 } 113 114 if masterConfig.Disks[0].EncryptionKey != nil { 115 cfg.VolumeKMSKeyLink = generateDiskEncryptionKeyLink(masterConfig.Disks[0].EncryptionKey, masterConfig.ProjectID) 116 } 117 118 instanceServiceAccount := "" 119 // Service Account for masters set for xpn installs 120 if len(cfg.Auth.NetworkProjectID) > 0 { 121 if len(masterConfig.ServiceAccounts) > 0 { 122 instanceServiceAccount = masterConfig.ServiceAccounts[0].Email 123 } 124 } 125 cfg.InstanceServiceAccount = instanceServiceAccount 126 127 return json.MarshalIndent(cfg, "", " ") 128 } 129 130 func generateDiskEncryptionKeyLink(keyRef *machineapi.GCPEncryptionKeyReference, projectID string) string { 131 if keyRef.KMSKey.ProjectID != "" { 132 projectID = keyRef.KMSKey.ProjectID 133 } 134 135 return fmt.Sprintf(kmsKeyNameFmt, projectID, keyRef.KMSKey.Location, keyRef.KMSKey.KeyRing, keyRef.KMSKey.Name) 136 }