-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Adding support for cert rotations. * Adding APIMConfig template --------- Co-authored-by: Karnveer Gill <karnveer_gill@trimble.com>
- Loading branch information
1 parent
af045e0
commit 697fa5f
Showing
4 changed files
with
109 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
84 changes: 84 additions & 0 deletions
84
atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
package trccertmgmtbase | ||
|
||
import ( | ||
"context" | ||
"encoding/base64" | ||
"errors" | ||
"fmt" | ||
"os" | ||
"strings" | ||
"time" | ||
|
||
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to" | ||
"github.com/Azure/azure-sdk-for-go/sdk/azidentity" | ||
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement/v2" | ||
eUtils "github.com/trimble-oss/tierceron/pkg/utils" | ||
"github.com/trimble-oss/tierceron/pkg/vaulthelper/kv" | ||
) | ||
|
||
func CommonMain(certPathPtr *string, driverConfig *eUtils.DriverConfig, mod *kv.Modifier) error { | ||
if len(*certPathPtr) == 0 { | ||
return errors.New("certPath flag is empty, expected path to cert") | ||
} | ||
|
||
certBytes, err := os.ReadFile(*certPathPtr) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
apimConfigMap := make(map[string]string) | ||
tempMap, readErr := mod.ReadData("super-secrets/Restricted/APIMConfig/config") | ||
if readErr != nil { | ||
return readErr | ||
} else if len(tempMap) == 0 { | ||
return errors.New("Couldn't get apim configs for update.") | ||
} | ||
|
||
for key, value := range tempMap { | ||
apimConfigMap[fmt.Sprintf("%v", key)] = fmt.Sprintf("%v", value) | ||
} | ||
|
||
svc, err := azidentity.NewClientSecretCredential( | ||
apimConfigMap["azureTenantId"], | ||
apimConfigMap["azureClientId"], | ||
apimConfigMap["azureClientSecret"], | ||
nil) | ||
if err != nil { | ||
driverConfig.CoreConfig.Log.Printf("failed to obtain a credential: %v", err) | ||
return err | ||
} | ||
|
||
ctx, _ := context.WithCancel(context.Background()) | ||
clientFactory, err := armapimanagement.NewClientFactory(apimConfigMap["SUBSCRIPTION_ID"], svc, nil) | ||
if err != nil { | ||
driverConfig.CoreConfig.Log.Printf("failed to create client: %v", err) | ||
return err | ||
} | ||
|
||
if resourceGroupName, exists := apimConfigMap["RESOURCE_GROUP_NAME"]; exists { | ||
if serviceName, exists := apimConfigMap["SERVICE_NAME"]; exists { | ||
certificateId := time.Now().UTC().Format(strings.ReplaceAll(time.RFC3339, ":", "-")) | ||
|
||
etag := "*" | ||
|
||
_, err = clientFactory.NewCertificateClient().CreateOrUpdate(ctx, resourceGroupName, serviceName, certificateId, armapimanagement.CertificateCreateOrUpdateParameters{ | ||
Properties: &armapimanagement.CertificateCreateOrUpdateProperties{ | ||
Data: to.Ptr(base64.StdEncoding.EncodeToString(certBytes)), | ||
Password: to.Ptr(apimConfigMap["CERTIFICATE_PASSWORD"]), | ||
}, | ||
}, &armapimanagement.CertificateClientCreateOrUpdateOptions{IfMatch: &etag}) | ||
|
||
if err != nil { | ||
driverConfig.CoreConfig.Log.Printf("failed to finish certificate request") | ||
return err | ||
} | ||
|
||
fmt.Printf("Certificate %v successfully deployed\n", certificateId) | ||
} else { | ||
return errors.New("SERVICE_NAME is not populated in apimConfigMap") | ||
} | ||
} else { | ||
return errors.New("RESOURCE_GROUP_NAME is not populated in apimConfigMap") | ||
} | ||
return nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
installation/trcsh/trc_templates/APIMConfig/APIMConfig/config.yml.tmpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
API_MANAGEMENT_SERVICE_NAME: {{ .API_MANAGEMENT_SERVICE_NAME }} | ||
API_URL: {{ .API_URL }} | ||
SUBSCRIPTION_ID: {{ .SUBSCRIPTION_ID }} | ||
RESOURCE_GROUP_NAME: {{ .RESOURCE_GROUP_NAME }} | ||
SERVICE_NAME: {{ .SERVICE_NAME }} | ||
API_NAME: {{ .API_NAME }} | ||
API_PATH: {{ .API_PATH }} | ||
azureClientId: {{ .azureClientId }} | ||
azureClientSecret: {{ .azureClientSecret }} | ||
azureTenantId: {{.azureTenantId }} | ||
API_TITLE: {{.API_TITLE }} | ||
CERTIFICATE_PASSWORD: {{.CERTIFICATE_PASSWORD }} |