Dynamic plugins pt2 (#911)

* Improve some logging. * Make deployments list lookups data driven from vault.
trimble-oss · Jan 26, 2024 · 4cc01c3 · 4cc01c3
1 parent 4e2b051
commit 4cc01c3
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 15 deletions.
diff --git a/atrium/vestibulum/trcdb/trcplgtoolbase/trcplgtoolbase.go b/atrium/vestibulum/trcdb/trcplgtoolbase/trcplgtoolbase.go
@@ -320,7 +320,13 @@ func CommonMain(envPtr *string,
 				}
 				sha256Bytes := sha256.Sum256(pluginImage)
 				*sha256Ptr = fmt.Sprintf("%x", sha256Bytes)
+			} else {
+				fmt.Println("Irregular image")
+				return errors.New("irregular image")
 			}
+		} else {
+			fmt.Println("Failure to stat image:" + statErr.Error())
+			return statErr
 		}
 	}
 
@@ -500,7 +506,7 @@ func CommonMain(envPtr *string,
 			fmt.Println("Checking for existing image.")
 			err := repository.GetImageAndShaFromDownload(configBase, pluginToolConfig)
 			if _, ok := pluginToolConfig["imagesha256"].(string); err != nil || !ok {
-				fmt.Println("Invalid or nonexistent image.")
+				fmt.Println("Invalid or nonexistent image on download.")
 				if err != nil {
 					fmt.Println(err.Error())
 				}

diff --git a/atrium/vestibulum/trcsh/deployutil/deployutil.go b/atrium/vestibulum/trcsh/deployutil/deployutil.go
@@ -104,21 +104,30 @@ func GetDeployers(config *eUtils.DriverConfig) ([]string, error) {
 	envParts := strings.Split(config.EnvRaw, "-")
 	mod.Env = envParts[0]
 
-	plugListData, pluginListErr := mod.List("super-secrets/Index/TrcVault/trcplugin", config.Log)
-	if pluginListErr != nil {
-		return nil, pluginListErr
+	deploymentListData, deploymentListDataErr := mod.List("super-secrets/Index/TrcVault/trcplugin", config.Log)
+	if deploymentListDataErr != nil {
+		return nil, deploymentListDataErr
 	}
 
-	if plugListData == nil {
+	if deploymentListData == nil {
 		return nil, errors.New("no plugins available")
 	}
-	pluginList := []string{}
+	deploymentList := []string{}
 
-	for _, plugListInterface := range plugListData.Data {
-		for _, plugin := range plugListInterface.([]interface{}) {
-			pluginList = append(pluginList, plugin.(string))
+	for _, deploymentInterface := range deploymentListData.Data {
+		for _, deploymentPath := range deploymentInterface.([]interface{}) {
+			deployment := strings.TrimSuffix(deploymentPath.(string), "/")
+
+			deploymentConfig, deploymentConfigErr := mod.ReadData(fmt.Sprintf("super-secrets/Index/TrcVault/trcplugin/%s/Certify", deployment))
+			if deploymentConfigErr != nil || deploymentConfig == nil {
+				continue
+			}
+
+			if deploymentConfig["trctype"].(string) == "trcshservice" {
+				deploymentList = append(deploymentList, deployment)
+			}
 		}
 	}
 
-	return pluginList, nil
+	return deploymentList, nil
 }
diff --git a/atrium/vestibulum/trcshbase/trcsh.go b/atrium/vestibulum/trcshbase/trcsh.go
@@ -304,7 +304,8 @@ func CommonMain(envPtr *string, addrPtr *string, envCtxPtr *string,
 
 		// Preload agent synchronization configs...
 		var errAgentLoad error
-		gAgentConfig, _, errAgentLoad = capauth.NewAgentConfig(address,
+		var trcshConfig *capauth.TrcShConfig
+		gAgentConfig, trcshConfig, errAgentLoad = capauth.NewAgentConfig(address,
 			agentToken,
 			agentEnv, deployCtlAcceptRemoteNoTimeout, nil)
 		if errAgentLoad != nil {
@@ -313,7 +314,9 @@ func CommonMain(envPtr *string, addrPtr *string, envCtxPtr *string,
 		}
 
 		// Initialize deployers.
-		config, err := TrcshInitConfig(*envPtr, *regionPtr, true)
+		config, err := TrcshInitConfig(*gAgentConfig.Env, *regionPtr, true)
+		config.AppRoleConfig = *trcshConfig.ConfigRole
+		config.VaultAddress = *trcshConfig.VaultAddress
 		deployments, err := deployutil.GetDeployers(config)
 		if err != nil {
 			fmt.Println("trcsh agent bootstrap failure.")

diff --git a/pkg/capauth/agentconfig.go b/pkg/capauth/agentconfig.go
@@ -73,6 +73,21 @@ func ValidateVhostInverse(host string, protocol string, inverse bool) error {
 	return errors.New("Bad host: " + host)
 }
 
+func (agentconfig *AgentConfigs) RetryingPenseFeatherQuery(pense string) (*string, error) {
+	retry := 0
+	for retry < 5 {
+		result, err := agentconfig.PenseFeatherQuery(agentconfig.FeatherContext, pense)
+
+		if err != nil || result == nil || *result == "...." {
+			time.Sleep(time.Second)
+			retry = retry + 1
+		} else {
+			return result, err
+		}
+	}
+	return nil, errors.New("unavailable secrets")
+}
+
 func (agentconfig *AgentConfigs) PenseFeatherQuery(featherCtx *cap.FeatherContext, pense string) (*string, error) {
 	penseCode := randomString(7 + rand.Intn(7))
 	penseArray := sha256.Sum256([]byte(penseCode))
@@ -176,12 +191,15 @@ func NewAgentConfig(address string,
 			EnvContext: trcHatEnv,
 		}
 
-		trcShConfigRole, penseError := agentconfig.PenseFeatherQuery(agentconfig.FeatherContext, "configrole")
+		var penseError error
+		trcshConfig.ConfigRole, penseError = agentconfig.RetryingPenseFeatherQuery("configrole")
+		if penseError != nil {
+			return nil, nil, penseError
+		}
+		trcshConfig.VaultAddress, penseError = agentconfig.RetryingPenseFeatherQuery("caddress")
 		if penseError != nil {
 			return nil, nil, penseError
 		}
-		memprotectopts.MemProtect(nil, trcShConfigRole)
-		trcshConfig.ConfigRole = trcShConfigRole
 
 		return agentconfig, trcshConfig, nil
 	}