Merge pull request #49 from Appdynamics/features/rbac

Merging RBAC and License Rules
CiscoDevNet · Apr 20, 2021 · b45610f · b45610f
2 parents fecd49d + 57a28ff
commit b45610f
Show file tree

Hide file tree

Showing 31 changed files with 1,665 additions and 38 deletions.
diff --git a/.github/workflows/DockerBuildPush.yml b/.github/workflows/DockerBuildPush.yml
@@ -19,7 +19,7 @@ jobs:
           tag_with_ref: true
           dockerfile: docker/Dockerfile
 
-  QA-DcokerImage:
+  QA-DockerImage:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2

diff --git a/.github/workflows/QAConfigMyApp.yml b/.github/workflows/QAConfigMyApp.yml
@@ -10,7 +10,7 @@ on:
     branches: [ master, develop ]
 
 jobs:
-  DcokerImage-QA:
+  DockerImage-QA:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
@@ -32,53 +32,53 @@ jobs:
           echo Running basic CMA
           pwd
           ls -ltr
-          ./start.sh -a Jenkins_API -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} 
+          ./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} 
       
     - name: TestCase1- Basic ConfigMyApp with default dashboard off
       run: |
           echo Running basic CMA with default dashboard off
           pwd
           ls -ltr
-          ./start.sh -a Jenkins_API -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
+          ./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
                  
     - name: TestCase2- BT_ONLY
       env:
         CMA_USE_HTTPS: false
       run: |
           echo Running BT_ONLY,
-          ./start.sh -a Jenkins_API --bt-only -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
+          ./start.sh -a Jenkins_API_Demo --bt-only -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
           
     - name: TestCase3- Action suppression. Default.
       run: |
           echo Running Action Suppression,
-          ./start.sh -a Jenkins_API --suppress-action -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
+          ./start.sh -a Jenkins_API_Demo --suppress-action -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
           
     - name: TestCase4- Action suppression. Date and duration.
       run: |
           echo Running Action Suppression 
           #--suppress-start=$(date -d " + 20 minutes" -u  +%FT%T)
-          ./start.sh -a Jenkins_API  --suppress-action  --suppress-duration=120 -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
+          ./start.sh -a Jenkins_API_Demo  --suppress-action  --suppress-duration=120 -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
           
     - name: TestCase5- Upload custom dashboard - runtime
       run: |
           echo Running Dash upload
           curl https://gist.githubusercontent.com/iogbole/48e7568454b066132700c4fe039c2cff/raw/4aa417193e7ce9f3cce2410e67d525761cb6d678/gistfile1.txt -o ./custom_dashboards/CustomDashboard_vanilla.json
           echo Running SIM and DB,
-          ./start.sh -a IoT_API --upload-custom-dashboard -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
+          ./start.sh -a Jenkins_API_Demo --upload-custom-dashboard -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
           
     - name: TestCase6- Upload custom dashboard - env variables
       run: |
           echo Running Dash upload
           curl https://gist.githubusercontent.com/iogbole/48e7568454b066132700c4fe039c2cff/raw/4aa417193e7ce9f3cce2410e67d525761cb6d678/gistfile1.txt -o ./custom_dashboards/CustomDashboard_vanilla.json
           export CMA_UPLOAD_CUSTOM_DASHBOARD=true
-          ./start.sh -a IoT_API -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
+          ./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
 
     - name: TestCase7- Health rules only - no overwrite - parameters
       env:
         CMA_USE_HTTPS: false
       run: |
           echo Running health rules only, get values from runtime parameters,
-          ./start.sh -a Jenkins_API --health-rules-only --no-health-rules-overwrite -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
+          ./start.sh -a Jenkins_API_Demo --health-rules-only --no-health-rules-overwrite -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
 
     - name: TestCase8- Health rules only - overwrite - env variables
       env:
@@ -87,7 +87,7 @@ jobs:
         CMA_HEALTH_RULES_ONLY: true
       run: |
           echo Running health rules only, get values from environment variables,
-          ./start.sh -a Jenkins_API -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
+          ./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
 
     - name: TestCase9- Health rules only - overwrite default - config
       env:
@@ -96,7 +96,7 @@ jobs:
           cp config.json config.json.bkp
           curl https://gist.githubusercontent.com/AlexJov/63ccb17421208679ef63b55afafea712/raw/b8e5ebc5399a8d7df5422ff07c49c892f0c3bd63/config.json -o ./config.json
           echo Running health rules only, get values from config,
-          ./start.sh -a Jenkins_API -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
+          ./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
           cp config.json.bkp config.json
 
     - name: TestCase10- Delete health rules, existing
@@ -107,29 +107,29 @@ jobs:
           curl https://gist.githubusercontent.com/AlexJov/03317fd4271325fbd6678dded2df6e91/raw/bb33a4b3abcaed762f1a5b262586183c6efd4402/CpuUtilisationTooHighToDelete.json -o ./health_rules/ServerVisibility/CpuUtilisationTooHighToDelete.json
           
           echo Running health rules only, import additional health rules,
-          ./start.sh -a Jenkins_API -u appd --include-sim --health-rules-only -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
+          ./start.sh -a Jenkins_API_Demo -u appd --include-sim --health-rules-only -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
 
           echo Delete health rules:
-          ./start.sh -a Jenkins_API --health-rules-delete "Agent Availability to Delete, Server Health: CPU Utilisation is too high to Delete" -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
+          ./start.sh -a Jenkins_API_Demo --health-rules-delete "Agent Availability to Delete, Server Health: CPU Utilisation is too high to Delete" -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
 
     - name: TestCase11- Delete health rules, non existing
       env:
         CMA_USE_HTTPS: false
       run: |
           echo Delete health rules, delete health rules from TestCase10
-          ./start.sh -a Jenkins_API --health-rules-delete "There is no this rule name" -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
+          ./start.sh -a Jenkins_API_Demo --health-rules-delete "There is no this rule name" -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
     
     - name: TestCase12- Overwrite Health rules - runtime 
       run: |
           echo Running basic CMA
           pwd
           ls -ltr
-          ./start.sh -a Jenkins_API --health-rules-only --overwrite-health-rules -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
+          ./start.sh -a Jenkins_API_Demo --health-rules-only --overwrite-health-rules -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
     
     - name: TestCase13- Upload default dashboard SIM and DB - runtime
       run: |
           echo Running SIM and DB, runtime
-          ./start.sh -a IoT_API --upload-default-dashboard --include-database  --database-name 'ConfigMyApp' --include-sim -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} 
+          ./start.sh -a Jenkins_API_Demo --upload-default-dashboard --include-database  --database-name 'ConfigMyApp' --include-sim -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} 
     
     - name: TestCase14- Upload default dashboard - env variables
       env:
@@ -140,5 +140,46 @@ jobs:
         CMA_INCLUDE_SIM: true
       run: |
           echo Running SIM and DB, env vars
-          ./start.sh -a IoT_API -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} 
+          ./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} 
       
+    - name: TestCase15- rbac roles and saml groups - runtime 
+      env:
+        CMA_UPLOAD_DEFAULT_DASHBOARD: false
+      run: |
+          echo Running RBAC, runtime parameters
+          ./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --rbac-only --rbac-action="role-saml"
+
+    - name: TestCase16- rbac roles and saml groups - env variables
+      env:
+        CMA_UPLOAD_DEFAULT_DASHBOARD: false
+        CMA_RBAC_ONLY: true
+        CMA_RBAC_ACTION: "role-saml"
+        CMA_RBAC_ROLE_NAME: "test-role"
+        CMA_RBAC_ROLE_DESCRIPTION: "test-role-desc"
+        CMA_RBAC_SAML_GROUP_NAME: "test-saml-group"
+      run: |
+          echo Running RBAC, env vars
+          ./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }}
+
+    - name: TestCase17- rbac roles and saml groups - no names provided - env variables
+      env:
+        CMA_UPLOAD_DEFAULT_DASHBOARD: false
+        CMA_RBAC_ONLY: true
+        CMA_RBAC_ACTION: "role-saml"
+      run: |
+          echo Running RBAC, env vars
+          ./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }}
+
+    - name: TestCase18- sensitive data masking - env variables
+      env:
+        CMA_UPLOAD_DEFAULT_DASHBOARD: false
+        CMA_DATA_MASKING: true
+        CMA_DATA_MASKING_PATTERNS: "-.*8090"
+        CMA_DATA_MASKING_STRATEGY: "exact"
+      run: |
+          echo Running sensitive data masking, env vars
+          ./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }}
+          last_log_line=$(tail -n 1 error.log)
+          echo "Logged: ${last_log_line}" 
+
+
diff --git a/.gitignore b/.gitignore
@@ -17,3 +17,7 @@ api_actions/uploaded/*.json*
 api_actions/actions/*.json*
 custom_dashboards/*.json*
 custom_dashboards/uploaded/*.json*
+cookie.appd
+rbac/restui_role_files/uploaded/*.json
+rbac/restui_saml_files/uploaded/*.json
+rbac/restui_license_rules_files/uploaded/*.json
diff --git a/config.json b/config.json
@@ -49,5 +49,22 @@
       "suppress_upload_files": false,
       "suppress_delete": ""
     }
+  ],
+  "rbac": [
+    {
+      "rbac_only": false,
+      "rbac_action": "role-saml",
+      "rbac_role_name": "",
+      "rbac_role_description": "",
+      "rbac_saml_group_name": "",
+      "rbac_license_rule_name": ""
+    }
+  ],
+  "sensitive_data": [
+    {
+      "data_masking": true,
+      "data_masking_patterns": "-.*8090",
+      "data_masking_strategy": "exact"
+    }
   ]
 }
diff --git a/docker/env.list b/docker/env.list
@@ -1,6 +1,6 @@
 
-CMA_APPLICATION_NAME=IoT_API
-CMA_CONTROLLER_HOST=configmyappdemo-2044no-uzyczrm0.appd-cx.com
+CMA_APPLICATION_NAME=Jenkins_API
+CMA_CONTROLLER_HOST=configmyappdemo-20103n-m3lp0zmi.appd-cx.com
 CMA_CONTROLLER_PORT=8090
 CMA_USE_HTTPS=false
 CMA_USERNAME=appd

diff --git a/docker/run.sh b/docker/run.sh
@@ -15,6 +15,14 @@ fi
 #standard run
 docker run --rm --env-file env.list ${image_name}:${version} 
 
+if [ $? -eq 0 ]
+then
+  echo "Successful Docker container run. Proceeding..."
+else
+  echo "Error occurred. Could not run the Docker container." >&2
+  exit 1
+fi
+
 docker ps
 
 # change directory to the root folder where mounted volumes are located - if you're executing the ./run.sh script

diff --git a/modules/actions/application-action-suppression.sh b/modules/actions/application-action-suppression.sh
@@ -2,6 +2,8 @@
 
 source ./modules/common/http_check.sh # func_check_http_status, func_check_http_response
 source ./modules/common/application.sh # func_get_application_id
+source ./modules/common/logging.sh # func_log_error_to_file
+source ./modules/common/sensitive_data.sh # func_data_masking
 
 # 1. INPUT PARAMETERS
 _controller_url=${1} # hostname + /controller
@@ -27,8 +29,9 @@ function func_check_http_response(){ # override default
         cp -rf "$filePath" "./api_actions/uploaded/${fileName}.${dt}"
         echo "Success..."
     else
-        echo "${dt} ERROR "{$http_message_body}"" >> error.log
         echo "ERROR $http_message_body"
+        http_message_body=$(func_data_masking ${http_message_body})
+        logged_to_file=$(func_log_error_to_file "${http_message_body}" "ERROR")
         exit 1
     fi
 }

diff --git a/modules/actions/upload-files-action-suppression.sh b/modules/actions/upload-files-action-suppression.sh
@@ -2,6 +2,8 @@
 
 source ./modules/common/http_check.sh # func_check_http_status, func_check_http_response
 source ./modules/common/application.sh # func_get_application_id
+source ./modules/common/logging.sh # func_log_error_to_file
+source ./modules/common/sensitive_data.sh # func_data_masking
 
 # 1. INPUT PARAMETERS
 _controller_url=${1} # hostname + /controller
@@ -31,8 +33,9 @@ function func_check_http_response(){ # function override
         cp -rf "$filePath" "./api_actions/uploaded/${fileName}.${dt}"
         echo "Success..."
     else
-        echo "${dt} ERROR "{$http_message_body}"" >> error.log
         echo "ERROR $http_message_body"
+        http_message_body=$(func_data_masking ${http_message_body})
+        logged_to_file=$(func_log_error_to_file "${http_message_body}" "ERROR")
         # do not break on failure
     fi
 }

diff --git a/modules/business_transactions/configBT.sh b/modules/business_transactions/configBT.sh
@@ -2,6 +2,8 @@
 # Match types: MATCHES_REGEX, CONTAINS, EQUALS, STARTS_WITH, ENDS_WITH, IS_IN_LIST, IS_NOT_EMPTY
 # The format of the JSON must be maintained at all times.. all four sections must be available even if you're not using them, leave them blank.
 
+source ./modules/common/logging.sh # func_log_error_to_file
+
 bt_folder="./bt_api_templates"
 bt_conf="./bt_config/configBT.json"
 bt_config_template="bt_config_template.xml"
@@ -293,7 +295,7 @@ if [ -f "$bt_file_path" ]; then
     echo "The file path is $bt_file_path"
     sleep 1
     echo ""
-    echo "Please wait while we configure BT detection rules in $appName"
+    echo "Please wait while we configure BT detection rules in $app_name"
 
     btendpoint="/transactiondetection/${app_name}/custom"
 
@@ -303,13 +305,13 @@ if [ -f "$bt_file_path" ]; then
         echo ""
         echo "*********************************************************************"
         echo "ConfigMyApp created Business transaction detection rules successfully."
-        echo "Please check $appName detection rule configuration pages."
+        echo "Please check $app_name detection rule configuration pages."
         echo "*********************************************************************"
         echo ""
     else
-        msg="An Error occured whilst creating business transaction detection rules. Please refer to the error.log file for further details"
-        echo "${dt} An Error occured whilst creating business transaction detection rules." >> error.log
-        echo "${dt} ERROR $bt_response" >>error.log
+        msg="An Error occured whilst creating business transaction detection rules. Please refer to the error.log file for further details."
+        func_log_error_to_file "An Error occured whilst creating business transaction detection rules for application '$app_name'."
+        func_log_error_to_file "$bt_response" "ERROR" 
         echo "$msg"
         echo "$bt_response"
         echo ""

diff --git a/modules/common/http_check.sh b/modules/common/http_check.sh
@@ -1,12 +1,18 @@
 #!/bin/bash
 
+source ./modules/common/sensitive_data.sh # func_data_masking
+source ./modules/common/logging.sh # func_log_error_to_file
+
+# external
 function func_check_http_status() {
     local http_code=$1
     local message_on_failure=$2
     #echo "HTTP status code: $http_code"
     if [[ $http_code -lt 200 ]] || [[ $http_code -gt 299 ]]; then
-        echo "${dt} ERROR "{$http_code: $message_on_failure}"" >> ../../error.log
-        echo "$http_code: $message_on_failure"
+        echo "ERROR $http_code: $message_on_failure"
+        # mask sensitive info (if needed)
+        message_on_failure=$(func_data_masking "${message_on_failure}" "" "")
+        logged_to_file=$(func_log_error_to_file "${message_on_failure}" "ERROR" "$http_code")
         exit 1
     fi
 }
@@ -15,14 +21,16 @@ function func_check_http_response(){
     local http_message_body="$1"
     local string_success_response_contains="$2"
     if [[ "$http_message_body" =~ "$string_success_response_contains" ]]; then # contains
-            echo "*********************************************************************"
-            echo "Success"
-            echo "*********************************************************************"
-        else
-            echo "${dt} ERROR "{$http_message_body}"" >> ../../error.log
-            echo "ERROR $http_message_body"
-            exit 1
-        fi
+        echo "*********************************************************************"
+        echo "Success"
+        echo "*********************************************************************"
+    else
+        echo "ERROR HTTP response does not contain '$string_success_response_contains'. Check logs for mode detils..."
+        # mask sensitive info (if needed)
+        http_message_body=$(func_data_masking "${http_message_body}" "" "")
+        logged_to_file=$(func_log_error_to_file "${http_message_body}" "ERROR")
+        exit 1
+    fi
 }
 
 function func_cleanup() {

diff --git a/modules/common/logging.sh b/modules/common/logging.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# intent to be internal
+function func_log_error_to_file(){
+    local message="$1"
+    local severity="$2" # optional, error by default
+    local status_code="$3" # optional
+
+    dt=$(date '+%Y-%m-%d_%H-%M-%S')
+
+    if [[ -z "$severity" ]]; then
+        severity="ERROR"
+    fi
+
+    if [[ ! -z "$status_code" ]]; then
+        status_code="'$status_code' "
+    fi
+
+    echo "${dt} ${severity} ${status_code}"${message}"" >> error.log
+}