jenkins/sap-jenkins-library
1
0
Fork 0
mirror of https://github.com/SAP/jenkins-library.git synced 2025-03-17 21:08:10 +02:00
Code Issues Releases Activity

fix(naming): Rename Trust Engine to System Trust (#5217)

Browse Source 
* rename package

* make unexported

* rename all occurrences

---------

Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
This commit is contained in:
Googlom 2025-01-07 16:44:59 +02:00 committed by GitHub
parent f06e29f913
commit 4fd896e28c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 111 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cmd/piper.go
View File

@ -41,7 +41,7 @@ type GeneralConfigOptions struct {
VaultServerURL string
VaultNamespace string
VaultPath string
TrustEngineToken string
SystemTrustToken string
HookConfig HookConfiguration
MetaDataResolver func() map[string]config.StepData
GCPJsonKeyFilePath string
@ -57,7 +57,7 @@ type HookConfiguration struct {
SplunkConfig SplunkConfiguration `json:"splunk,omitempty"`
PendoConfig PendoConfiguration `json:"pendo,omitempty"`
OIDCConfig OIDCConfiguration `json:"oidc,omitempty"`
TrustEngineConfig TrustEngineConfiguration `json:"trustengine,omitempty"`
SystemTrustConfig SystemTrustConfiguration `json:"systemtrust,omitempty"`
}
type GCPPubSubConfiguration struct {
@ -93,7 +93,7 @@ type OIDCConfiguration struct {
RoleID string `json:",roleID,omitempty"`
}
type TrustEngineConfiguration struct {
type SystemTrustConfiguration struct {
ServerURL string `json:"baseURL,omitempty"`
TokenEndPoint string `json:"tokenEndPoint,omitempty"`
TokenQueryParamName string `json:"tokenQueryParamName,omitempty"`
@ -385,8 +385,8 @@ func PrepareConfig(cmd *cobra.Command, metadata *config.StepData, stepName strin
}
myConfig.SetVaultCredentials(GeneralConfig.VaultRoleID, GeneralConfig.VaultRoleSecretID, GeneralConfig.VaultToken)
GeneralConfig.TrustEngineToken = os.Getenv("PIPER_trustEngineToken")
myConfig.SetTrustEngineToken(GeneralConfig.TrustEngineToken)
GeneralConfig.SystemTrustToken = os.Getenv("PIPER_systemTrustToken")
myConfig.SetSystemTrustToken(GeneralConfig.SystemTrustToken)
if len(GeneralConfig.StepConfigJSON) != 0 {
// ignore config & defaults in favor of passed stepConfigJSON

4
cmd/sonarExecuteScan_generated.go
View File

@ -355,8 +355,8 @@ func sonarExecuteScanMetadata() config.StepData {
},
{
Name: "sonarTrustengineSecretName",
Type: "trustengineSecret",
Name: "sonarSystemtrustSecretName",
Type: "systemTrustSecret",
Default: "sonar",
},
},

10
pkg/config/config.go
View File

@ -11,7 +11,7 @@ import (
"regexp"
"strings"
"github.com/SAP/jenkins-library/pkg/trustengine"
"github.com/SAP/jenkins-library/pkg/systemtrust"
piperhttp "github.com/SAP/jenkins-library/pkg/http"
"github.com/SAP/jenkins-library/pkg/log"
@ -33,7 +33,7 @@ type Config struct {
accessTokens map[string]string
openFile func(s string, t map[string]string) (io.ReadCloser, error)
vaultCredentials VaultCredentials
trustEngineConfiguration trustengine.Configuration
systemTrustConfiguration systemtrust.Configuration
}
// StepConfig defines the structure for merged step configuration
@ -295,12 +295,12 @@ func (c *Config) GetStepConfig(flagValues map[string]interface{}, paramJSON stri
}
// hooks need to have been loaded from the defaults before the server URL is known
err = c.setTrustEngineConfiguration(stepConfig.HookConfig)
err = c.setSystemTrustConfiguration(stepConfig.HookConfig)
if err != nil {
log.Entry().WithError(err).Debug("System Trust lookup skipped due to missing or incorrect configuration")
} else {
trustengineClient := trustengine.PrepareClient(&piperhttp.Client{}, c.trustEngineConfiguration)
resolveAllTrustEngineReferences(&stepConfig, append(parameters, ReportingParameters.Parameters...), c.trustEngineConfiguration, trustengineClient)
systemTrustClient := systemtrust.PrepareClient(&piperhttp.Client{}, c.systemTrustConfiguration)
resolveAllSystemTrustReferences(&stepConfig, append(parameters, ReportingParameters.Parameters...), c.systemTrustConfiguration, systemTrustClient)
}
// finally do the condition evaluation post processing

66
pkg/config/systemtrust.go Normal file
View File

@ -0,0 +1,66 @@
package config
import (
"errors"
piperhttp "github.com/SAP/jenkins-library/pkg/http"
"github.com/SAP/jenkins-library/pkg/log"
"github.com/SAP/jenkins-library/pkg/systemtrust"
)
const RefTypeSystemTrustSecret = "systemTrustSecret"
// resolveAllSystemTrustReferences retrieves all the step's secrets from the System Trust
func resolveAllSystemTrustReferences(config *StepConfig, params []StepParameters, systemTrustConfiguration systemtrust.Configuration, client *piperhttp.Client) {
for _, param := range params {
if ref := param.GetReference(RefTypeSystemTrustSecret); ref != nil {
if config.Config[param.Name] == "" {
log.Entry().Infof("Getting '%s' from System Trust", param.Name)
token, err := systemtrust.GetToken(ref.Default, client, systemTrustConfiguration)
if err != nil {
log.Entry().Info(" failed")
log.Entry().WithError(err).Debugf("Couldn't get '%s' token from System Trust", ref.Default)
continue
}
log.RegisterSecret(token)
config.Config[param.Name] = token
log.Entry().Info(" succeeded")
} else {
log.Entry().Debugf("Skipping retrieval of '%s' from System Trust: parameter already set", param.Name)
}
}
}
}
// setSystemTrustConfiguration sets the server URL for the System Trust by taking it from the hooks
func (c *Config) setSystemTrustConfiguration(hookConfig map[string]interface{}) error {
systemTrustHook, ok := hookConfig["systemtrust"].(map[string]interface{})
if !ok {
return errors.New("no System Trust hook configuration found")
}
if serverURL, ok := systemTrustHook["serverURL"].(string); ok {
c.systemTrustConfiguration.ServerURL = serverURL
} else {
return errors.New("no System Trust server URL found")
}
if tokenEndPoint, ok := systemTrustHook["tokenEndPoint"].(string); ok {
c.systemTrustConfiguration.TokenEndPoint = tokenEndPoint
} else {
return errors.New("no System Trust service endpoint found")
}
if tokenQueryParamName, ok := systemTrustHook["tokenQueryParamName"].(string); ok {
c.systemTrustConfiguration.TokenQueryParamName = tokenQueryParamName
} else {
return errors.New("no System Trust query parameter name found")
}
if len(c.systemTrustConfiguration.Token) == 0 {
return errors.New("no System Trust token found and envvar is empty")
}
return nil
}
// SetSystemTrustToken sets the token for the System Trust
func (c *Config) SetSystemTrustToken(token string) {
c.systemTrustConfiguration.Token = token
}

18
pkg/config/trustengine_test.go → pkg/config/systemtrust_test.go
View File

@ -9,14 +9,14 @@ import (
"testing"
piperhttp "github.com/SAP/jenkins-library/pkg/http"
"github.com/SAP/jenkins-library/pkg/trustengine"
"github.com/SAP/jenkins-library/pkg/systemtrust"
"github.com/jarcoal/httpmock"
"github.com/stretchr/testify/assert"
)
const secretName = "sonar"
const secretNameInTrustEngine = "sonarTrustengineSecretName"
const secretNameInSystemTrust = "sonarSystemtrustSecretName"
const testServerURL = "https://www.project-piper.io"
const testTokenEndPoint = "tokens"
const testTokenQueryParamName = "systems"
@ -25,14 +25,14 @@ const mockSonarToken = "mockSonarToken"
var testFullURL = fmt.Sprintf("%s/%s?%s=", testServerURL, testTokenEndPoint, testTokenQueryParamName)
var mockSingleTokenResponse = fmt.Sprintf("{\"sonar\": \"%s\"}", mockSonarToken)
func TestTrustEngineConfig(t *testing.T) {
func TestSystemTrustConfig(t *testing.T) {
httpmock.Activate()
defer httpmock.DeactivateAndReset()
httpmock.RegisterResponder(http.MethodGet, testFullURL+"sonar", httpmock.NewStringResponder(200, mockSingleTokenResponse))
stepParams := []StepParameters{createStepParam(secretName, RefTypeTrustengineSecret, secretNameInTrustEngine, secretName)}
stepParams := []StepParameters{createStepParam(secretName, RefTypeSystemTrustSecret, secretNameInSystemTrust, secretName)}
var trustEngineConfiguration = trustengine.Configuration{
var systemTrustConfiguration = systemtrust.Configuration{
Token: "testToken",
ServerURL: testServerURL,
TokenEndPoint: testTokenEndPoint,
@ -46,7 +46,7 @@ func TestTrustEngineConfig(t *testing.T) {
secretName: "",
}}
resolveAllTrustEngineReferences(stepConfig, stepParams, trustEngineConfiguration, client)
resolveAllSystemTrustReferences(stepConfig, stepParams, systemTrustConfiguration, client)
assert.Equal(t, mockSonarToken, stepConfig.Config[secretName])
})
@ -55,19 +55,19 @@ func TestTrustEngineConfig(t *testing.T) {
secretName: "aMockTokenFromVault",
}}
resolveAllTrustEngineReferences(stepConfig, stepParams, trustEngineConfiguration, client)
resolveAllSystemTrustReferences(stepConfig, stepParams, systemTrustConfiguration, client)
assert.NotEqual(t, mockSonarToken, stepConfig.Config[secretName])
})
}
func createStepParam(name, refType, trustengineSecretNameProperty, defaultSecretNameName string) StepParameters {
func createStepParam(name, refType, systemTrustSecretNameProperty, defaultSecretNameName string) StepParameters {
return StepParameters{
Name: name,
Aliases: []Alias{},
ResourceRef: []ResourceReference{
{
Type: refType,
Name: trustengineSecretNameProperty,
Name: systemTrustSecretNameProperty,
Default: defaultSecretNameName,
},
},

67
pkg/config/trustengine.go
View File

@ -1,67 +0,0 @@
package config
import (
"errors"
piperhttp "github.com/SAP/jenkins-library/pkg/http"
"github.com/SAP/jenkins-library/pkg/log"
"github.com/SAP/jenkins-library/pkg/trustengine"
)
// const RefTypeTrustengineSecretFile = "trustengineSecretFile"
const RefTypeTrustengineSecret = "trustengineSecret"
// resolveAllTrustEngineReferences retrieves all the step's secrets from the System Trust
func resolveAllTrustEngineReferences(config *StepConfig, params []StepParameters, trustEngineConfiguration trustengine.Configuration, client *piperhttp.Client) {
for _, param := range params {
if ref := param.GetReference(RefTypeTrustengineSecret); ref != nil {
if config.Config[param.Name] == "" {
log.Entry().Infof("Getting '%s' from System Trust", param.Name)
token, err := trustengine.GetToken(ref.Default, client, trustEngineConfiguration)
if err != nil {
log.Entry().Info(" failed")
log.Entry().WithError(err).Debugf("Couldn't get '%s' token from System Trust", ref.Default)
continue
}
log.RegisterSecret(token)
config.Config[param.Name] = token
log.Entry().Info(" succeeded")
} else {
log.Entry().Debugf("Skipping retrieval of '%s' from System Trust: parameter already set", param.Name)
}
}
}
}
// setTrustEngineConfiguration sets the server URL for the System Trust by taking it from the hooks
func (c *Config) setTrustEngineConfiguration(hookConfig map[string]interface{}) error {
trustEngineHook, ok := hookConfig["trustengine"].(map[string]interface{})
if !ok {
return errors.New("no System Trust hook configuration found")
}
if serverURL, ok := trustEngineHook["serverURL"].(string); ok {
c.trustEngineConfiguration.ServerURL = serverURL
} else {
return errors.New("no System Trust server URL found")
}
if tokenEndPoint, ok := trustEngineHook["tokenEndPoint"].(string); ok {
c.trustEngineConfiguration.TokenEndPoint = tokenEndPoint
} else {
return errors.New("no System Trust service endpoint found")
}
if tokenQueryParamName, ok := trustEngineHook["tokenQueryParamName"].(string); ok {
c.trustEngineConfiguration.TokenQueryParamName = tokenQueryParamName
} else {
return errors.New("no System Trust query parameter name found")
}
if len(c.trustEngineConfiguration.Token) == 0 {
return errors.New("no System Trust token found and envvar is empty")
}
return nil
}
// SetTrustEngineToken sets the token for the System Trust
func (c *Config) SetTrustEngineToken(token string) {
c.trustEngineConfiguration.Token = token
}

14
pkg/documentation/generator/parameters.go
View File

@ -13,7 +13,7 @@ const (
vaultBadge = "![Vault](https://img.shields.io/badge/-Vault-lightgrey)"
jenkinsOnlyBadge = "![Jenkins only](https://img.shields.io/badge/-Jenkins%20only-yellowgreen)"
secretBadge = "![Secret](https://img.shields.io/badge/-Secret-yellowgreen)"
trustengineBadge = "![System Trust](https://img.shields.io/badge/-System%20Trust-lightblue)"
systemTrustBadge = "![System Trust](https://img.shields.io/badge/-System%20Trust-lightblue)"
deprecatedBadge = "![deprecated](https://img.shields.io/badge/-deprecated-red)"
)
@ -122,9 +122,9 @@ func parameterFurtherInfo(paramName string, stepData *config.StepData, execution
secretInfo := fmt.Sprintf("%s pass via ENV or Jenkins credentials", secretBadge)
isVaultSecret := param.GetReference("vaultSecret") != nil || param.GetReference("vaultSecretFile") != nil
isTrustengineSecret := param.GetReference(config.RefTypeTrustengineSecret) != nil
if isVaultSecret && isTrustengineSecret {
secretInfo = fmt.Sprintf(" %s %s %s pass via ENV, Vault, System Trust or Jenkins credentials", vaultBadge, trustengineBadge, secretBadge)
isSystemTrustSecret := param.GetReference(config.RefTypeSystemTrustSecret) != nil
if isVaultSecret && isSystemTrustSecret {
secretInfo = fmt.Sprintf(" %s %s %s pass via ENV, Vault, System Trust or Jenkins credentials", vaultBadge, systemTrustBadge, secretBadge)
} else if isVaultSecret {
secretInfo = fmt.Sprintf(" %s %s pass via ENV, Vault or Jenkins credentials", vaultBadge, secretBadge)
}
@ -347,8 +347,8 @@ func resourceReferenceDetails(resourceRef []config.ResourceReference) string {
resourceDetails = addVaultResourceDetails(resource, resourceDetails)
continue
}
if resource.Type == config.RefTypeTrustengineSecret {
resourceDetails = addTrustEngineResourceDetails(resource, resourceDetails)
if resource.Type == config.RefTypeSystemTrustSecret {
resourceDetails = addSystemTrustResourceDetails(resource, resourceDetails)
}
}
@ -369,7 +369,7 @@ func addVaultResourceDetails(resource config.ResourceReference, resourceDetails
return resourceDetails
}
func addTrustEngineResourceDetails(resource config.ResourceReference, resourceDetails string) string {
func addSystemTrustResourceDetails(resource config.ResourceReference, resourceDetails string) string {
resourceDetails += "<br/>System Trust resource:<br />"
resourceDetails += fmt.Sprintf("&nbsp;&nbsp;name: `%v`<br />", resource.Name)
resourceDetails += fmt.Sprintf("&nbsp;&nbsp;value: `%v`<br />", resource.Default)

18
pkg/trustengine/trustengine.go → pkg/systemtrust/systemtrust.go
View File

@ -1,4 +1,4 @@
package trustengine
package systemtrust
import (
"encoding/json"
@ -32,8 +32,8 @@ type Configuration struct {
}
// GetToken requests a single token
func GetToken(refName string, client *piperhttp.Client, trustEngineConfiguration Configuration) (string, error) {
secrets, err := GetSecrets([]string{refName}, client, trustEngineConfiguration)
func GetToken(refName string, client *piperhttp.Client, systemTrustConfiguration Configuration) (string, error) {
secrets, err := getSecrets([]string{refName}, client, systemTrustConfiguration)
if err != nil {
return "", errors.Wrap(err, "couldn't get token from System Trust")
}
@ -45,15 +45,15 @@ func GetToken(refName string, client *piperhttp.Client, trustEngineConfiguration
return "", errors.New("could not find token in System Trust response")
}
// GetSecrets transforms the System Trust JSON response into System Trust secrets, and can be used to request multiple tokens
func GetSecrets(refNames []string, client *piperhttp.Client, trustEngineConfiguration Configuration) ([]Secret, error) {
// getSecrets transforms the System Trust JSON response into System Trust secrets, and can be used to request multiple tokens
func getSecrets(refNames []string, client *piperhttp.Client, systemTrustConfiguration Configuration) ([]Secret, error) {
var secrets []Secret
query := url.Values{
trustEngineConfiguration.TokenQueryParamName: {
systemTrustConfiguration.TokenQueryParamName: {
strings.Join(refNames, ","),
},
}
response, err := getResponse(trustEngineConfiguration.ServerURL, trustEngineConfiguration.TokenEndPoint, query, client)
response, err := getResponse(systemTrustConfiguration.ServerURL, systemTrustConfiguration.TokenEndPoint, query, client)
if err != nil {
return secrets, errors.Wrap(err, "getting secrets from System Trust failed")
}
@ -120,7 +120,7 @@ func parseURL(serverURL, endpoint string, query url.Values) (string, error) {
}
// PrepareClient adds the System Trust authentication token to the client
func PrepareClient(client *piperhttp.Client, trustEngineConfiguration Configuration) *piperhttp.Client {
func PrepareClient(client *piperhttp.Client, systemTrustConfiguration Configuration) *piperhttp.Client {
var logEntry *logrus.Entry
if logrus.GetLevel() < logrus.DebugLevel {
logger := logrus.New()
@ -128,7 +128,7 @@ func PrepareClient(client *piperhttp.Client, trustEngineConfiguration Configurat
logEntry = logrus.NewEntry(logger)
}
client.SetOptions(piperhttp.ClientOptions{
Token: fmt.Sprintf("Bearer %s", trustEngineConfiguration.Token),
Token: fmt.Sprintf("Bearer %s", systemTrustConfiguration.Token),
Logger: logEntry,
})
return client

12
pkg/trustengine/trustengine_test.go → pkg/systemtrust/systemtrust_test.go
View File

@ -1,7 +1,7 @@
//go:build unit
// +build unit
package trustengine
package systemtrust
import (
"fmt"
@ -23,14 +23,14 @@ const errorMsg403 = "unauthorized to request token"
var testFullURL = fmt.Sprintf("%s/%s?%s=", testServerURL, testTokenEndPoint, testTokenQueryParamName)
var mockSingleTokenResponse = fmt.Sprintf("{\"sonar\": \"%s\"}", mockSonarToken)
var mockTwoTokensResponse = fmt.Sprintf("{\"sonar\": \"%s\", \"blackduck\": \"%s\"}", mockSonarToken, mockblackduckToken)
var trustEngineConfiguration = Configuration{
var systemTrustConfiguration = Configuration{
Token: "testToken",
ServerURL: testServerURL,
TokenEndPoint: testTokenEndPoint,
TokenQueryParamName: testTokenQueryParamName,
}
func TestTrustEngine(t *testing.T) {
func TestSystemTrust(t *testing.T) {
httpmock.Activate()
defer httpmock.DeactivateAndReset()
@ -40,7 +40,7 @@ func TestTrustEngine(t *testing.T) {
client := &piperhttp.Client{}
client.SetOptions(piperhttp.ClientOptions{MaxRetries: -1, UseDefaultTransport: true})
token, err := GetToken("sonar", client, trustEngineConfiguration)
token, err := GetToken("sonar", client, systemTrustConfiguration)
assert.NoError(t, err)
assert.Equal(t, mockSonarToken, token)
})
@ -51,7 +51,7 @@ func TestTrustEngine(t *testing.T) {
client := &piperhttp.Client{}
client.SetOptions(piperhttp.ClientOptions{MaxRetries: -1, UseDefaultTransport: true})
secrets, err := GetSecrets([]string{"sonar", "blackduck"}, client, trustEngineConfiguration)
secrets, err := getSecrets([]string{"sonar", "blackduck"}, client, systemTrustConfiguration)
assert.NoError(t, err)
assert.Len(t, secrets, 2)
@ -73,7 +73,7 @@ func TestTrustEngine(t *testing.T) {
client := &piperhttp.Client{}
client.SetOptions(piperhttp.ClientOptions{MaxRetries: -1, UseDefaultTransport: true})
_, err := GetToken("sonar", client, trustEngineConfiguration)
_, err := GetToken("sonar", client, systemTrustConfiguration)
assert.Error(t, err)
})

4
resources/metadata/sonarExecuteScan.yaml
View File

@ -53,8 +53,8 @@ spec:
default: sonar
- name: sonarTokenCredentialsId
type: secret
- type: trustengineSecret
name: sonarTrustengineSecretName
- type: systemTrustSecret
name: sonarSystemtrustSecretName
default: sonar
aliases:
- name: sonarToken