cli: remove id-file (#2402)

* remove id-file from `constellation create`

Signed-off-by: Moritz Sanft <[email protected]>

* add file renaming to handler

* rename id-file after upgrade

* use idFile on `constellation init`

Signed-off-by: Moritz Sanft <[email protected]>

* remove id-file from `constellation verify`

Signed-off-by: Moritz Sanft <[email protected]>

* linter fixes

Signed-off-by: Moritz Sanft <[email protected]>

* remove id-file from `constellation mini`

* remove id-file from `constellation recover`

* linter fixes

* remove id-file from `constellation terminate`

* fix initSecret type

* fix recover argument precedence

* fix terminate test

* generate

* add TODO to remove id-file removal

* Update cli/internal/cmd/init.go

Co-authored-by: Adrian Stobbe <[email protected]>

* fix verify arg parse logic

Signed-off-by: Moritz Sanft <[email protected]>

* add version test

Signed-off-by: Moritz Sanft <[email protected]>

* remove id-file from docs

* add file not found log

* use state-file in miniconstellation

Signed-off-by: Moritz Sanft <[email protected]>

* remove id-file from `constellation iam destroy`

Signed-off-by: Moritz Sanft <[email protected]>

* remove id-file from `cdbg deploy`

Signed-off-by: Moritz Sanft <[email protected]>

---------

Signed-off-by: Moritz Sanft <[email protected]>
Co-authored-by: Adrian Stobbe <[email protected]>

cli/internal/cloudcmd/clients_test.go

@@ -48,7 +48,7 @@ type stubTerraformClient struct {
 func (c *stubTerraformClient) ApplyCluster(_ context.Context, _ cloudprovider.Provider, _ terraform.LogLevel) (state.Infrastructure, error) {
 	return state.Infrastructure{
 		ClusterEndpoint: c.ip,
-		InitSecret:      c.initSecret,
+		InitSecret:      []byte(c.initSecret),
 		UID:             c.uid,
 		Azure: &state.Azure{
 			AttestationURL: c.attestationURL,

cli/internal/cmd/create.go

@@ -12,14 +12,12 @@ import (
 	"io/fs"
 
 	"github.com/edgelesssys/constellation/v2/cli/internal/cloudcmd"
-	"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
 	"github.com/edgelesssys/constellation/v2/cli/internal/cmd/pathprefix"
 	"github.com/edgelesssys/constellation/v2/cli/internal/state"
 	"github.com/edgelesssys/constellation/v2/cli/internal/terraform"
 	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi"
 	"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
-	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
 	"github.com/edgelesssys/constellation/v2/internal/config"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/file"
@@ -172,12 +170,6 @@ func (c *createCmd) create(cmd *cobra.Command, creator cloudCreator, fileHandler
 	}
 	c.log.Debugf("Successfully created the cloud resources for the cluster")
 
-	// TODO(msanft): Remove IDFile as per AB#3425
-	idFile := convertToIDFile(infraState, provider)
-	if err := fileHandler.WriteJSON(constants.ClusterIDsFilename, idFile, file.OptNone); err != nil {
-		return err
-	}
-
 	state := state.New().SetInfrastructure(infraState)
 	if err := state.WriteToFile(fileHandler, constants.StateFilename); err != nil {
 		return fmt.Errorf("writing state file: %w", err)
@@ -187,21 +179,6 @@ func (c *createCmd) create(cmd *cobra.Command, creator cloudCreator, fileHandler
 	return nil
 }
 
-func convertToIDFile(infra state.Infrastructure, provider cloudprovider.Provider) clusterid.File {
-	var file clusterid.File
-	file.CloudProvider = provider
-	file.IP = infra.ClusterEndpoint
-	file.APIServerCertSANs = infra.APIServerCertSANs
-	file.InitSecret = []byte(infra.InitSecret) // Convert string to []byte
-	file.UID = infra.UID
-
-	if infra.Azure != nil {
-		file.AttestationURL = infra.Azure.AttestationURL
-	}
-
-	return file
-}
-
 // parseCreateFlags parses the flags of the create command.
 func (c *createCmd) parseCreateFlags(cmd *cobra.Command) (createFlags, error) {
 	yes, err := cmd.Flags().GetBool("yes")
@@ -257,9 +234,9 @@ func (c *createCmd) checkDirClean(fileHandler file.Handler) error {
 	if _, err := fileHandler.Stat(constants.MasterSecretFilename); !errors.Is(err, fs.ErrNotExist) {
 		return fmt.Errorf("file '%s' already exists in working directory. Constellation won't overwrite previous master secrets. Move it somewhere or delete it before creating a new cluster", c.pf.PrefixPrintablePath(constants.MasterSecretFilename))
 	}
-	c.log.Debugf("Checking cluster IDs file")
-	if _, err := fileHandler.Stat(constants.ClusterIDsFilename); !errors.Is(err, fs.ErrNotExist) {
-		return fmt.Errorf("file '%s' already exists in working directory. Constellation won't overwrite previous cluster IDs. Move it somewhere or delete it before creating a new cluster", c.pf.PrefixPrintablePath(constants.ClusterIDsFilename))
+	c.log.Debugf("Checking state file")
+	if _, err := fileHandler.Stat(constants.StateFilename); !errors.Is(err, fs.ErrNotExist) {
+		return fmt.Errorf("file '%s' already exists in working directory. Constellation won't overwrite previous cluster state. Move it somewhere or delete it before creating a new cluster", c.pf.PrefixPrintablePath(constants.StateFilename))
 	}
 
 	return nil

cli/internal/cmd/create_test.go

@@ -11,7 +11,6 @@ import (
 	"errors"
 	"testing"
 
-	"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
 	"github.com/edgelesssys/constellation/v2/cli/internal/state"
 	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
 	"github.com/edgelesssys/constellation/v2/internal/config"
@@ -154,22 +153,16 @@ func TestCreate(t *testing.T) {
 					assert.False(tc.creator.createCalled)
 				} else {
 					assert.True(tc.creator.createCalled)
-					var gotIDFile clusterid.File
-					require.NoError(fileHandler.ReadJSON(constants.ClusterIDsFilename, &gotIDFile))
-					assert.Equal(gotIDFile, clusterid.File{
-						IP:            infraState.ClusterEndpoint,
-						CloudProvider: tc.provider,
-					})
 
 					var gotState state.State
 					expectedState := state.Infrastructure{
 						ClusterEndpoint:   "192.0.2.1",
 						APIServerCertSANs: []string{},
+						InitSecret:        []byte{},
 					}
 					require.NoError(fileHandler.ReadYAML(constants.StateFilename, &gotState))
 					assert.Equal("v1", gotState.Version)
 					assert.Equal(expectedState, gotState.Infrastructure)
-
 				}
 			}
 		})

cli/internal/cmd/iamdestroy.go

@@ -67,10 +67,10 @@ func (c *destroyCmd) iamDestroy(cmd *cobra.Command, spinner spinnerInterf, destr
 	if !errors.Is(err, os.ErrNotExist) {
 		return fmt.Errorf("file %q still exists, please make sure to terminate your cluster before destroying your IAM configuration", c.pf.PrefixPrintablePath(constants.AdminConfFilename))
 	}
-	c.log.Debugf("Checking if %q exists", c.pf.PrefixPrintablePath(constants.ClusterIDsFilename))
-	_, err = fsHandler.Stat(constants.ClusterIDsFilename)
+	c.log.Debugf("Checking if %q exists", c.pf.PrefixPrintablePath(constants.StateFilename))
+	_, err = fsHandler.Stat(constants.StateFilename)
 	if !errors.Is(err, os.ErrNotExist) {
-		return fmt.Errorf("file %q still exists, please make sure to terminate your cluster before destroying your IAM configuration", c.pf.PrefixPrintablePath(constants.ClusterIDsFilename))
+		return fmt.Errorf("file %q still exists, please make sure to terminate your cluster before destroying your IAM configuration", c.pf.PrefixPrintablePath(constants.StateFilename))
 	}
 
 	gcpFileExists := false

cli/internal/cmd/iamdestroy_test.go

@@ -36,9 +36,9 @@ func TestIAMDestroy(t *testing.T) {
 		require.NoError(fh.Write(constants.AdminConfFilename, []byte("")))
 		return fh
 	}
-	newFsWithClusterIDFile := func() file.Handler {
+	newFsWithStateFile := func() file.Handler {
 		fh := file.NewHandler(afero.NewMemMapFs())
-		require.NoError(fh.Write(constants.ClusterIDsFilename, []byte("")))
+		require.NoError(fh.Write(constants.StateFilename, []byte("")))
 		return fh
 	}
 
@@ -56,8 +56,8 @@ func TestIAMDestroy(t *testing.T) {
 			yesFlag:      "false",
 			wantErr:      true,
 		},
-		"cluster running cluster ids": {
-			fh:           newFsWithClusterIDFile(),
+		"cluster running cluster state": {
+			fh:           newFsWithStateFile(),
 			iamDestroyer: &stubIAMDestroyer{},
 			yesFlag:      "false",
 			wantErr:      true,

cli/internal/cmd/init.go

@@ -36,7 +36,6 @@ import (
 
 	"github.com/edgelesssys/constellation/v2/bootstrapper/initproto"
 	"github.com/edgelesssys/constellation/v2/cli/internal/cloudcmd"
-	"github.com/edgelesssys/constellation/v2/cli/internal/clusterid"
 	"github.com/edgelesssys/constellation/v2/cli/internal/cmd/pathprefix"
 	"github.com/edgelesssys/constellation/v2/cli/internal/helm"
 	"github.com/edgelesssys/constellation/v2/cli/internal/kubecmd"
@@ -156,13 +155,6 @@ func (i *initCmd) initialize(
 		cmd.PrintErrln("WARNING: Attestation temporarily relies on AWS nitroTPM. See https://docs.edgeless.systems/constellation/workflows/config#choosing-a-vm-type for more information.")
 	}
 
-	// TODO(msanft): Remove IDFile as per AB#3425
-	i.log.Debugf("Checking cluster ID file")
-	var idFile clusterid.File
-	if err := i.fileHandler.ReadJSON(constants.ClusterIDsFilename, &idFile); err != nil {
-		return fmt.Errorf("reading cluster ID file: %w", err)
-	}
-
 	stateFile, err := state.ReadFromFile(i.fileHandler, constants.StateFilename)
 	if err != nil {
 		return fmt.Errorf("reading state file: %w", err)
@@ -181,7 +173,10 @@ func (i *initCmd) initialize(
 	}
 	i.log.Debugf("Checked license")
 
-	conf.UpdateMAAURL(idFile.AttestationURL)
+	if stateFile.Infrastructure.Azure != nil {
+		conf.UpdateMAAURL(stateFile.Infrastructure.Azure.AttestationURL)
+	}
+
 	i.log.Debugf("Creating aTLS Validator for %s", conf.GetAttestationConfig().GetVariant())
 	validator, err := cloudcmd.NewValidator(cmd, conf.GetAttestationConfig(), i.log)
 	if err != nil {
@@ -199,15 +194,14 @@ func (i *initCmd) initialize(
 	if err != nil {
 		return fmt.Errorf("generating master secret: %w", err)
 	}
-	i.log.Debugf("Generated measurement salt")
+
+	i.log.Debugf("Generating measurement salt")
 	measurementSalt, err := crypto.GenerateRandomBytes(crypto.RNGLengthDefault)
 	if err != nil {
 		return fmt.Errorf("generating measurement salt: %w", err)
 	}
-	idFile.MeasurementSalt = measurementSalt
 
-	clusterName := clusterid.GetClusterName(conf, idFile)
-	i.log.Debugf("Setting cluster name to %s", clusterName)
+	i.log.Debugf("Setting cluster name to %s", stateFile.Infrastructure.Name)
 
 	cmd.PrintErrln("Note: If you just created the cluster, it can take a few minutes to connect.")
 	i.spinner.Start("Connecting ", false)
@@ -218,12 +212,12 @@ func (i *initCmd) initialize(
 		KubernetesVersion:    versions.VersionConfigs[k8sVersion].ClusterVersion,
 		KubernetesComponents: versions.VersionConfigs[k8sVersion].KubernetesComponents.ToInitProto(),
 		ConformanceMode:      flags.conformance,
-		InitSecret:           idFile.InitSecret,
-		ClusterName:          clusterName,
-		ApiserverCertSans:    idFile.APIServerCertSANs,
+		InitSecret:           stateFile.Infrastructure.InitSecret,
+		ClusterName:          stateFile.Infrastructure.Name,
+		ApiserverCertSans:    stateFile.Infrastructure.APIServerCertSANs,
 	}
 	i.log.Debugf("Sending initialization request")
-	resp, err := i.initCall(cmd.Context(), newDialer(validator), idFile.IP, req)
+	resp, err := i.initCall(cmd.Context(), newDialer(validator), stateFile.Infrastructure.ClusterEndpoint, req)
 	i.spinner.Stop()
 
 	if err != nil {
@@ -241,12 +235,8 @@ func (i *initCmd) initialize(
 	}
 	i.log.Debugf("Initialization request succeeded")
 
-	// TODO(msanft): Remove IDFile as per AB#3425
-	i.log.Debugf("Writing Constellation ID file")
-	idFile.CloudProvider = provider
-
 	bufferedOutput := &bytes.Buffer{}
-	if err := i.writeOutput(idFile, stateFile, resp, flags.mergeConfigs, bufferedOutput, measurementSalt); err != nil {
+	if err := i.writeOutput(stateFile, resp, flags.mergeConfigs, bufferedOutput, measurementSalt); err != nil {
 		return err
 	}
 
@@ -449,7 +439,6 @@ func (d *initDoer) handleGRPCStateChanges(ctx context.Context, wg *sync.WaitGrou
 // writeOutput writes the output of a cluster initialization to the
 // state- / id- / kubeconfig-file and saves it to disk.
 func (i *initCmd) writeOutput(
-	idFile clusterid.File,
 	stateFile *state.State,
 	initResp *initproto.InitSuccessResponse,
 	mergeConfig bool, wr io.Writer,
@@ -458,17 +447,21 @@ func (i *initCmd) writeOutput(
 	fmt.Fprint(wr, "Your Constellation cluster was successfully initialized.\n\n")
 
 	ownerID := hex.EncodeToString(initResp.GetOwnerId())
-	// i.log.Debugf("Owner id is %s", ownerID)
 	clusterID := hex.EncodeToString(initResp.GetClusterId())
 
+	stateFile.SetClusterValues(state.ClusterValues{
+		MeasurementSalt: measurementSalt,
+		OwnerID:         ownerID,
+		ClusterID:       clusterID,
+	})
+
 	tw := tabwriter.NewWriter(wr, 0, 0, 2, ' ', 0)
-	// writeRow(tw, "Constellation cluster's owner identifier", ownerID)
 	writeRow(tw, "Constellation cluster identifier", clusterID)
 	writeRow(tw, "Kubernetes configuration", i.pf.PrefixPrintablePath(constants.AdminConfFilename))
 	tw.Flush()
 	fmt.Fprintln(wr)
 
-	i.log.Debugf("Rewriting cluster server address in kubeconfig to %s", idFile.IP)
+	i.log.Debugf("Rewriting cluster server address in kubeconfig to %s", stateFile.Infrastructure.ClusterEndpoint)
 	kubeconfig, err := clientcmd.Load(initResp.GetKubeconfig())
 	if err != nil {
 		return fmt.Errorf("loading kubeconfig: %w", err)
@@ -481,7 +474,7 @@ func (i *initCmd) writeOutput(
 		if err != nil {
 			return fmt.Errorf("parsing kubeconfig server URL: %w", err)
 		}
-		kubeEndpoint.Host = net.JoinHostPort(idFile.IP, kubeEndpoint.Port())
+		kubeEndpoint.Host = net.JoinHostPort(stateFile.Infrastructure.ClusterEndpoint, kubeEndpoint.Port())
 		cluster.Server = kubeEndpoint.String()
 	}
 	kubeconfigBytes, err := clientcmd.Write(*kubeconfig)
@@ -503,23 +496,11 @@ func (i *initCmd) writeOutput(
 		}
 	}
 
-	idFile.OwnerID = ownerID
-	idFile.ClusterID = clusterID
-
-	stateFile.SetClusterValues(state.ClusterValues{
-		MeasurementSalt: measurementSalt,
-		OwnerID:         ownerID,
-		ClusterID:       clusterID,
-	})
-
 	if err := stateFile.WriteToFile(i.fileHandler, constants.StateFilename); err != nil {
-		return fmt.Errorf("writing state file: %w", err)
+		return fmt.Errorf("writing Constellation state file: %w", err)
 	}
 
-	if err := i.fileHandler.WriteJSON(constants.ClusterIDsFilename, idFile, file.OptOverwrite); err != nil {
-		return fmt.Errorf("writing Constellation ID file: %w", err)
-	}
-	i.log.Debugf("Constellation ID file written to %s", i.pf.PrefixPrintablePath(constants.ClusterIDsFilename))
+	i.log.Debugf("Constellation state file written to %s", i.pf.PrefixPrintablePath(constants.StateFilename))
 
 	if !mergeConfig {
 		fmt.Fprintln(wr, "You can now connect to your cluster by executing:")