Skip to content

Commit

Permalink
Issue-193: added certificate file to be used in environment variables.
Browse files Browse the repository at this point in the history
  • Loading branch information
@mtwardawski
mtwardawski committed May 3, 2024
1 parent 3003212 commit 1a173f0
Show file tree
Hide file tree
Showing 4 changed files with 57 additions and 36 deletions.
39 changes: 22 additions & 17 deletions .ci/docker/theo/src/commands/testenv.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,8 @@ pub enum TaskCli {
#[derive(Parser, Debug)]
#[clap(version)]
pub struct DestroyArgs {
#[clap(short = 's', long, default_value = "all")]
service: DockerCoreServices,
#[clap(short = 's', long)]
service: Option<DockerCoreServices>,
}

impl TestenvCli {
Expand Down Expand Up @@ -100,22 +100,27 @@ impl TestenvCli {
show_error_if_unhealthy_containers_were_found()?;
}
TaskCli::Destroy(service) => {
match service.service {
DockerCoreServices::Network => { docker_compose_network_delete()?; }
DockerCoreServices::Carl => { docker_compose_down(DockerCoreServices::Carl.as_str(), true)?; }
DockerCoreServices::CarlOnHost => { docker_compose_down(DockerCoreServices::CarlOnHost.as_str(), true)?; }
DockerCoreServices::Dev => { docker_compose_down(DockerCoreServices::Dev.as_str(), true)?; }
DockerCoreServices::Keycloak => { docker_compose_down(DockerCoreServices::Keycloak.as_str(), true)?; }
DockerCoreServices::Edgar => { docker_compose_down(DockerCoreServices::Edgar.as_str(), true)?; }
DockerCoreServices::Netbird => { docker_compose_down(DockerCoreServices::Netbird.as_str(), true)?; }
DockerCoreServices::Firefox => { docker_compose_down(DockerCoreServices::Firefox.as_str(), true)?; }
DockerCoreServices::Telemetry => { docker_compose_down(DockerCoreServices::Telemetry.as_str(), true)?; }
DockerCoreServices::All => {
println!("Destroying all services.");
for docker_service in DockerCoreServices::iter() {
docker_compose_down(docker_service.as_str(), true)?;
match &service.service {
Some(service) => {
match service {
DockerCoreServices::Network => { docker_compose_network_delete() ?; }
DockerCoreServices::Carl => { docker_compose_down(DockerCoreServices::Carl.as_str(), true) ?; }
DockerCoreServices::CarlOnHost => { docker_compose_down(DockerCoreServices::CarlOnHost.as_str(), true) ?; }
DockerCoreServices::Dev => { docker_compose_down(DockerCoreServices::Dev.as_str(), true) ?; }
DockerCoreServices::Keycloak => { docker_compose_down(DockerCoreServices::Keycloak.as_str(), true) ?; }
DockerCoreServices::Edgar => { docker_compose_down(DockerCoreServices::Edgar.as_str(), true) ?; }
DockerCoreServices::Netbird => { docker_compose_down(DockerCoreServices::Netbird.as_str(), true) ?; }
DockerCoreServices::Firefox => { docker_compose_down(DockerCoreServices::Firefox.as_str(), true) ?; }
DockerCoreServices::Telemetry => { docker_compose_down(DockerCoreServices::Telemetry.as_str(), true) ?; }
}
docker_compose_network_delete()?;
}
None => {
println!("Destroying all services.");
for docker_service in DockerCoreServices::iter() {
docker_compose_down(docker_service.as_str(), true)?;
}
docker_compose_network_delete()?;

}
}
}
Expand Down
5 changes: 1 addition & 4 deletions .ci/docker/theo/src/core/docker/services.rs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
use serde::Serialize;
use strum::EnumIter;

#[derive(Debug, Clone, clap::ValueEnum, Default, Serialize, EnumIter)]
#[derive(Debug, Clone, clap::ValueEnum, Serialize, EnumIter)]
pub(crate) enum DockerCoreServices {
Network,
Carl,
Expand All @@ -12,8 +12,6 @@ pub(crate) enum DockerCoreServices {
Netbird,
Firefox,
Telemetry,
#[default]
All,
}

impl DockerCoreServices {
Expand All @@ -28,7 +26,6 @@ impl DockerCoreServices {
DockerCoreServices::Network => "network",
DockerCoreServices::Firefox => "firefox",
DockerCoreServices::Telemetry => "telemetry",
DockerCoreServices::All => "all",
}
}
}
Expand Down
4 changes: 4 additions & 0 deletions doc/src/user-manual/cleo/setup.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,12 @@ OPENDUT_CLEO_NETWORK_CARL_HOST
OPENDUT_CLEO_NETWORK_CARL_PORT
OPENDUT_CLEO_NETWORK_OIDC_ENABLED
OPENDUT_CLEO_NETWORK_OIDC_CLIENT_ISSUER_URL
SSL_CERT_FILE
````

`SSL_CERT_FILE` is a mandatory environment variable for the current state of the implementation and has the same value as the
`OPENDUT_CLEO_NETWORK_TLS_CA`. This might change in the future.

The script will not set the environment variables for CLIENT_ID and CLIENT_SECRET. This has to be done by the users themselves.
This can easily be done by entering the following commands:
````
Expand Down
45 changes: 30 additions & 15 deletions opendut-carl/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ use futures::future::BoxFuture;
use futures::TryFutureExt;
use http::{header, header::CONTENT_TYPE, Request, StatusCode};
use itertools::Itertools;
use pem::Pem;
use pem::{encode_config, EncodeConfig, LineEnding, Pem};
use serde::{Deserialize, Serialize};
use shadow_rs::formatcp;
use tokio::fs;
Expand Down Expand Up @@ -170,7 +170,7 @@ pub async fn create(settings: LoadedConfig) -> Result<()> { //TODO
Arc::clone(&resources_manager),
vpn,
Clone::clone(&carl_url),
ca,
ca.clone(),
oidc_client_manager,
peer_manager_facade_options
);
Expand Down Expand Up @@ -224,7 +224,7 @@ pub async fn create(settings: LoadedConfig) -> Result<()> { //TODO
}

if !project::is_running_in_development() {
create_cleo_install_script(&settings);
create_cleo_install_script(&settings, encode_config(&ca, EncodeConfig::new().set_line_ending(LineEnding::LF)));
}

let http = axum::Router::new()
Expand Down Expand Up @@ -343,29 +343,41 @@ async fn lea_config(State(config): State<LeaConfig>) -> Json<LeaConfig> {
}

const CLEO_TARGET_DIRECTORY: &str = "./opendut-cleo";
fn create_cleo_install_script(settings: &config::Config) {
fn create_cleo_install_script(settings: &config::Config, ca: String) {
const SET_ENVIRONMENT_VARIABLES_SCRIPT_NAME: &str = "set-env-var.sh";
const CA_CERTIFICATE_FILE_NAME: &str = "ca.pem";
const PERMISSION_CODE: u32 = 0o775;

let ca = settings.get_string("network.tls.ca").unwrap_or_default();
info!("Current directory - Start of creation: {:?}", std::env::current_dir().expect("Could not get current directory"));
let carl_host = settings.get_string("network.remote.host").unwrap_or_default();
let carl_port = settings.get_string("network.remote.port").unwrap_or_default();
let oidc_enabled = settings.get_string("network.oidc.enabled").unwrap_or_default();
let issuer_url = settings.get_string("network.oidc.client.issuer.url").unwrap_or_default();
let script = format!(r#"#!/bin/bash


let current_dir = std::env::current_dir().expect("Could not get current directory");
if std::env::set_current_dir(project::make_path_absolute(CLEO_TARGET_DIRECTORY)
.expect("opendut-cleo directory should be absolute")
).is_ok() {

match std::fs::write(CA_CERTIFICATE_FILE_NAME, ca) {
Ok(_) => {},
Err(error) => { warn!("Could not write {}: {}", CA_CERTIFICATE_FILE_NAME, error) }
}

let script = format!(r#"#!/bin/bash
DIR_PATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
CERT_PATH=$DIR_PATH/{}
export OPENDUT_CLEO_NETWORK_OIDC_CLIENT_SCOPES=
export OPENDUT_CLEO_NETWORK_TLS_DOMAIN_NAME_OVERRIDE={}
export OPENDUT_CLEO_NETWORK_TLS_CA={}
export OPENDUT_CLEO_NETWORK_TLS_CA=$CERT_PATH
export OPENDUT_CLEO_NETWORK_CARL_HOST={}
export OPENDUT_CLEO_NETWORK_CARL_PORT={}
export OPENDUT_CLEO_NETWORK_OIDC_ENABLED={}
export OPENDUT_CLEO_NETWORK_OIDC_CLIENT_ISSUER_URL={}"#, carl_host, ca, carl_host, carl_port, oidc_enabled, issuer_url);
export OPENDUT_CLEO_NETWORK_OIDC_CLIENT_ISSUER_URL={}
export SSL_CERT_FILE=$CERT_PATH"#, CA_CERTIFICATE_FILE_NAME, carl_host, carl_host, carl_port, oidc_enabled, issuer_url);

let current_dir = std::env::current_dir().expect("Could not get current directory");
if std::env::set_current_dir(project::make_path_absolute(CLEO_TARGET_DIRECTORY)
.expect("opendut-cleo directory should be absolute")
).is_ok() {
match std::fs::write(
SET_ENVIRONMENT_VARIABLES_SCRIPT_NAME,
script
Expand All @@ -388,6 +400,7 @@ export OPENDUT_CLEO_NETWORK_OIDC_CLIENT_ISSUER_URL={}"#, carl_host, ca, carl_hos
let mut tar = tar::Builder::new(enc);
tar.append_path(&file_name).unwrap_or_else(|_| warn!("Could not add {} to archive", &file_name));
tar.append_path(SET_ENVIRONMENT_VARIABLES_SCRIPT_NAME).unwrap_or_else(|_| warn!("Could not add {} to archive", SET_ENVIRONMENT_VARIABLES_SCRIPT_NAME));
tar.append_path(CA_CERTIFICATE_FILE_NAME).unwrap_or_else(|_| warn!("Could not add {} to archive", CA_CERTIFICATE_FILE_NAME));
tar.into_inner().expect("Error: could not finish writing the tar file");
}
Err(_) => {
Expand All @@ -397,7 +410,7 @@ export OPENDUT_CLEO_NETWORK_OIDC_CLIENT_ISSUER_URL={}"#, carl_host, ca, carl_hos
}

std::env::set_current_dir(&current_dir).unwrap_or_else(|_| warn!("Could not set back current directory to {}", current_dir.display()));
} else {
} else {
warn!("Could not switch from {} to {}", current_dir.display(), CLEO_TARGET_DIRECTORY);
}
}
Expand Down Expand Up @@ -485,7 +498,7 @@ mod test {

let dir = temp.child("target/debug/opendut-cleo");
dir.touch().unwrap();

let current_dir = std::env::current_dir().expect("Could not get current directory");
std::env::set_current_dir(&temp).unwrap_or_else(|_| warn!("Could not set back current directory to {}", temp.display()));

let cleo = download_cleo(Path(CleoArch::Development)).await;
Expand All @@ -494,6 +507,8 @@ mod test {
let expected_header = format!("attachment; filename=\"{}\"", CleoArch::Development.file_name());
assert_that!(header.clone().to_str().unwrap(), eq(expected_header.as_str()));

std::env::set_current_dir(&current_dir).unwrap_or_else(|_| warn!("Could not set back current directory to {}", current_dir.display()));

Ok(())
}

Expand Down

0 comments on commit 1a173f0

Please sign in to comment.