diff --git a/deploy/examples/se_demo/main.tf b/deploy/examples/se_demo/main.tf index 706e0b444..2834677fe 100644 --- a/deploy/examples/se_demo/main.tf +++ b/deploy/examples/se_demo/main.tf @@ -155,15 +155,15 @@ module "gw_attachments" { ] } -# module "db_onboarding" { -# count = 1 -# source = "../../modules/db_onboarding" -# hub_address = module.hub.public_address -# hub_ssh_key_path = resource.local_sensitive_file.dsf_ssh_key_file.filename -# assignee_gw = module.hub_install.jsonar_uid -# } +module "db_onboarding" { + count = 1 + source = "../../modules/db_onboarding" + hub_address = module.hub.public_address + hub_ssh_key_path = resource.local_sensitive_file.dsf_ssh_key_file.filename + assignee_gw = module.hub_install.jsonar_uid +} -# output "db_details" { -# value = module.db_onboarding -# sensitive = true -# } +output "db_details" { + value = module.db_onboarding + sensitive = true +} diff --git a/deploy/modules/db_onboarding/artifacts/generate_token.sh b/deploy/modules/db_onboarding/artifacts/generate_token.sh new file mode 100644 index 000000000..0529dbe1a --- /dev/null +++ b/deploy/modules/db_onboarding/artifacts/generate_token.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +client_id="terraform-automation" +reason="Token autogenerated by terraform" + +# Generate access token to hub +sudo curl -w '\n' \ + --cacert $JSONAR_LOCALDIR/ssl/ca/ca.cert.pem \ + --cert $JSONAR_LOCALDIR/ssl/client/admin/cert.pem \ + --key $JSONAR_LOCALDIR/ssl/client/admin/key.pem \ + -X POST 'https://localhost:27920/tokens' \ + -H 'Content-type: application/json' \ + -d '{"client_id":"'$client_id'","user":"admin","reason":"'"$reason"'","grants":["usc:access"]}' | cut -d\" -f4 diff --git a/deploy/modules/db_onboarding/artifacts/s3get.sh b/deploy/modules/db_onboarding/artifacts/s3get.sh new file mode 100644 index 000000000..0238efdff --- /dev/null +++ b/deploy/modules/db_onboarding/artifacts/s3get.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +function s3get { + #helper functions + function fail { echo "$1" > /dev/stderr; exit 1; } + #dependency check + if ! hash openssl 2>/dev/null; then fail "openssl not installed"; fi + if ! hash curl 2>/dev/null; then fail "curl not installed"; fi + #params + path="${1}" + bucket=$(cut -d '/' -f 1 <<< "$path") + key=$(cut -d '/' -f 2- <<< "$path") + #load creds + access="$AWS_ACCESS_KEY_ID" + secret="$AWS_SECRET_ACCESS_KEY" + #validate + if [[ "$bucket" = "" ]]; then fail "missing bucket (arg 1)"; fi; + if [[ "$key" = "" ]]; then fail "missing key (arg 1)"; fi; + if [[ "$access" = "" ]]; then fail "missing AWS_ACCESS_KEY (env var)"; fi; + if [[ "$secret" = "" ]]; then fail "missing AWS_SECRET_KEY (env var)"; fi; + #compute signature + contentType="text/html; charset=UTF-8" + date="`date -u +'%a, %d %b %Y %H:%M:%S GMT'`" + resource="/${bucket}/${key}" + string="GET\n\n${contentType}\n\nx-amz-date:${date}\n${resource}" + signature=`echo -en $string | openssl sha1 -hmac "${secret}" -binary | base64` + #get! + curl -H "x-amz-date: ${date}" \ + -H "Content-Type: ${contentType}" \ + -H "Authorization: AWS ${access}:${signature}" \ + "https://s3.amazonaws.com${resource}" +} + +#example usage +#s3get bucket/path/to/file > /tmp/file \ No newline at end of file diff --git a/deploy/modules/db_onboarding/artifacts/sonar_onboarder-1.4-SNAPSHOT-all.jar b/deploy/modules/db_onboarding/artifacts/sonar_onboarder-1.4.1-SNAPSHOT-all.jar similarity index 99% rename from deploy/modules/db_onboarding/artifacts/sonar_onboarder-1.4-SNAPSHOT-all.jar rename to deploy/modules/db_onboarding/artifacts/sonar_onboarder-1.4.1-SNAPSHOT-all.jar index 04fd8b169..6b1528752 100644 Binary files a/deploy/modules/db_onboarding/artifacts/sonar_onboarder-1.4-SNAPSHOT-all.jar and b/deploy/modules/db_onboarding/artifacts/sonar_onboarder-1.4.1-SNAPSHOT-all.jar differ diff --git a/deploy/modules/db_onboarding/onboarder.tpl b/deploy/modules/db_onboarding/onboarder.tpl index bb28f49bb..f93df50d6 100644 --- a/deploy/modules/db_onboarding/onboarder.tpl +++ b/deploy/modules/db_onboarding/onboarder.tpl @@ -1,24 +1,28 @@ #!/bin/bash -x set -e -client_id=terraform-automation -reason="Token autogenerated by terraform" - -# Generate access token to hub -cat << EOF > generate_token.sh -sudo curl -w '\n' \ - --cacert \$JSONAR_LOCALDIR/ssl/ca/ca.cert.pem \ - --cert \$JSONAR_LOCALDIR/ssl/client/admin/cert.pem \ - --key \$JSONAR_LOCALDIR/ssl/client/admin/key.pem \ - -X POST 'https://localhost:27920/tokens' \ - -H 'Content-type: application/json' \ - -d '{"client_id":"'$client_id'","user":"admin","reason":"'"$reason"'","grants":["usc:access"]}' | cut -d\" -f4 -EOF - -scp -o StrictHostKeyChecking="no" -i ${ssh_key_path} generate_token.sh ec2-user@${dsf_hub_address}:generate_token.sh +scp -o StrictHostKeyChecking="no" -i ${ssh_key_path} ${module_path}/artifacts/generate_token.sh ec2-user@${dsf_hub_address}:generate_token.sh ssh -o StrictHostKeyChecking="no" -i ${ssh_key_path} ec2-user@${dsf_hub_address} -C "chmod +x ./generate_token.sh && ./generate_token.sh" > hub_token hub_token=$(cat hub_token) echo token: $hub_token # Run oboarder jar -java -jar ${module_path}/artifacts/sonar_onboarder-1.4-SNAPSHOT-all.jar ${db_arn} ${dsf_hub_address} $hub_token ${assignee_gw} ${db_user} ${db_password} +JAR=${module_path}/artifacts/sonar_onboarder-1.4.1-SNAPSHOT-all.jar +JDK=jdk-16.0.2_linux-x64_bin.tar.gz +JDK_BUCKET=1ef8de27-ed95-40ff-8c08-7969fc1b7901 + +if command -v java &> /dev/null; then + java -jar $JAR ${db_arn} ${dsf_hub_address} $hub_token ${assignee_gw} ${db_user} ${db_password} +else + echo "jave is not installed on the workstation. Copying jar to hub and run it from there" + if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then + echo "For overcming the lack of java problem, we need the have AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY defined" + exit 1 + else + set -x + . ${module_path}/artifacts/s3get.sh + s3get $JDK_BUCKET/$JDK > $JDK + tar zxvf $JAR + ./jdk-16.0.2/bin/java -jar $JAR ${db_arn} ${dsf_hub_address} $hub_token ${assignee_gw} ${db_user} ${db_password} + fi +fi