diff --git a/.ci/docker/theo/src/commands/testenv.rs b/.ci/docker/theo/src/commands/testenv.rs index 3d0d3da39..29d19f078 100644 --- a/.ci/docker/theo/src/commands/testenv.rs +++ b/.ci/docker/theo/src/commands/testenv.rs @@ -50,8 +50,8 @@ pub enum TaskCli { #[derive(Parser, Debug)] #[clap(version)] pub struct DestroyArgs { - #[clap(short = 's', long, default_value = "all")] - service: DockerCoreServices, + #[clap(short = 's', long)] + service: Option, } impl TestenvCli { @@ -100,22 +100,27 @@ impl TestenvCli { show_error_if_unhealthy_containers_were_found()?; } TaskCli::Destroy(service) => { - match service.service { - DockerCoreServices::Network => { docker_compose_network_delete()?; } - DockerCoreServices::Carl => { docker_compose_down(DockerCoreServices::Carl.as_str(), true)?; } - DockerCoreServices::CarlOnHost => { docker_compose_down(DockerCoreServices::CarlOnHost.as_str(), true)?; } - DockerCoreServices::Dev => { docker_compose_down(DockerCoreServices::Dev.as_str(), true)?; } - DockerCoreServices::Keycloak => { docker_compose_down(DockerCoreServices::Keycloak.as_str(), true)?; } - DockerCoreServices::Edgar => { docker_compose_down(DockerCoreServices::Edgar.as_str(), true)?; } - DockerCoreServices::Netbird => { docker_compose_down(DockerCoreServices::Netbird.as_str(), true)?; } - DockerCoreServices::Firefox => { docker_compose_down(DockerCoreServices::Firefox.as_str(), true)?; } - DockerCoreServices::Telemetry => { docker_compose_down(DockerCoreServices::Telemetry.as_str(), true)?; } - DockerCoreServices::All => { - println!("Destroying all services."); - for docker_service in DockerCoreServices::iter() { - docker_compose_down(docker_service.as_str(), true)?; + match &service.service { + Some(service) => { + match service { + DockerCoreServices::Network => { docker_compose_network_delete() ?; } + DockerCoreServices::Carl => { docker_compose_down(DockerCoreServices::Carl.as_str(), true) ?; } + DockerCoreServices::CarlOnHost => { docker_compose_down(DockerCoreServices::CarlOnHost.as_str(), true) ?; } + DockerCoreServices::Dev => { docker_compose_down(DockerCoreServices::Dev.as_str(), true) ?; } + DockerCoreServices::Keycloak => { docker_compose_down(DockerCoreServices::Keycloak.as_str(), true) ?; } + DockerCoreServices::Edgar => { docker_compose_down(DockerCoreServices::Edgar.as_str(), true) ?; } + DockerCoreServices::Netbird => { docker_compose_down(DockerCoreServices::Netbird.as_str(), true) ?; } + DockerCoreServices::Firefox => { docker_compose_down(DockerCoreServices::Firefox.as_str(), true) ?; } + DockerCoreServices::Telemetry => { docker_compose_down(DockerCoreServices::Telemetry.as_str(), true) ?; } } - docker_compose_network_delete()?; + } + None => { + println!("Destroying all services."); + for docker_service in DockerCoreServices::iter() { + docker_compose_down(docker_service.as_str(), true)?; + } + docker_compose_network_delete()?; + } } } diff --git a/.ci/docker/theo/src/core/docker/services.rs b/.ci/docker/theo/src/core/docker/services.rs index c3415712a..b2e35a463 100644 --- a/.ci/docker/theo/src/core/docker/services.rs +++ b/.ci/docker/theo/src/core/docker/services.rs @@ -1,7 +1,7 @@ use serde::Serialize; use strum::EnumIter; -#[derive(Debug, Clone, clap::ValueEnum, Default, Serialize, EnumIter)] +#[derive(Debug, Clone, clap::ValueEnum, Serialize, EnumIter)] pub(crate) enum DockerCoreServices { Network, Carl, @@ -12,8 +12,6 @@ pub(crate) enum DockerCoreServices { Netbird, Firefox, Telemetry, - #[default] - All, } impl DockerCoreServices { @@ -28,7 +26,6 @@ impl DockerCoreServices { DockerCoreServices::Network => "network", DockerCoreServices::Firefox => "firefox", DockerCoreServices::Telemetry => "telemetry", - DockerCoreServices::All => "all", } } } diff --git a/doc/src/user-manual/cleo/setup.md b/doc/src/user-manual/cleo/setup.md index ee9106528..93a7fadfa 100644 --- a/doc/src/user-manual/cleo/setup.md +++ b/doc/src/user-manual/cleo/setup.md @@ -34,8 +34,12 @@ OPENDUT_CLEO_NETWORK_CARL_HOST OPENDUT_CLEO_NETWORK_CARL_PORT OPENDUT_CLEO_NETWORK_OIDC_ENABLED OPENDUT_CLEO_NETWORK_OIDC_CLIENT_ISSUER_URL +SSL_CERT_FILE ```` +`SSL_CERT_FILE` is a mandatory environment variable for the current state of the implementation and has the same value as the +`OPENDUT_CLEO_NETWORK_TLS_CA`. This might change in the future. + The script will not set the environment variables for CLIENT_ID and CLIENT_SECRET. This has to be done by the users themselves. This can easily be done by entering the following commands: ```` diff --git a/opendut-carl/src/lib.rs b/opendut-carl/src/lib.rs index 89e08d9c9..96ab3c871 100644 --- a/opendut-carl/src/lib.rs +++ b/opendut-carl/src/lib.rs @@ -24,7 +24,7 @@ use futures::future::BoxFuture; use futures::TryFutureExt; use http::{header, header::CONTENT_TYPE, Request, StatusCode}; use itertools::Itertools; -use pem::Pem; +use pem::{encode_config, EncodeConfig, LineEnding, Pem}; use serde::{Deserialize, Serialize}; use shadow_rs::formatcp; use tokio::fs; @@ -170,7 +170,7 @@ pub async fn create(settings: LoadedConfig) -> Result<()> { //TODO Arc::clone(&resources_manager), vpn, Clone::clone(&carl_url), - ca, + ca.clone(), oidc_client_manager, peer_manager_facade_options ); @@ -224,7 +224,7 @@ pub async fn create(settings: LoadedConfig) -> Result<()> { //TODO } if !project::is_running_in_development() { - create_cleo_install_script(&settings); + create_cleo_install_script(&settings, encode_config(&ca, EncodeConfig::new().set_line_ending(LineEnding::LF))); } let http = axum::Router::new() @@ -343,29 +343,41 @@ async fn lea_config(State(config): State) -> Json { } const CLEO_TARGET_DIRECTORY: &str = "./opendut-cleo"; -fn create_cleo_install_script(settings: &config::Config) { +fn create_cleo_install_script(settings: &config::Config, ca: String) { const SET_ENVIRONMENT_VARIABLES_SCRIPT_NAME: &str = "set-env-var.sh"; + const CA_CERTIFICATE_FILE_NAME: &str = "ca.pem"; const PERMISSION_CODE: u32 = 0o775; - - let ca = settings.get_string("network.tls.ca").unwrap_or_default(); + info!("Current directory - Start of creation: {:?}", std::env::current_dir().expect("Could not get current directory")); let carl_host = settings.get_string("network.remote.host").unwrap_or_default(); let carl_port = settings.get_string("network.remote.port").unwrap_or_default(); let oidc_enabled = settings.get_string("network.oidc.enabled").unwrap_or_default(); let issuer_url = settings.get_string("network.oidc.client.issuer.url").unwrap_or_default(); - let script = format!(r#"#!/bin/bash + + + let current_dir = std::env::current_dir().expect("Could not get current directory"); + if std::env::set_current_dir(project::make_path_absolute(CLEO_TARGET_DIRECTORY) + .expect("opendut-cleo directory should be absolute") + ).is_ok() { + + match std::fs::write(CA_CERTIFICATE_FILE_NAME, ca) { + Ok(_) => {}, + Err(error) => { warn!("Could not write {}: {}", CA_CERTIFICATE_FILE_NAME, error) } + } + + let script = format!(r#"#!/bin/bash + +DIR_PATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" +CERT_PATH=$DIR_PATH/{} export OPENDUT_CLEO_NETWORK_OIDC_CLIENT_SCOPES= export OPENDUT_CLEO_NETWORK_TLS_DOMAIN_NAME_OVERRIDE={} -export OPENDUT_CLEO_NETWORK_TLS_CA={} +export OPENDUT_CLEO_NETWORK_TLS_CA=$CERT_PATH export OPENDUT_CLEO_NETWORK_CARL_HOST={} export OPENDUT_CLEO_NETWORK_CARL_PORT={} export OPENDUT_CLEO_NETWORK_OIDC_ENABLED={} -export OPENDUT_CLEO_NETWORK_OIDC_CLIENT_ISSUER_URL={}"#, carl_host, ca, carl_host, carl_port, oidc_enabled, issuer_url); +export OPENDUT_CLEO_NETWORK_OIDC_CLIENT_ISSUER_URL={} +export SSL_CERT_FILE=$CERT_PATH"#, CA_CERTIFICATE_FILE_NAME, carl_host, carl_host, carl_port, oidc_enabled, issuer_url); - let current_dir = std::env::current_dir().expect("Could not get current directory"); - if std::env::set_current_dir(project::make_path_absolute(CLEO_TARGET_DIRECTORY) - .expect("opendut-cleo directory should be absolute") - ).is_ok() { match std::fs::write( SET_ENVIRONMENT_VARIABLES_SCRIPT_NAME, script @@ -388,6 +400,7 @@ export OPENDUT_CLEO_NETWORK_OIDC_CLIENT_ISSUER_URL={}"#, carl_host, ca, carl_hos let mut tar = tar::Builder::new(enc); tar.append_path(&file_name).unwrap_or_else(|_| warn!("Could not add {} to archive", &file_name)); tar.append_path(SET_ENVIRONMENT_VARIABLES_SCRIPT_NAME).unwrap_or_else(|_| warn!("Could not add {} to archive", SET_ENVIRONMENT_VARIABLES_SCRIPT_NAME)); + tar.append_path(CA_CERTIFICATE_FILE_NAME).unwrap_or_else(|_| warn!("Could not add {} to archive", CA_CERTIFICATE_FILE_NAME)); tar.into_inner().expect("Error: could not finish writing the tar file"); } Err(_) => { @@ -397,7 +410,7 @@ export OPENDUT_CLEO_NETWORK_OIDC_CLIENT_ISSUER_URL={}"#, carl_host, ca, carl_hos } std::env::set_current_dir(¤t_dir).unwrap_or_else(|_| warn!("Could not set back current directory to {}", current_dir.display())); - } else { + } else { warn!("Could not switch from {} to {}", current_dir.display(), CLEO_TARGET_DIRECTORY); } } @@ -485,7 +498,7 @@ mod test { let dir = temp.child("target/debug/opendut-cleo"); dir.touch().unwrap(); - + let current_dir = std::env::current_dir().expect("Could not get current directory"); std::env::set_current_dir(&temp).unwrap_or_else(|_| warn!("Could not set back current directory to {}", temp.display())); let cleo = download_cleo(Path(CleoArch::Development)).await; @@ -494,6 +507,8 @@ mod test { let expected_header = format!("attachment; filename=\"{}\"", CleoArch::Development.file_name()); assert_that!(header.clone().to_str().unwrap(), eq(expected_header.as_str())); + std::env::set_current_dir(¤t_dir).unwrap_or_else(|_| warn!("Could not set back current directory to {}", current_dir.display())); + Ok(()) }