operator: use GCP REST API for instance templates (#3361)

go.mod

@@ -26,10 +26,10 @@ replace (
 )
 
 require (
-	cloud.google.com/go/compute v1.27.4
+	cloud.google.com/go/compute v1.28.0
 	cloud.google.com/go/compute/metadata v0.5.0
-	cloud.google.com/go/kms v1.18.4
-	cloud.google.com/go/secretmanager v1.13.5
+	cloud.google.com/go/kms v1.19.0
+	cloud.google.com/go/secretmanager v1.14.0
 	cloud.google.com/go/storage v1.43.0
 	dario.cat/mergo v1.0.0
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
@@ -114,14 +114,14 @@ require (
 	go.etcd.io/etcd/client/pkg/v3 v3.5.15
 	go.etcd.io/etcd/client/v3 v3.5.15
 	go.uber.org/goleak v1.3.0
-	golang.org/x/crypto v0.25.0
+	golang.org/x/crypto v0.27.0
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
 	golang.org/x/mod v0.20.0
-	golang.org/x/sys v0.23.0
-	golang.org/x/text v0.17.0
+	golang.org/x/sys v0.25.0
+	golang.org/x/text v0.18.0
 	golang.org/x/tools v0.23.0
-	google.golang.org/api v0.190.0
-	google.golang.org/grpc v1.65.0
+	google.golang.org/api v0.197.0
+	google.golang.org/grpc v1.66.1
 	google.golang.org/protobuf v1.34.2
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.15.3
@@ -141,11 +141,11 @@ require (
 )
 
 require (
-	cloud.google.com/go v0.115.0 // indirect
-	cloud.google.com/go/auth v0.7.3 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect
-	cloud.google.com/go/iam v1.1.12 // indirect
-	cloud.google.com/go/longrunning v0.5.11 // indirect
+	cloud.google.com/go v0.115.1 // indirect
+	cloud.google.com/go/auth v0.9.3 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
+	cloud.google.com/go/iam v1.2.0 // indirect
+	cloud.google.com/go/longrunning v0.6.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 // indirect
@@ -253,7 +253,7 @@ require (
 	github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect
 	github.com/google/s2a-go v0.1.8 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/gosuri/uitable v0.0.4 // indirect
@@ -345,24 +345,24 @@ require (
 	github.com/zclconf/go-cty v1.14.4 // indirect
 	go.mongodb.org/mongo-driver v1.14.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect
-	go.opentelemetry.io/otel v1.27.0 // indirect
-	go.opentelemetry.io/otel/metric v1.27.0 // indirect
-	go.opentelemetry.io/otel/trace v1.27.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
+	go.opentelemetry.io/otel v1.29.0 // indirect
+	go.opentelemetry.io/otel/metric v1.29.0 // indirect
+	go.opentelemetry.io/otel/trace v1.29.0 // indirect
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/net v0.27.0 // indirect
-	golang.org/x/oauth2 v0.21.0 // indirect
+	golang.org/x/net v0.29.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/term v0.22.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
+	golang.org/x/term v0.24.0 // indirect
+	golang.org/x/time v0.6.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect
+	google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/cli-runtime v0.30.0 // indirect

operators/constellation-node-operator/internal/cloud/gcp/client/BUILD.bazel

@@ -29,6 +29,7 @@ go_library(
         "@com_github_spf13_afero//:afero",
         "@com_google_cloud_go_compute//apiv1",
         "@com_google_cloud_go_compute//apiv1/computepb",
+        "@org_golang_google_api//compute/v1:compute",
         "@org_golang_google_api//googleapi",
         "@org_golang_google_api//iterator",
         "@org_golang_google_protobuf//proto",
@@ -61,6 +62,7 @@ go_test(
         "@com_github_stretchr_testify//require",
         "@com_google_cloud_go_compute//apiv1",
         "@com_google_cloud_go_compute//apiv1/computepb",
+        "@org_golang_google_api//compute/v1:compute",
         "@org_golang_google_api//googleapi",
         "@org_golang_google_api//iterator",
         "@org_golang_google_protobuf//proto",

operators/constellation-node-operator/internal/cloud/gcp/client/api.go

@@ -12,6 +12,7 @@ import (
 	compute "cloud.google.com/go/compute/apiv1"
 	"cloud.google.com/go/compute/apiv1/computepb"
 	"github.com/googleapis/gax-go/v2"
+	computeREST "google.golang.org/api/compute/v1"
 )
 
 type projectAPI interface {
@@ -27,13 +28,9 @@ type instanceAPI interface {
 }
 
 type instanceTemplateAPI interface {
-	Close() error
-	Get(ctx context.Context, req *computepb.GetInstanceTemplateRequest,
-		opts ...gax.CallOption) (*computepb.InstanceTemplate, error)
-	Delete(ctx context.Context, req *computepb.DeleteInstanceTemplateRequest,
-		opts ...gax.CallOption) (Operation, error)
-	Insert(ctx context.Context, req *computepb.InsertInstanceTemplateRequest,
-		opts ...gax.CallOption) (Operation, error)
+	Get(projectID, template string) (*computeREST.InstanceTemplate, error)
+	Delete(projectID, template string) (*computeREST.Operation, error)
+	Insert(projectID string, template *computeREST.InstanceTemplate) (*computeREST.Operation, error)
 }
 
 type instanceGroupManagersAPI interface {

operators/constellation-node-operator/internal/cloud/gcp/client/client.go

@@ -14,6 +14,7 @@ import (
 
 	compute "cloud.google.com/go/compute/apiv1"
 	"github.com/spf13/afero"
+	computeREST "google.golang.org/api/compute/v1"
 )
 
 // Client is a client for the Google Compute Engine.
@@ -48,12 +49,17 @@ func New(ctx context.Context, configPath string) (*Client, error) {
 		return nil, err
 	}
 	closers = append(closers, insAPI)
-	templAPI, err := compute.NewInstanceTemplatesRESTClient(ctx)
+
+	// TODO(msanft): Go back to protobuf-based API when it supports setting
+	// a confidential instance type.
+	// See https://github.com/googleapis/google-cloud-go/issues/10873 for the current status.
+	restClient, err := computeREST.NewService(ctx)
 	if err != nil {
 		_ = closeAll(closers)
 		return nil, err
 	}
-	closers = append(closers, templAPI)
+	templAPI := computeREST.NewInstanceTemplatesService(restClient)
+
 	groupAPI, err := compute.NewInstanceGroupManagersRESTClient(ctx)
 	if err != nil {
 		_ = closeAll(closers)
@@ -81,7 +87,6 @@ func (c *Client) Close() error {
 	closers := []closer{
 		c.projectAPI,
 		c.instanceAPI,
-		c.instanceTemplateAPI,
 		c.instanceGroupManagersAPI,
 		c.diskAPI,
 	}

operators/constellation-node-operator/internal/cloud/gcp/client/client_test.go

@@ -12,6 +12,7 @@ import (
 	compute "cloud.google.com/go/compute/apiv1"
 	"cloud.google.com/go/compute/apiv1/computepb"
 	"github.com/googleapis/gax-go/v2"
+	computeREST "google.golang.org/api/compute/v1"
 	"google.golang.org/api/iterator"
 	"google.golang.org/protobuf/proto"
 )
@@ -47,7 +48,7 @@ func (a stubInstanceAPI) Get(_ context.Context, _ *computepb.GetInstanceRequest,
 }
 
 type stubInstanceTemplateAPI struct {
-	template  *computepb.InstanceTemplate
+	template  *computeREST.InstanceTemplate
 	getErr    error
 	deleteErr error
 	insertErr error
@@ -57,30 +58,16 @@ func (a stubInstanceTemplateAPI) Close() error {
 	return nil
 }
 
-func (a stubInstanceTemplateAPI) Get(_ context.Context, _ *computepb.GetInstanceTemplateRequest,
-	_ ...gax.CallOption,
-) (*computepb.InstanceTemplate, error) {
+func (a stubInstanceTemplateAPI) Get(_, _ string) (*computeREST.InstanceTemplate, error) {
 	return a.template, a.getErr
 }
 
-func (a stubInstanceTemplateAPI) Delete(_ context.Context, _ *computepb.DeleteInstanceTemplateRequest,
-	_ ...gax.CallOption,
-) (Operation, error) {
-	return &stubOperation{
-		&computepb.Operation{
-			Name: proto.String("name"),
-		},
-	}, a.deleteErr
+func (a stubInstanceTemplateAPI) Delete(_, _ string) (*computeREST.Operation, error) {
+	return &computeREST.Operation{}, a.deleteErr
 }
 
-func (a stubInstanceTemplateAPI) Insert(_ context.Context, _ *computepb.InsertInstanceTemplateRequest,
-	_ ...gax.CallOption,
-) (Operation, error) {
-	return &stubOperation{
-		&computepb.Operation{
-			Name: proto.String("name"),
-		},
-	}, a.insertErr
+func (a stubInstanceTemplateAPI) Insert(_ string, _ *computeREST.InstanceTemplate) (*computeREST.Operation, error) {
+	return &computeREST.Operation{}, a.insertErr
 }
 
 type stubInstanceGroupManagersAPI struct {

operators/constellation-node-operator/internal/cloud/gcp/client/gcpwrappers.go

@@ -12,26 +12,27 @@ import (
 	compute "cloud.google.com/go/compute/apiv1"
 	"cloud.google.com/go/compute/apiv1/computepb"
 	"github.com/googleapis/gax-go/v2"
+	computeREST "google.golang.org/api/compute/v1"
 )
 
 type instanceTemplateClient struct {
-	*compute.InstanceTemplatesClient
+	*computeREST.InstanceTemplatesService
 }
 
 func (c *instanceTemplateClient) Close() error {
-	return c.InstanceTemplatesClient.Close()
+	return nil // no-op
 }
 
-func (c *instanceTemplateClient) Delete(ctx context.Context, req *computepb.DeleteInstanceTemplateRequest,
-	opts ...gax.CallOption,
-) (Operation, error) {
-	return c.InstanceTemplatesClient.Delete(ctx, req, opts...)
+func (c *instanceTemplateClient) Get(project, template string) (*computeREST.InstanceTemplate, error) {
+	return c.InstanceTemplatesService.Get(project, template).Do()
 }
 
-func (c *instanceTemplateClient) Insert(ctx context.Context, req *computepb.InsertInstanceTemplateRequest,
-	opts ...gax.CallOption,
-) (Operation, error) {
-	return c.InstanceTemplatesClient.Insert(ctx, req, opts...)
+func (c *instanceTemplateClient) Delete(project, template string) (*computeREST.Operation, error) {
+	return c.InstanceTemplatesService.Delete(project, template).Do()
+}
+
+func (c *instanceTemplateClient) Insert(projectID string, template *computeREST.InstanceTemplate) (*computeREST.Operation, error) {
+	return c.InstanceTemplatesService.Insert(projectID, template).Do()
 }
 
 type instanceGroupManagersClient struct {

operators/constellation-node-operator/internal/cloud/gcp/client/scalinggroup.go

@@ -16,6 +16,7 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	updatev1alpha1 "github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/api/v1alpha1"
 	cspapi "github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/internal/cloud/api"
+	computeREST "google.golang.org/api/compute/v1"
 	"google.golang.org/api/iterator"
 )
 
@@ -49,29 +50,22 @@ func (c *Client) SetScalingGroupImage(ctx context.Context, scalingGroupID, image
 	}
 
 	// clone template with desired image
-	if instanceTemplate.Name == nil {
+	if instanceTemplate.Name == "" {
 		return fmt.Errorf("instance template of scaling group %q has no name", scalingGroupID)
 	}
-	instanceTemplate.Properties.Disks[0].InitializeParams.SourceImage = &imageURI
-	newTemplateName, err := generateInstanceTemplateName(*instanceTemplate.Name)
+	instanceTemplate.Properties.Disks[0].InitializeParams.SourceImage = imageURI
+	newTemplateName, err := generateInstanceTemplateName(instanceTemplate.Name)
 	if err != nil {
 		return err
 	}
-	instanceTemplate.Name = &newTemplateName
-	op, err := c.instanceTemplateAPI.Insert(ctx, &computepb.InsertInstanceTemplateRequest{
-		Project:                  project,
-		InstanceTemplateResource: instanceTemplate,
-	})
-	if err != nil {
+	instanceTemplate.Name = newTemplateName
+	if _, err := c.instanceTemplateAPI.Insert(project, instanceTemplate); err != nil {
 		return fmt.Errorf("cloning instance template: %w", err)
 	}
-	if err := op.Wait(ctx); err != nil {
-		return fmt.Errorf("waiting for cloned instance template: %w", err)
-	}
 
 	newTemplateURI := joinInstanceTemplateURI(project, newTemplateName)
 	// update instance group manager to use new template
-	op, err = c.instanceGroupManagersAPI.SetInstanceTemplate(ctx, &computepb.SetInstanceTemplateInstanceGroupManagerRequest{
+	op, err := c.instanceGroupManagersAPI.SetInstanceTemplate(ctx, &computepb.SetInstanceTemplateInstanceGroupManagerRequest{
 		InstanceGroupManager: instanceGroupName,
 		Project:              project,
 		Zone:                 zone,
@@ -133,10 +127,7 @@ func (c *Client) ListScalingGroups(ctx context.Context, uid string) ([]cspapi.Sc
 			if len(templateURI) < 1 {
 				continue // invalid template URI
 			}
-			template, err := c.instanceTemplateAPI.Get(ctx, &computepb.GetInstanceTemplateRequest{
-				Project:          c.projectID,
-				InstanceTemplate: templateURI[len(templateURI)-1],
-			})
+			template, err := c.instanceTemplateAPI.Get(c.projectID, templateURI[len(templateURI)-1])
 			if err != nil {
 				return nil, fmt.Errorf("getting instance template: %w", err)
 			}
@@ -188,7 +179,7 @@ func (c *Client) ListScalingGroups(ctx context.Context, uid string) ([]cspapi.Sc
 	return results, nil
 }
 
-func (c *Client) getScalingGroupTemplate(ctx context.Context, scalingGroupID string) (*computepb.InstanceTemplate, error) {
+func (c *Client) getScalingGroupTemplate(ctx context.Context, scalingGroupID string) (*computeREST.InstanceTemplate, error) {
 	project, zone, instanceGroupName, err := splitInstanceGroupID(scalingGroupID)
 	if err != nil {
 		return nil, err
@@ -208,22 +199,19 @@ func (c *Client) getScalingGroupTemplate(ctx context.Context, scalingGroupID str
 	if err != nil {
 		return nil, fmt.Errorf("splitting instance template name: %w", err)
 	}
-	instanceTemplate, err := c.instanceTemplateAPI.Get(ctx, &computepb.GetInstanceTemplateRequest{
-		InstanceTemplate: instanceTemplateName,
-		Project:          instanceTemplateProject,
-	})
+	instanceTemplate, err := c.instanceTemplateAPI.Get(instanceTemplateProject, instanceTemplateName)
 	if err != nil {
 		return nil, fmt.Errorf("getting instance template %q: %w", instanceTemplateName, err)
 	}
 	return instanceTemplate, nil
 }
 
-func instanceTemplateSourceImage(instanceTemplate *computepb.InstanceTemplate) (string, error) {
+func instanceTemplateSourceImage(instanceTemplate *computeREST.InstanceTemplate) (string, error) {
 	if instanceTemplate.Properties == nil ||
 		len(instanceTemplate.Properties.Disks) == 0 ||
 		instanceTemplate.Properties.Disks[0].InitializeParams == nil ||
-		instanceTemplate.Properties.Disks[0].InitializeParams.SourceImage == nil {
+		instanceTemplate.Properties.Disks[0].InitializeParams.SourceImage == "" {
 		return "", errors.New("instance template has no source image")
 	}
-	return uriNormalize(*instanceTemplate.Properties.Disks[0].InitializeParams.SourceImage), nil
+	return uriNormalize(instanceTemplate.Properties.Disks[0].InitializeParams.SourceImage), nil
 }