Skip to content

Commit

Permalink
fix(naming): Rename Trust Engine to System Trust (#5217)
Browse files Browse the repository at this point in the history 
* rename package

* make unexported

* rename all occurrences

---------

Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
  • Loading branch information
@Googlom
Googlom and Gulom Alimov authored Jan 7, 2025
1 parent f06e29f commit 4fd896e
Show file tree
Hide file tree
Showing 10 changed files with 111 additions and 112 deletions.
10 changes: 5 additions & 5 deletions cmd/piper.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ type GeneralConfigOptions struct {
VaultServerURL string
VaultNamespace string
VaultPath string
TrustEngineToken string
SystemTrustToken string
HookConfig HookConfiguration
MetaDataResolver func() map[string]config.StepData
GCPJsonKeyFilePath string
Expand All @@ -57,7 +57,7 @@ type HookConfiguration struct {
SplunkConfig SplunkConfiguration `json:"splunk,omitempty"`
PendoConfig PendoConfiguration `json:"pendo,omitempty"`
OIDCConfig OIDCConfiguration `json:"oidc,omitempty"`
TrustEngineConfig TrustEngineConfiguration `json:"trustengine,omitempty"`
SystemTrustConfig SystemTrustConfiguration `json:"systemtrust,omitempty"`
}

type GCPPubSubConfiguration struct {
Expand Down Expand Up @@ -93,7 +93,7 @@ type OIDCConfiguration struct {
RoleID string `json:",roleID,omitempty"`
}

type TrustEngineConfiguration struct {
type SystemTrustConfiguration struct {
ServerURL string `json:"baseURL,omitempty"`
TokenEndPoint string `json:"tokenEndPoint,omitempty"`
TokenQueryParamName string `json:"tokenQueryParamName,omitempty"`
Expand Down Expand Up @@ -385,8 +385,8 @@ func PrepareConfig(cmd *cobra.Command, metadata *config.StepData, stepName strin
}
myConfig.SetVaultCredentials(GeneralConfig.VaultRoleID, GeneralConfig.VaultRoleSecretID, GeneralConfig.VaultToken)

GeneralConfig.TrustEngineToken = os.Getenv("PIPER_trustEngineToken")
myConfig.SetTrustEngineToken(GeneralConfig.TrustEngineToken)
GeneralConfig.SystemTrustToken = os.Getenv("PIPER_systemTrustToken")
myConfig.SetSystemTrustToken(GeneralConfig.SystemTrustToken)

if len(GeneralConfig.StepConfigJSON) != 0 {
// ignore config & defaults in favor of passed stepConfigJSON
Expand Down
4 changes: 2 additions & 2 deletions cmd/sonarExecuteScan_generated.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 5 additions & 5 deletions pkg/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (
"regexp"
"strings"

"github.com/SAP/jenkins-library/pkg/trustengine"
"github.com/SAP/jenkins-library/pkg/systemtrust"

piperhttp "github.com/SAP/jenkins-library/pkg/http"
"github.com/SAP/jenkins-library/pkg/log"
Expand All @@ -33,7 +33,7 @@ type Config struct {
accessTokens map[string]string
openFile func(s string, t map[string]string) (io.ReadCloser, error)
vaultCredentials VaultCredentials
trustEngineConfiguration trustengine.Configuration
systemTrustConfiguration systemtrust.Configuration
}

// StepConfig defines the structure for merged step configuration
Expand Down Expand Up @@ -295,12 +295,12 @@ func (c *Config) GetStepConfig(flagValues map[string]interface{}, paramJSON stri
}

// hooks need to have been loaded from the defaults before the server URL is known
err = c.setTrustEngineConfiguration(stepConfig.HookConfig)
err = c.setSystemTrustConfiguration(stepConfig.HookConfig)
if err != nil {
log.Entry().WithError(err).Debug("System Trust lookup skipped due to missing or incorrect configuration")
} else {
trustengineClient := trustengine.PrepareClient(&piperhttp.Client{}, c.trustEngineConfiguration)
resolveAllTrustEngineReferences(&stepConfig, append(parameters, ReportingParameters.Parameters...), c.trustEngineConfiguration, trustengineClient)
systemTrustClient := systemtrust.PrepareClient(&piperhttp.Client{}, c.systemTrustConfiguration)
resolveAllSystemTrustReferences(&stepConfig, append(parameters, ReportingParameters.Parameters...), c.systemTrustConfiguration, systemTrustClient)
}

// finally do the condition evaluation post processing
Expand Down
66 changes: 66 additions & 0 deletions pkg/config/systemtrust.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
package config

import (
"errors"

piperhttp "github.com/SAP/jenkins-library/pkg/http"
"github.com/SAP/jenkins-library/pkg/log"
"github.com/SAP/jenkins-library/pkg/systemtrust"
)

const RefTypeSystemTrustSecret = "systemTrustSecret"

// resolveAllSystemTrustReferences retrieves all the step's secrets from the System Trust
func resolveAllSystemTrustReferences(config *StepConfig, params []StepParameters, systemTrustConfiguration systemtrust.Configuration, client *piperhttp.Client) {
for _, param := range params {
if ref := param.GetReference(RefTypeSystemTrustSecret); ref != nil {
if config.Config[param.Name] == "" {
log.Entry().Infof("Getting '%s' from System Trust", param.Name)
token, err := systemtrust.GetToken(ref.Default, client, systemTrustConfiguration)
if err != nil {
log.Entry().Info(" failed")
log.Entry().WithError(err).Debugf("Couldn't get '%s' token from System Trust", ref.Default)
continue
}
log.RegisterSecret(token)
config.Config[param.Name] = token
log.Entry().Info(" succeeded")
} else {
log.Entry().Debugf("Skipping retrieval of '%s' from System Trust: parameter already set", param.Name)
}
}
}
}

// setSystemTrustConfiguration sets the server URL for the System Trust by taking it from the hooks
func (c *Config) setSystemTrustConfiguration(hookConfig map[string]interface{}) error {
systemTrustHook, ok := hookConfig["systemtrust"].(map[string]interface{})
if !ok {
return errors.New("no System Trust hook configuration found")
}
if serverURL, ok := systemTrustHook["serverURL"].(string); ok {
c.systemTrustConfiguration.ServerURL = serverURL
} else {
return errors.New("no System Trust server URL found")
}
if tokenEndPoint, ok := systemTrustHook["tokenEndPoint"].(string); ok {
c.systemTrustConfiguration.TokenEndPoint = tokenEndPoint
} else {
return errors.New("no System Trust service endpoint found")
}
if tokenQueryParamName, ok := systemTrustHook["tokenQueryParamName"].(string); ok {
c.systemTrustConfiguration.TokenQueryParamName = tokenQueryParamName
} else {
return errors.New("no System Trust query parameter name found")
}

if len(c.systemTrustConfiguration.Token) == 0 {
return errors.New("no System Trust token found and envvar is empty")
}
return nil
}

// SetSystemTrustToken sets the token for the System Trust
func (c *Config) SetSystemTrustToken(token string) {
c.systemTrustConfiguration.Token = token
}
18 changes: 9 additions & 9 deletions pkg/config/trustengine_test.go → pkg/config/systemtrust_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,14 @@ import (
"testing"

piperhttp "github.com/SAP/jenkins-library/pkg/http"
"github.com/SAP/jenkins-library/pkg/trustengine"
"github.com/SAP/jenkins-library/pkg/systemtrust"
"github.com/jarcoal/httpmock"

"github.com/stretchr/testify/assert"
)

const secretName = "sonar"
const secretNameInTrustEngine = "sonarTrustengineSecretName"
const secretNameInSystemTrust = "sonarSystemtrustSecretName"
const testServerURL = "https://www.project-piper.io"
const testTokenEndPoint = "tokens"
const testTokenQueryParamName = "systems"
Expand All @@ -25,14 +25,14 @@ const mockSonarToken = "mockSonarToken"
var testFullURL = fmt.Sprintf("%s/%s?%s=", testServerURL, testTokenEndPoint, testTokenQueryParamName)
var mockSingleTokenResponse = fmt.Sprintf("{\"sonar\": \"%s\"}", mockSonarToken)

func TestTrustEngineConfig(t *testing.T) {
func TestSystemTrustConfig(t *testing.T) {
httpmock.Activate()
defer httpmock.DeactivateAndReset()
httpmock.RegisterResponder(http.MethodGet, testFullURL+"sonar", httpmock.NewStringResponder(200, mockSingleTokenResponse))

stepParams := []StepParameters{createStepParam(secretName, RefTypeTrustengineSecret, secretNameInTrustEngine, secretName)}
stepParams := []StepParameters{createStepParam(secretName, RefTypeSystemTrustSecret, secretNameInSystemTrust, secretName)}

var trustEngineConfiguration = trustengine.Configuration{
var systemTrustConfiguration = systemtrust.Configuration{
Token: "testToken",
ServerURL: testServerURL,
TokenEndPoint: testTokenEndPoint,
Expand All @@ -46,7 +46,7 @@ func TestTrustEngineConfig(t *testing.T) {
secretName: "",
}}

resolveAllTrustEngineReferences(stepConfig, stepParams, trustEngineConfiguration, client)
resolveAllSystemTrustReferences(stepConfig, stepParams, systemTrustConfiguration, client)
assert.Equal(t, mockSonarToken, stepConfig.Config[secretName])
})

Expand All @@ -55,19 +55,19 @@ func TestTrustEngineConfig(t *testing.T) {
secretName: "aMockTokenFromVault",
}}

resolveAllTrustEngineReferences(stepConfig, stepParams, trustEngineConfiguration, client)
resolveAllSystemTrustReferences(stepConfig, stepParams, systemTrustConfiguration, client)
assert.NotEqual(t, mockSonarToken, stepConfig.Config[secretName])
})
}

func createStepParam(name, refType, trustengineSecretNameProperty, defaultSecretNameName string) StepParameters {
func createStepParam(name, refType, systemTrustSecretNameProperty, defaultSecretNameName string) StepParameters {
return StepParameters{
Name: name,
Aliases: []Alias{},
ResourceRef: []ResourceReference{
{
Type: refType,
Name: trustengineSecretNameProperty,
Name: systemTrustSecretNameProperty,
Default: defaultSecretNameName,
},
},
Expand Down
67 changes: 0 additions & 67 deletions pkg/config/trustengine.go
View file

This file was deleted.

14 changes: 7 additions & 7 deletions pkg/documentation/generator/parameters.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ const (
vaultBadge = "![Vault](https://img.shields.io/badge/-Vault-lightgrey)"
jenkinsOnlyBadge = "![Jenkins only](https://img.shields.io/badge/-Jenkins%20only-yellowgreen)"
secretBadge = "![Secret](https://img.shields.io/badge/-Secret-yellowgreen)"
trustengineBadge = "![System Trust](https://img.shields.io/badge/-System%20Trust-lightblue)"
systemTrustBadge = "![System Trust](https://img.shields.io/badge/-System%20Trust-lightblue)"
deprecatedBadge = "![deprecated](https://img.shields.io/badge/-deprecated-red)"
)

Expand Down Expand Up @@ -122,9 +122,9 @@ func parameterFurtherInfo(paramName string, stepData *config.StepData, execution
secretInfo := fmt.Sprintf("%s pass via ENV or Jenkins credentials", secretBadge)

isVaultSecret := param.GetReference("vaultSecret") != nil || param.GetReference("vaultSecretFile") != nil
isTrustengineSecret := param.GetReference(config.RefTypeTrustengineSecret) != nil
if isVaultSecret && isTrustengineSecret {
secretInfo = fmt.Sprintf(" %s %s %s pass via ENV, Vault, System Trust or Jenkins credentials", vaultBadge, trustengineBadge, secretBadge)
isSystemTrustSecret := param.GetReference(config.RefTypeSystemTrustSecret) != nil
if isVaultSecret && isSystemTrustSecret {
secretInfo = fmt.Sprintf(" %s %s %s pass via ENV, Vault, System Trust or Jenkins credentials", vaultBadge, systemTrustBadge, secretBadge)
} else if isVaultSecret {
secretInfo = fmt.Sprintf(" %s %s pass via ENV, Vault or Jenkins credentials", vaultBadge, secretBadge)
}
Expand Down Expand Up @@ -347,8 +347,8 @@ func resourceReferenceDetails(resourceRef []config.ResourceReference) string {
resourceDetails = addVaultResourceDetails(resource, resourceDetails)
continue
}
if resource.Type == config.RefTypeTrustengineSecret {
resourceDetails = addTrustEngineResourceDetails(resource, resourceDetails)
if resource.Type == config.RefTypeSystemTrustSecret {
resourceDetails = addSystemTrustResourceDetails(resource, resourceDetails)
}
}

Expand All @@ -369,7 +369,7 @@ func addVaultResourceDetails(resource config.ResourceReference, resourceDetails
return resourceDetails
}

func addTrustEngineResourceDetails(resource config.ResourceReference, resourceDetails string) string {
func addSystemTrustResourceDetails(resource config.ResourceReference, resourceDetails string) string {
resourceDetails += "<br/>System Trust resource:<br />"
resourceDetails += fmt.Sprintf("&nbsp;&nbsp;name: `%v`<br />", resource.Name)
resourceDetails += fmt.Sprintf("&nbsp;&nbsp;value: `%v`<br />", resource.Default)
Expand Down
18 changes: 9 additions & 9 deletions pkg/trustengine/trustengine.go → pkg/systemtrust/systemtrust.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package trustengine
package systemtrust

import (
"encoding/json"
Expand Down Expand Up @@ -32,8 +32,8 @@ type Configuration struct {
}

// GetToken requests a single token
func GetToken(refName string, client *piperhttp.Client, trustEngineConfiguration Configuration) (string, error) {
secrets, err := GetSecrets([]string{refName}, client, trustEngineConfiguration)
func GetToken(refName string, client *piperhttp.Client, systemTrustConfiguration Configuration) (string, error) {
secrets, err := getSecrets([]string{refName}, client, systemTrustConfiguration)
if err != nil {
return "", errors.Wrap(err, "couldn't get token from System Trust")
}
Expand All @@ -45,15 +45,15 @@ func GetToken(refName string, client *piperhttp.Client, trustEngineConfiguration
return "", errors.New("could not find token in System Trust response")
}

// GetSecrets transforms the System Trust JSON response into System Trust secrets, and can be used to request multiple tokens
func GetSecrets(refNames []string, client *piperhttp.Client, trustEngineConfiguration Configuration) ([]Secret, error) {
// getSecrets transforms the System Trust JSON response into System Trust secrets, and can be used to request multiple tokens
func getSecrets(refNames []string, client *piperhttp.Client, systemTrustConfiguration Configuration) ([]Secret, error) {
var secrets []Secret
query := url.Values{
trustEngineConfiguration.TokenQueryParamName: {
systemTrustConfiguration.TokenQueryParamName: {
strings.Join(refNames, ","),
},
}
response, err := getResponse(trustEngineConfiguration.ServerURL, trustEngineConfiguration.TokenEndPoint, query, client)
response, err := getResponse(systemTrustConfiguration.ServerURL, systemTrustConfiguration.TokenEndPoint, query, client)
if err != nil {
return secrets, errors.Wrap(err, "getting secrets from System Trust failed")
}
Expand Down Expand Up @@ -120,15 +120,15 @@ func parseURL(serverURL, endpoint string, query url.Values) (string, error) {
}

// PrepareClient adds the System Trust authentication token to the client
func PrepareClient(client *piperhttp.Client, trustEngineConfiguration Configuration) *piperhttp.Client {
func PrepareClient(client *piperhttp.Client, systemTrustConfiguration Configuration) *piperhttp.Client {
var logEntry *logrus.Entry
if logrus.GetLevel() < logrus.DebugLevel {
logger := logrus.New()
logger.SetOutput(io.Discard)
logEntry = logrus.NewEntry(logger)
}
client.SetOptions(piperhttp.ClientOptions{
Token: fmt.Sprintf("Bearer %s", trustEngineConfiguration.Token),
Token: fmt.Sprintf("Bearer %s", systemTrustConfiguration.Token),
Logger: logEntry,
})
return client
Expand Down
Loading

0 comments on commit 4fd896e

Please sign in to comment.