operator: use GCP REST API for instance templates

msanft commented 2 weeks ago

Context

GCP upgrades were broken previously as new nodes didn't use the correct instance types. This was caused by the Protobuf-based GCP Go SDK isn't aware of the confidential_instance_type field, which thus wasn't copied when creating a new instance template during an upgrade. This can be circumvented by using the REST API implementation, which is aware of the field.

Proposed change(s)

Use the GCP REST API (the corresponding Go SDK, really) for managing instance templates during an upgrade.

Additional info

AB#4660
Instance template created before this change is missing confidential_instance_type
Instance template created after this change has it set.

Checklist

[x] Run the E2E tests that are relevant to this PR's changes
- GCP (SEV-SNP) upgrade test
[x] Add labels (e.g., for changelog category)
[x] Is PR title adequate for changelog?
[x] Link to Milestone

netlify[bot] commented 2 weeks ago

Deploy Preview for constellation-docs canceled.

Name	Link
Latest commit	158b12079afdb363b99930bf76d04331ff76cacd
Latest deploy log	https://app.netlify.com/sites/constellation-docs/deploys/66e99c04723c4200083d8ba4

msanft commented 2 weeks ago

From my manual testing, it seems that this patch is not sufficient to make SEV-SNP upgrades on GCP work again. Anyhow, I verified that this fix alone is correct by checking that instance templates now use the correct confidential instance type, so I think this fix should be merged in either case.

github-actions[bot] commented 2 weeks ago

Coverage report

Package	Old	New	Trend
operators/constellation-node-operator/internal/cloud/gcp/client	43.90%	43.70%	:arrow_lower_right:

edgelesssys / constellation