devbox: Update deployment seeding for devbox

This change fixes escaping backslashes of oAuthSecurityGroups to create two backslashes in the deployment document when creating a devbox. This change moves the creation of the deployment entity to devbox related directory and replaces the previous ruby command with a curl that can communicate with auth enabled CloudStore. Change-Id: I15377436b9b657c4c7bd472aebc5a7b0885b80fe
vmware-archive · Aug 18, 2016 · c8a0db0 · c8a0db0
1 parent 5f8aa88
commit c8a0db0
Show file tree

Hide file tree

Showing 2 changed files with 80 additions and 62 deletions.
diff --git a/devbox-photon/seed_deployment.sh b/devbox-photon/seed_deployment.sh
@@ -0,0 +1,78 @@
+#!/bin/bash -e
+
+# This script generates a deployment create spec from set environment variables
+# and creates a deployment entity to CloudStore.
+# DEPLOYMENT_SEED_CURL_OPTS are needed for an auth enabled deployment to send the proper credentials.
+# This is sent directly from the container because the proper credential files for an auth enabled
+# deployment are located only in the container.
+
+if [[ $ENABLE_AUTH == 'true' ]]; then
+    DEPLOYMENT_SEED_CURL_OPTS="--cert /etc/keys/machine.crt \
+  --key /etc/keys/machine.privkey --cacert /etc/keys/cacert.crt"
+    PROTOCOL="https"
+else
+    DEPLOYMENT_SEED_CURL_OPTS=""
+    PROTOCOL="http"
+fi
+
+if [[ -n $PUBLIC_NETWORK_IP ]]; then
+  network_ip=${PUBLIC_NETWORK_IP}
+elif [[ -n $PRIVATE_NETWORK_IP ]]; then
+  network_ip=${PRIVATE_NETWORK_IP}
+else
+  network_ip="172.31.253.66"
+fi
+
+if [[ -n $PUBLIC_LW_NETWORK_IP ]]; then
+  lw_network_ip=${PUBLIC_LW_NETWORK_IP}
+elif [[ -n $PRIVATE_NETWORK_LW_IP ]]; then
+  lw_network_ip=${PRIVATE_NETWORK_LW_IP}
+else
+  lw_network_ip="172.31.253.67"
+fi
+
+deployment_create_spec_json="{ \
+   \"state\" : \"READY\", \
+   \"imageDataStoreNames\" : [\"${ESX_DATASTORE}\"], \
+   \"imageDataStoreUsedForVMs\" : \"true\", \
+   \"imageId\" : \"none\", \
+   \"projectId\" : \"none\",\
+   \"virtualNetworkEnabled\" : \"false\", \
+   \"documentSelfLink\" : \"test-deployment\""
+
+   if [[ $ENABLE_AUTH == 'true' ]]; then
+      # Security Groups is escaped twice to format the security group as
+      # "<Lightwave tenant>\\<Lightwave Group>". The slashes are escaped when
+      # writing to a file and escaped again when sending the curl to the
+      # deployment.
+      deployment_create_spec_json+=", \
+      \"oAuthEnabled\" : true, \
+      \"oAuthTenantName\" : \"${LW_DOMAIN_NAME}\", \
+      \"oAuthSecurityGroups\" : [\"${LW_DOMAIN_NAME}\\\\\\\\Administrators\"], \
+      \"oAuthUserName\" : \"ec-admin@${LW_DOMAIN_NAME}\", \
+      \"oAuthPassword\" : \"${LW_PASSWORD}\", \
+      \"oAuthServerPort\" : 443, \
+      \"oAuthServerAddress\" : \"${lw_network_ip}\""
+   else
+      deployment_create_spec_json+=", \
+      \"oAuthEnabled\" : false"
+   fi
+   if [[ $STATS_ENABLED == "true" ]]; then
+      deployment_create_spec_json+=", \
+      \"statsStorePort\" : \"${STATS_STORE_PORT}\", \
+      \"statsStoreEndpoint\" : \"${STATS_STORE_ENDPOINT}\", \
+      \"statsEnabled\" : \"true\""
+   else
+      deployment_create_spec_json+=", \
+      \"statsEnabled\" : \"false\""
+   fi
+deployment_create_spec_json+="}"
+
+echo ${deployment_create_spec_json} > ../tmp/deployment_create_spec.json
+
+echo "Seeding deployment state"
+docker_curl="docker exec photon-controller-core curl -sS -w \"%{http_code}\" ${DEPLOYMENT_SEED_CURL_OPTS} \
+            -H \"Content-type: application/json\" -d @/devbox_data/tmp/deployment_create_spec.json \
+            ${PROTOCOL}://${network_ip}:19000/photon/cloudstore/deployments"
+vagrant ssh -c "$docker_curl"
+exit 0
diff --git a/ruby/integration_tests/ci/start_devbox.sh b/ruby/integration_tests/ci/start_devbox.sh
@@ -36,68 +36,8 @@ fi
 rm -rf "$DEVBOX/log/"
 ./gradlew :devbox:renewPhoton
 
-# Create deployment create spec
-if [[ $ENABLE_AUTH == 'true' ]]; then
-    DEPLOYMENT_SEED_CURL_OPTS="--cert /etc/keys/machine.crt \
-  --key /etc/keys/machine.privkey --cacert /etc/keys/cacert.crt"
-    PROTOCOL="https"
-else
-    DEPLOYMENT_SEED_CURL_OPTS=""
-    PROTOCOL="http"
-fi
-
-deployment_create_spec_json="{ \
-   \"state\" : \"READY\", \
-   \"imageDataStoreNames\" : [\"${ESX_DATASTORE}\"], \
-   \"imageDataStoreUsedForVMs\" : \"true\", \
-   \"imageId\" : \"none\", \
-   \"projectId\" : \"none\",\
-   \"virtualNetworkEnabled\" : \"false\", \
-   \"documentSelfLink\" : \"test-deployment\""
-
-   if [[ $ENABLE_AUTH == 'true' ]]; then
-      deployment_create_spec_json+=", \
-      \"oAuthEnabled\" : true, \
-      \"oAuthTenantName\" : \"${LW_DOMAIN_NAME}\", \
-      \"oAuthSecurityGroups\" : \"[${LW_DOMAIN_NAME}\\Administrators]\", \
-      \"oAuthUserName\" : \"ec-admin@${LW_DOMAIN_NAME}\", \
-      \"oAuthPassword\" : \"${LW_PASSWORD}\",\
-      \"oAuthServerPort\" : 443"
-   else
-      deployment_create_spec_json+=", \
-      \"oAuthEnabled\" : false"
-   fi
-   if [ -n $PUBLIC_LW_NETWORK_IP ]; then
-      deployment_create_spec_json+=", \
-      \"oAuthServerAddress\" : \"${PUBLIC_LW_NETWORK_IP}\""
-   else
-      private_network_lw_ip = ${PRIVATE_NETWORK_LW_IP} || "172.31.253.67"
-      deployment_create_spec_json+="', \
-      \"oAuthServerAddress\" : \"${private_network_lw_ip}\""
-   fi
-   if [[ $STATS_ENABLED == "true" ]]; then
-      deployment_create_spec_json+=", \
-      \"statsStorePort\" : \"${STATS_STORE_PORT}\",
-      \"statsStoreEndpoint\" : \"${STATS_STORE_ENDPOINT}\",
-      \"statsEnabled\" : \"true\""
-   else
-      deployment_create_spec_json+=", \
-      \"statsEnabled\" : \"false\""
-   fi
-deployment_create_spec_json+="}"
-
-echo "Deployment create spec ${deployment_create_spec_json}"
-
-# Send a post to create a deployment entity to CloudStore, DEPLOYMENT_SEED_CURL_OPTS are needed for
-# an auth enabled deployment containing the private key, certificate, and cacert.
-# This is sent directly because for an auth enabled deployment, a token is needed for API access which
-# is checked against the auth endpoint in the deployment entity.
-
-echo "Seeding deployment state"
-docker_curl="docker exec photon-controller-core curl -sS -w \"%{http_code}\" $DEPLOYMENT_SEED_CURL_OPTS \
-            -H \"Content-type: application/json\" -d \"$deployment_create_spec_json\" -o /tmp/out.txt \
-            $PROTOCOL://$PUBLIC_NETWORK_IP:19000/photon/cloudstore/deployments"
-vagrant ssh -c "$docker_curl; cat /tmp/out.txt"
+# Seed deployment entity into CloudStore
+./seed_deployment.sh
 
 # Register real agent to devbox
 if [ -n "$REAL_AGENT" ]; then