From 4e40945b96f4da72f812934738000739d1599e22 Mon Sep 17 00:00:00 2001 From: Isaac Boaz Date: Tue, 2 Jul 2024 10:54:18 -0700 Subject: [PATCH 01/12] Begin work on certPath support --- atrium/vestibulum/trcdb/trcplgtoolbase/trcplgtoolbase.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/atrium/vestibulum/trcdb/trcplgtoolbase/trcplgtoolbase.go b/atrium/vestibulum/trcdb/trcplgtoolbase/trcplgtoolbase.go index 9eb5f47e2..fcb30940e 100644 --- a/atrium/vestibulum/trcdb/trcplgtoolbase/trcplgtoolbase.go +++ b/atrium/vestibulum/trcdb/trcplgtoolbase/trcplgtoolbase.go @@ -95,6 +95,9 @@ func CommonMain(envDefaultPtr *string, //APIM flags updateAPIMPtr := flagset.Bool("updateAPIM", false, "Used to update Azure APIM") + // Cert flags + // certPathPtr := flagset.String("certPath", "", "Path to certificate to push to Azure") + if trcshDriverConfig == nil || !trcshDriverConfig.DriverConfig.IsShellSubProcess { args := argLines[1:] for i := 0; i < len(args); i++ { From 810a9eee828a688dc3ad7ef8169a97f95a4a200a Mon Sep 17 00:00:00 2001 From: Isaac Boaz Date: Tue, 2 Jul 2024 12:20:04 -0700 Subject: [PATCH 02/12] Init new trccertmgmtbase --- .../trcdb/trccertmgmtbase/trccertmgmtbase.go | 63 +++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go diff --git a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go new file mode 100644 index 000000000..09996c4a5 --- /dev/null +++ b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go @@ -0,0 +1,63 @@ +package trccertmgmtbase + +import ( + "encoding/json" + "errors" + "flag" + "fmt" + "os" + + "github.com/getkin/kin-openapi/openapi2" + "github.com/trimble-oss/tierceron/buildopts/memonly" + "github.com/trimble-oss/tierceron/buildopts/memprotectopts" + "github.com/trimble-oss/tierceron/pkg/vaulthelper/kv" +) + +func CommonMain(flagset *flag.FlagSet, mod *kv.Modifier) error { + if flagset == nil { + flagset = flag.NewFlagSet(os.Args[0], flag.ExitOnError) + } + certPathPtr := flagset.String("certPath", "", "Path to certificate to push to Azure") + + if len(*certPathPtr) == 0 { + return errors.New("certPath flag is empty, expected path to cert") + } + + if memonly.IsMemonly() { + memprotectopts.MemProtectInit(nil) + } + + certBytes, err := os.ReadFile(*certPathPtr) + if err != nil { + return err + } + + path, pathErr := os.Getwd() + if pathErr != nil { + return pathErr + } + + swaggerBytes, fileErr := os.ReadFile(path + "/target/swagger.json") + if fileErr != nil { + return fileErr + } + + var swaggerDoc openapi2.T + swaggerErr := json.Unmarshal(swaggerBytes, &swaggerDoc) + if swaggerErr != nil { + return swaggerErr + } + + apimConfigMap := make(map[string]string) + tempMap, readErr := mod.ReadData("super-secrets/Restricted/APIMCertConfig/config") + if readErr != nil { + return readErr + } else if len(tempMap) == 0 { + return errors.New("Couldn't get apim configs for update.") + } + + for key, value := range tempMap { + apimConfigMap[fmt.Sprintf("%v", key)] = fmt.Sprintf("%v", value) + } + +} From db54fffe1beb10225c821fb695ad74cf9d5afd9a Mon Sep 17 00:00:00 2001 From: Isaac Boaz Date: Tue, 2 Jul 2024 12:36:46 -0700 Subject: [PATCH 03/12] Copy from trcapimgmt --- .../trcdb/trcapimgmtbase/trcapimgmtbase.go | 2 +- .../trcdb/trccertmgmtbase/trccertmgmtbase.go | 84 ++++++++++++++++++- 2 files changed, 84 insertions(+), 2 deletions(-) diff --git a/atrium/vestibulum/trcdb/trcapimgmtbase/trcapimgmtbase.go b/atrium/vestibulum/trcdb/trcapimgmtbase/trcapimgmtbase.go index 2fdc646a8..4bb840f2f 100644 --- a/atrium/vestibulum/trcdb/trcapimgmtbase/trcapimgmtbase.go +++ b/atrium/vestibulum/trcdb/trcapimgmtbase/trcapimgmtbase.go @@ -129,7 +129,7 @@ func CommonMain(envPtr *string, return err } - //Adding a 3 minute timeout on APIM Update. + //Adding a 2 minute timeout on APIM Update. go func(ctxC context.CancelFunc) { time.Sleep(time.Second * 120) ctxC() diff --git a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go index 09996c4a5..6fa0a90b9 100644 --- a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go +++ b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go @@ -1,19 +1,27 @@ package trccertmgmtbase import ( + "context" "encoding/json" "errors" "flag" "fmt" "os" + "strings" + "time" + "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement/v2" "github.com/getkin/kin-openapi/openapi2" + "github.com/getkin/kin-openapi/openapi2conv" "github.com/trimble-oss/tierceron/buildopts/memonly" "github.com/trimble-oss/tierceron/buildopts/memprotectopts" + eUtils "github.com/trimble-oss/tierceron/pkg/utils" "github.com/trimble-oss/tierceron/pkg/vaulthelper/kv" ) -func CommonMain(flagset *flag.FlagSet, mod *kv.Modifier) error { +func CommonMain(flagset *flag.FlagSet, driverConfig *eUtils.DriverConfig, mod *kv.Modifier) error { if flagset == nil { flagset = flag.NewFlagSet(os.Args[0], flag.ExitOnError) } @@ -60,4 +68,78 @@ func CommonMain(flagset *flag.FlagSet, mod *kv.Modifier) error { apimConfigMap[fmt.Sprintf("%v", key)] = fmt.Sprintf("%v", value) } + openapi, convertErr := openapi2conv.ToV3(&swaggerDoc) + if convertErr != nil { + return convertErr + } + + validateErr := openapi.Validate(context.Background()) + if validateErr != nil { + return validateErr + } + + openapiByteArray, err := json.Marshal(openapi) + openApiString := string(openapiByteArray) + openApiString = strings.Replace(openApiString, "alpha", "1.0", 1) + + if !strings.Contains(openApiString, `"openapi":"3.0.3","servers": [{"url":"`+apimConfigMap["API_URL"]+`"}]`) { + openApiString = strings.Replace(openApiString, `"openapi":"3.0.3"`, `"openapi":"3.0.3","servers":[{"url":"`+apimConfigMap["API_URL"]+`"}]`, 1) + if !strings.Contains(openApiString, apimConfigMap["API_URL"]) { + return errors.New("Unable to insert server url into apim update.") + } + } + svc, err := azidentity.NewClientSecretCredential( + apimConfigMap["azureTenantId"], + apimConfigMap["azureClientId"], + apimConfigMap["azureClientSecret"], + nil) + if err != nil { + driverConfig.CoreConfig.Log.Fatalf("failed to obtain a credential: %v", err) + return err + } + + ctx, ctxCancel := context.WithCancel(context.Background()) + clientFactory, err := armapimanagement.NewClientFactory(apimConfigMap["SUBSCRIPTION_ID"], svc, nil) + if err != nil { + driverConfig.CoreConfig.Log.Fatalf("failed to create client: %v", err) + return err + } + + _, eTagErr := clientFactory.NewAPIPolicyClient().GetEntityTag(ctx, apimConfigMap["RESOURCE_GROUP_NAME"], apimConfigMap["SERVICE_NAME"], apimConfigMap["API_NAME"], armapimanagement.PolicyIDNamePolicy, nil) + if eTagErr != nil { + driverConfig.CoreConfig.Log.Fatalf("failed to finish the request: %v", eTagErr) + return eTagErr + } + + t := time.Now().UTC().Format("Monday, 02-Jan-06 15:04:05 MST") + + etag := "*" //Wildcard match on eTag, otherwise it doesn't match from command above. + poller, err := clientFactory.NewAPIClient().BeginCreateOrUpdate(ctx, apimConfigMap["RESOURCE_GROUP_NAME"], apimConfigMap["SERVICE_NAME"], apimConfigMap["API_NAME"], armapimanagement.APICreateOrUpdateParameter{ + Properties: &armapimanagement.APICreateOrUpdateProperties{ + Path: to.Ptr(apimConfigMap["API_PATH"]), //API URL Suffix in portal + Format: to.Ptr(armapimanagement.ContentFormatOpenapiJSON), + Value: to.Ptr(openApiString), + APIRevisionDescription: to.Ptr(t), //This updates the revision description with current time. + }, + }, &armapimanagement.APIClientBeginCreateOrUpdateOptions{IfMatch: &etag}) + if err != nil { + driverConfig.CoreConfig.Log.Fatalf("failed to finish the request: %v", err) + return err + } + + //Adding a 2 minute timeout on APIM Update. + go func(ctxC context.CancelFunc) { + time.Sleep(time.Second * 120) + ctxC() + }(ctxCancel) + + resp, err := poller.PollUntilDone(ctx, nil) + if err != nil { + driverConfig.CoreConfig.Log.Fatalf("failed to pull the result: %v", err) + return err + } + + fmt.Println("Success!") + _ = resp + return nil } From 42bdb9714131602dd5e8b428aee2fe179b1dd54b Mon Sep 17 00:00:00 2001 From: Isaac Boaz Date: Wed, 3 Jul 2024 08:51:51 -0700 Subject: [PATCH 04/12] Add base impl to ues certmgmt, use propery cert api --- .../trcdb/trccertmgmtbase/trccertmgmtbase.go | 50 +++++++------------ .../trcdb/trcplgtoolbase/trcplgtoolbase.go | 12 ++++- 2 files changed, 30 insertions(+), 32 deletions(-) diff --git a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go index 6fa0a90b9..79851e993 100644 --- a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go +++ b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go @@ -4,11 +4,9 @@ import ( "context" "encoding/json" "errors" - "flag" "fmt" "os" "strings" - "time" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" @@ -21,12 +19,7 @@ import ( "github.com/trimble-oss/tierceron/pkg/vaulthelper/kv" ) -func CommonMain(flagset *flag.FlagSet, driverConfig *eUtils.DriverConfig, mod *kv.Modifier) error { - if flagset == nil { - flagset = flag.NewFlagSet(os.Args[0], flag.ExitOnError) - } - certPathPtr := flagset.String("certPath", "", "Path to certificate to push to Azure") - +func CommonMain(certPathPtr *string, driverConfig *eUtils.DriverConfig, mod *kv.Modifier) error { if len(*certPathPtr) == 0 { return errors.New("certPath flag is empty, expected path to cert") } @@ -98,48 +91,43 @@ func CommonMain(flagset *flag.FlagSet, driverConfig *eUtils.DriverConfig, mod *k return err } - ctx, ctxCancel := context.WithCancel(context.Background()) + ctx, _ := context.WithCancel(context.Background()) clientFactory, err := armapimanagement.NewClientFactory(apimConfigMap["SUBSCRIPTION_ID"], svc, nil) if err != nil { driverConfig.CoreConfig.Log.Fatalf("failed to create client: %v", err) return err } - _, eTagErr := clientFactory.NewAPIPolicyClient().GetEntityTag(ctx, apimConfigMap["RESOURCE_GROUP_NAME"], apimConfigMap["SERVICE_NAME"], apimConfigMap["API_NAME"], armapimanagement.PolicyIDNamePolicy, nil) + resourceGroupName := apimConfigMap["RESOURCE_GROUP_NAME"] + serviceName := apimConfigMap["SERVICE_NAME"] + certificateId := apimConfigMap["CERTIFICATE_ID"] + + _, eTagErr := clientFactory.NewCertificateClient().GetEntityTag(ctx, resourceGroupName, serviceName, certificateId, nil) if eTagErr != nil { driverConfig.CoreConfig.Log.Fatalf("failed to finish the request: %v", eTagErr) return eTagErr } - t := time.Now().UTC().Format("Monday, 02-Jan-06 15:04:05 MST") - etag := "*" //Wildcard match on eTag, otherwise it doesn't match from command above. - poller, err := clientFactory.NewAPIClient().BeginCreateOrUpdate(ctx, apimConfigMap["RESOURCE_GROUP_NAME"], apimConfigMap["SERVICE_NAME"], apimConfigMap["API_NAME"], armapimanagement.APICreateOrUpdateParameter{ - Properties: &armapimanagement.APICreateOrUpdateProperties{ - Path: to.Ptr(apimConfigMap["API_PATH"]), //API URL Suffix in portal - Format: to.Ptr(armapimanagement.ContentFormatOpenapiJSON), - Value: to.Ptr(openApiString), - APIRevisionDescription: to.Ptr(t), //This updates the revision description with current time. - }, - }, &armapimanagement.APIClientBeginCreateOrUpdateOptions{IfMatch: &etag}) - if err != nil { - driverConfig.CoreConfig.Log.Fatalf("failed to finish the request: %v", err) - return err + + keyVault := &armapimanagement.KeyVaultContractCreateProperties{ + IdentityClientID: nil, + SecretIdentifier: nil, } - //Adding a 2 minute timeout on APIM Update. - go func(ctxC context.CancelFunc) { - time.Sleep(time.Second * 120) - ctxC() - }(ctxCancel) + _, err = clientFactory.NewCertificateClient().CreateOrUpdate(ctx, resourceGroupName, serviceName, certificateId, armapimanagement.CertificateCreateOrUpdateParameters{ + Properties: &armapimanagement.CertificateCreateOrUpdateProperties{ + Data: to.Ptr(string(certBytes)), + KeyVault: keyVault, + Password: nil, + }, + }, &armapimanagement.CertificateClientCreateOrUpdateOptions{IfMatch: &etag}) - resp, err := poller.PollUntilDone(ctx, nil) if err != nil { - driverConfig.CoreConfig.Log.Fatalf("failed to pull the result: %v", err) + driverConfig.CoreConfig.Log.Fatalf("failed to finish the request: %v", err) return err } fmt.Println("Success!") - _ = resp return nil } diff --git a/atrium/vestibulum/trcdb/trcplgtoolbase/trcplgtoolbase.go b/atrium/vestibulum/trcdb/trcplgtoolbase/trcplgtoolbase.go index fcb30940e..84a6692b9 100644 --- a/atrium/vestibulum/trcdb/trcplgtoolbase/trcplgtoolbase.go +++ b/atrium/vestibulum/trcdb/trcplgtoolbase/trcplgtoolbase.go @@ -24,6 +24,7 @@ import ( eUtils "github.com/trimble-oss/tierceron/pkg/utils" trcapimgmtbase "github.com/trimble-oss/tierceron/atrium/vestibulum/trcdb/trcapimgmtbase" + "github.com/trimble-oss/tierceron/atrium/vestibulum/trcdb/trccertmgmtbase" ) func CommonMain(envDefaultPtr *string, @@ -96,7 +97,7 @@ func CommonMain(envDefaultPtr *string, updateAPIMPtr := flagset.Bool("updateAPIM", false, "Used to update Azure APIM") // Cert flags - // certPathPtr := flagset.String("certPath", "", "Path to certificate to push to Azure") + certPathPtr := flagset.String("certPath", "", "Path to certificate to push to Azure") if trcshDriverConfig == nil || !trcshDriverConfig.DriverConfig.IsShellSubProcess { args := argLines[1:] @@ -343,6 +344,15 @@ func CommonMain(envDefaultPtr *string, return nil } + if len(*certPathPtr) > 0 { + updateCertError := trccertmgmtbase.CommonMain(certPathPtr, config, mod) + if updateCertError != nil { + fmt.Println(updateCertError.Error()) + fmt.Println("Couldn't update Cert...proceeding with build") + } + return nil + } + // Get existing configs if they exist... pluginToolConfig, plcErr := trcvutils.GetPluginToolConfig(&trcshDriverConfigBase.DriverConfig, mod, coreopts.BuildOptions.ProcessDeployPluginEnvConfig(map[string]interface{}{}), *defineServicePtr) if plcErr != nil { From e0bd26b3082d6c5d67dd27da500e872840064c81 Mon Sep 17 00:00:00 2001 From: Isaac Boaz Date: Wed, 3 Jul 2024 09:10:42 -0700 Subject: [PATCH 05/12] Support cert password being stored in vault --- atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go index 79851e993..9b5f81f90 100644 --- a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go +++ b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go @@ -119,7 +119,7 @@ func CommonMain(certPathPtr *string, driverConfig *eUtils.DriverConfig, mod *kv. Properties: &armapimanagement.CertificateCreateOrUpdateProperties{ Data: to.Ptr(string(certBytes)), KeyVault: keyVault, - Password: nil, + Password: to.Ptr(apimConfigMap["CERTIFICATE_PASSWORD"]), }, }, &armapimanagement.CertificateClientCreateOrUpdateOptions{IfMatch: &etag}) From 4df93765578b12cc3b741589524a242af39d2584 Mon Sep 17 00:00:00 2001 From: Isaac Boaz Date: Wed, 3 Jul 2024 13:16:42 -0700 Subject: [PATCH 06/12] Fix 500 errors --- .../trcdb/trccertmgmtbase/trccertmgmtbase.go | 59 ++----------------- 1 file changed, 5 insertions(+), 54 deletions(-) diff --git a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go index 9b5f81f90..1d13d90f4 100644 --- a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go +++ b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go @@ -2,17 +2,16 @@ package trccertmgmtbase import ( "context" - "encoding/json" + "encoding/base64" "errors" "fmt" "os" "strings" + "time" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement/v2" - "github.com/getkin/kin-openapi/openapi2" - "github.com/getkin/kin-openapi/openapi2conv" "github.com/trimble-oss/tierceron/buildopts/memonly" "github.com/trimble-oss/tierceron/buildopts/memprotectopts" eUtils "github.com/trimble-oss/tierceron/pkg/utils" @@ -33,24 +32,8 @@ func CommonMain(certPathPtr *string, driverConfig *eUtils.DriverConfig, mod *kv. return err } - path, pathErr := os.Getwd() - if pathErr != nil { - return pathErr - } - - swaggerBytes, fileErr := os.ReadFile(path + "/target/swagger.json") - if fileErr != nil { - return fileErr - } - - var swaggerDoc openapi2.T - swaggerErr := json.Unmarshal(swaggerBytes, &swaggerDoc) - if swaggerErr != nil { - return swaggerErr - } - apimConfigMap := make(map[string]string) - tempMap, readErr := mod.ReadData("super-secrets/Restricted/APIMCertConfig/config") + tempMap, readErr := mod.ReadData("super-secrets/Restricted/APIMConfig/config") if readErr != nil { return readErr } else if len(tempMap) == 0 { @@ -61,26 +44,6 @@ func CommonMain(certPathPtr *string, driverConfig *eUtils.DriverConfig, mod *kv. apimConfigMap[fmt.Sprintf("%v", key)] = fmt.Sprintf("%v", value) } - openapi, convertErr := openapi2conv.ToV3(&swaggerDoc) - if convertErr != nil { - return convertErr - } - - validateErr := openapi.Validate(context.Background()) - if validateErr != nil { - return validateErr - } - - openapiByteArray, err := json.Marshal(openapi) - openApiString := string(openapiByteArray) - openApiString = strings.Replace(openApiString, "alpha", "1.0", 1) - - if !strings.Contains(openApiString, `"openapi":"3.0.3","servers": [{"url":"`+apimConfigMap["API_URL"]+`"}]`) { - openApiString = strings.Replace(openApiString, `"openapi":"3.0.3"`, `"openapi":"3.0.3","servers":[{"url":"`+apimConfigMap["API_URL"]+`"}]`, 1) - if !strings.Contains(openApiString, apimConfigMap["API_URL"]) { - return errors.New("Unable to insert server url into apim update.") - } - } svc, err := azidentity.NewClientSecretCredential( apimConfigMap["azureTenantId"], apimConfigMap["azureClientId"], @@ -100,25 +63,13 @@ func CommonMain(certPathPtr *string, driverConfig *eUtils.DriverConfig, mod *kv. resourceGroupName := apimConfigMap["RESOURCE_GROUP_NAME"] serviceName := apimConfigMap["SERVICE_NAME"] - certificateId := apimConfigMap["CERTIFICATE_ID"] - - _, eTagErr := clientFactory.NewCertificateClient().GetEntityTag(ctx, resourceGroupName, serviceName, certificateId, nil) - if eTagErr != nil { - driverConfig.CoreConfig.Log.Fatalf("failed to finish the request: %v", eTagErr) - return eTagErr - } + certificateId := time.Now().UTC().Format(strings.ReplaceAll(time.RFC3339, ":", "-")) etag := "*" //Wildcard match on eTag, otherwise it doesn't match from command above. - keyVault := &armapimanagement.KeyVaultContractCreateProperties{ - IdentityClientID: nil, - SecretIdentifier: nil, - } - _, err = clientFactory.NewCertificateClient().CreateOrUpdate(ctx, resourceGroupName, serviceName, certificateId, armapimanagement.CertificateCreateOrUpdateParameters{ Properties: &armapimanagement.CertificateCreateOrUpdateProperties{ - Data: to.Ptr(string(certBytes)), - KeyVault: keyVault, + Data: to.Ptr(base64.StdEncoding.EncodeToString(certBytes)), Password: to.Ptr(apimConfigMap["CERTIFICATE_PASSWORD"]), }, }, &armapimanagement.CertificateClientCreateOrUpdateOptions{IfMatch: &etag}) From 36965c3d8871d56e7e741b2591d43c9cbfd62362 Mon Sep 17 00:00:00 2001 From: Isaac Boaz Date: Wed, 3 Jul 2024 13:34:02 -0700 Subject: [PATCH 07/12] Add existence checks, reomve memory protections --- .../trcdb/trccertmgmtbase/trccertmgmtbase.go | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go index 1d13d90f4..d5f87ac3c 100644 --- a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go +++ b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go @@ -12,8 +12,6 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement/v2" - "github.com/trimble-oss/tierceron/buildopts/memonly" - "github.com/trimble-oss/tierceron/buildopts/memprotectopts" eUtils "github.com/trimble-oss/tierceron/pkg/utils" "github.com/trimble-oss/tierceron/pkg/vaulthelper/kv" ) @@ -23,10 +21,6 @@ func CommonMain(certPathPtr *string, driverConfig *eUtils.DriverConfig, mod *kv. return errors.New("certPath flag is empty, expected path to cert") } - if memonly.IsMemonly() { - memprotectopts.MemProtectInit(nil) - } - certBytes, err := os.ReadFile(*certPathPtr) if err != nil { return err @@ -61,11 +55,19 @@ func CommonMain(certPathPtr *string, driverConfig *eUtils.DriverConfig, mod *kv. return err } - resourceGroupName := apimConfigMap["RESOURCE_GROUP_NAME"] - serviceName := apimConfigMap["SERVICE_NAME"] + resourceGroupName, exists := apimConfigMap["RESOURCE_GROUP_NAME"] + if !exists { + return errors.New("RESOURCE_GROUP_NAME is not populated in apimConfigMap") + } + + serviceName, exists := apimConfigMap["SERVICE_NAME"] + if !exists { + return errors.New("SERVICE_NAME is not populated in apimConfigMap") + } + certificateId := time.Now().UTC().Format(strings.ReplaceAll(time.RFC3339, ":", "-")) - etag := "*" //Wildcard match on eTag, otherwise it doesn't match from command above. + etag := "*" _, err = clientFactory.NewCertificateClient().CreateOrUpdate(ctx, resourceGroupName, serviceName, certificateId, armapimanagement.CertificateCreateOrUpdateParameters{ Properties: &armapimanagement.CertificateCreateOrUpdateProperties{ @@ -79,6 +81,6 @@ func CommonMain(certPathPtr *string, driverConfig *eUtils.DriverConfig, mod *kv. return err } - fmt.Println("Success!") + fmt.Printf("Certificate %v successfully deployed\n", certificateId) return nil } From 2b28dfca536efaff470bd8314df361c647f70602 Mon Sep 17 00:00:00 2001 From: Isaac Boaz Date: Wed, 3 Jul 2024 13:57:57 -0700 Subject: [PATCH 08/12] One-line if-return --- .../trcdb/trccertmgmtbase/trccertmgmtbase.go | 42 +++++++++---------- 1 file changed, 20 insertions(+), 22 deletions(-) diff --git a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go index d5f87ac3c..7816d3439 100644 --- a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go +++ b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go @@ -55,32 +55,30 @@ func CommonMain(certPathPtr *string, driverConfig *eUtils.DriverConfig, mod *kv. return err } - resourceGroupName, exists := apimConfigMap["RESOURCE_GROUP_NAME"] - if !exists { - return errors.New("RESOURCE_GROUP_NAME is not populated in apimConfigMap") - } - - serviceName, exists := apimConfigMap["SERVICE_NAME"] - if !exists { - return errors.New("SERVICE_NAME is not populated in apimConfigMap") - } + if resourceGroupName, exists := apimConfigMap["RESOURCE_GROUP_NAME"]; !exists { + if serviceName, exists := apimConfigMap["SERVICE_NAME"]; !exists { + certificateId := time.Now().UTC().Format(strings.ReplaceAll(time.RFC3339, ":", "-")) - certificateId := time.Now().UTC().Format(strings.ReplaceAll(time.RFC3339, ":", "-")) + etag := "*" - etag := "*" + _, err = clientFactory.NewCertificateClient().CreateOrUpdate(ctx, resourceGroupName, serviceName, certificateId, armapimanagement.CertificateCreateOrUpdateParameters{ + Properties: &armapimanagement.CertificateCreateOrUpdateProperties{ + Data: to.Ptr(base64.StdEncoding.EncodeToString(certBytes)), + Password: to.Ptr(apimConfigMap["CERTIFICATE_PASSWORD"]), + }, + }, &armapimanagement.CertificateClientCreateOrUpdateOptions{IfMatch: &etag}) - _, err = clientFactory.NewCertificateClient().CreateOrUpdate(ctx, resourceGroupName, serviceName, certificateId, armapimanagement.CertificateCreateOrUpdateParameters{ - Properties: &armapimanagement.CertificateCreateOrUpdateProperties{ - Data: to.Ptr(base64.StdEncoding.EncodeToString(certBytes)), - Password: to.Ptr(apimConfigMap["CERTIFICATE_PASSWORD"]), - }, - }, &armapimanagement.CertificateClientCreateOrUpdateOptions{IfMatch: &etag}) + if err != nil { + driverConfig.CoreConfig.Log.Fatalf("failed to finish the request: %v", err) + return err + } - if err != nil { - driverConfig.CoreConfig.Log.Fatalf("failed to finish the request: %v", err) - return err + fmt.Printf("Certificate %v successfully deployed\n", certificateId) + } else { + return errors.New("SERVICE_NAME is not populated in apimConfigMap") + } + } else { + return errors.New("RESOURCE_GROUP_NAME is not populated in apimConfigMap") } - - fmt.Printf("Certificate %v successfully deployed\n", certificateId) return nil } From 36028b7fce477bd165a9455923b143b47d0be9b4 Mon Sep 17 00:00:00 2001 From: Isaac Boaz Date: Wed, 3 Jul 2024 13:58:44 -0700 Subject: [PATCH 09/12] Fix exists parity --- atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go index 7816d3439..759e79794 100644 --- a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go +++ b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go @@ -55,8 +55,8 @@ func CommonMain(certPathPtr *string, driverConfig *eUtils.DriverConfig, mod *kv. return err } - if resourceGroupName, exists := apimConfigMap["RESOURCE_GROUP_NAME"]; !exists { - if serviceName, exists := apimConfigMap["SERVICE_NAME"]; !exists { + if resourceGroupName, exists := apimConfigMap["RESOURCE_GROUP_NAME"]; exists { + if serviceName, exists := apimConfigMap["SERVICE_NAME"]; exists { certificateId := time.Now().UTC().Format(strings.ReplaceAll(time.RFC3339, ":", "-")) etag := "*" From b990c88c12dda0b2adc1e78c5d3b12975bb97a2f Mon Sep 17 00:00:00 2001 From: Isaac Boaz Date: Wed, 3 Jul 2024 14:09:11 -0700 Subject: [PATCH 10/12] Convert Fatal -> Print, scrub some output --- atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go | 4 ++-- atrium/vestibulum/trcdb/trcplgtoolbase/trcplgtoolbase.go | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go index 759e79794..df33d8b9d 100644 --- a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go +++ b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go @@ -44,14 +44,14 @@ func CommonMain(certPathPtr *string, driverConfig *eUtils.DriverConfig, mod *kv. apimConfigMap["azureClientSecret"], nil) if err != nil { - driverConfig.CoreConfig.Log.Fatalf("failed to obtain a credential: %v", err) + driverConfig.CoreConfig.Log.Printf("failed to obtain a credential: %v", err) return err } ctx, _ := context.WithCancel(context.Background()) clientFactory, err := armapimanagement.NewClientFactory(apimConfigMap["SUBSCRIPTION_ID"], svc, nil) if err != nil { - driverConfig.CoreConfig.Log.Fatalf("failed to create client: %v", err) + driverConfig.CoreConfig.Log.Printf("failed to create client: %v", err) return err } diff --git a/atrium/vestibulum/trcdb/trcplgtoolbase/trcplgtoolbase.go b/atrium/vestibulum/trcdb/trcplgtoolbase/trcplgtoolbase.go index 84a6692b9..2a485655b 100644 --- a/atrium/vestibulum/trcdb/trcplgtoolbase/trcplgtoolbase.go +++ b/atrium/vestibulum/trcdb/trcplgtoolbase/trcplgtoolbase.go @@ -347,7 +347,6 @@ func CommonMain(envDefaultPtr *string, if len(*certPathPtr) > 0 { updateCertError := trccertmgmtbase.CommonMain(certPathPtr, config, mod) if updateCertError != nil { - fmt.Println(updateCertError.Error()) fmt.Println("Couldn't update Cert...proceeding with build") } return nil From 249339c92b1b48f04b87fbca3d6ffbb0b65ddbd6 Mon Sep 17 00:00:00 2001 From: Karnveer Gill Date: Wed, 3 Jul 2024 14:12:11 -0700 Subject: [PATCH 11/12] Adding APIMConfig template --- .../APIMConfig/APIMConfig/config.yml.tmpl | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 installation/trcsh/trc_templates/APIMConfig/APIMConfig/config.yml.tmpl diff --git a/installation/trcsh/trc_templates/APIMConfig/APIMConfig/config.yml.tmpl b/installation/trcsh/trc_templates/APIMConfig/APIMConfig/config.yml.tmpl new file mode 100644 index 000000000..6a8ec9086 --- /dev/null +++ b/installation/trcsh/trc_templates/APIMConfig/APIMConfig/config.yml.tmpl @@ -0,0 +1,12 @@ +API_MANAGEMENT_SERVICE_NAME: {{ .API_MANAGEMENT_SERVICE_NAME }} +API_URL: {{ .API_URL }} +SUBSCRIPTION_ID: {{ .SUBSCRIPTION_ID }} +RESOURCE_GROUP_NAME: {{ .RESOURCE_GROUP_NAME }} +SERVICE_NAME: {{ .SERVICE_NAME }} +API_NAME: {{ .API_NAME }} +API_PATH: {{ .API_PATH }} +azureClientId: {{ .azureClientId }} +azureClientSecret: {{ .azureClientSecret }} +azureTenantId: {{.azureTenantId }} +API_TITLE: {{.API_TITLE }} +CERTIFICATE_PASSWORD: {{.CERTIFICATE_PASSWORD }} From 7837e8135b8cc9d8d4935e4f13f2aef52b7c54bd Mon Sep 17 00:00:00 2001 From: Isaac Boaz Date: Wed, 3 Jul 2024 14:17:27 -0700 Subject: [PATCH 12/12] Update failed request error logging --- atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go index df33d8b9d..5de0b63e3 100644 --- a/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go +++ b/atrium/vestibulum/trcdb/trccertmgmtbase/trccertmgmtbase.go @@ -69,7 +69,7 @@ func CommonMain(certPathPtr *string, driverConfig *eUtils.DriverConfig, mod *kv. }, &armapimanagement.CertificateClientCreateOrUpdateOptions{IfMatch: &etag}) if err != nil { - driverConfig.CoreConfig.Log.Fatalf("failed to finish the request: %v", err) + driverConfig.CoreConfig.Log.Printf("failed to finish certificate request") return err }