From 16535de02217c548b776b24b0cbf4bd454ca18d4 Mon Sep 17 00:00:00 2001 From: Azure SDK Bot <53356347+azure-sdk@users.noreply.github.com> Date: Mon, 16 Aug 2021 16:19:24 -0700 Subject: [PATCH] Sync eng/common directory with azure-sdk-tools for PR 1909 (#994) * add test-proxy invocations to eng/common folder Co-authored-by: scbedd <45376673+scbedd@users.noreply.github.com> --- eng/common/scripts/common.ps1 | 1 + .../scripts/trust-proxy-certificate.ps1 | 6 ++ eng/common/testproxy/apply-dev-cert.sh | 31 +++++++ eng/common/testproxy/docker-start-proxy.ps1 | 83 ++++++++++++++++++ eng/common/testproxy/dotnet-devcert.crt | 20 +++++ eng/common/testproxy/dotnet-devcert.pfx | Bin 0 -> 2445 bytes eng/common/testproxy/localhost.conf | 23 +++++ eng/common/testproxy/test-proxy-docker.yml | 15 ++++ eng/common/testproxy/test-proxy-tool.yml | 47 ++++++++++ 9 files changed, 226 insertions(+) create mode 100644 eng/common/scripts/trust-proxy-certificate.ps1 create mode 100644 eng/common/testproxy/apply-dev-cert.sh create mode 100644 eng/common/testproxy/docker-start-proxy.ps1 create mode 100644 eng/common/testproxy/dotnet-devcert.crt create mode 100644 eng/common/testproxy/dotnet-devcert.pfx create mode 100644 eng/common/testproxy/localhost.conf create mode 100644 eng/common/testproxy/test-proxy-docker.yml create mode 100644 eng/common/testproxy/test-proxy-tool.yml diff --git a/eng/common/scripts/common.ps1 b/eng/common/scripts/common.ps1 index 4e0b0847c..4f31c92c3 100644 --- a/eng/common/scripts/common.ps1 +++ b/eng/common/scripts/common.ps1 @@ -44,3 +44,4 @@ $GetDocsMsMetadataForPackageFn = "Get-${Language}-DocsMsMetadataForPackage" $GetDocsMsDevLanguageSpecificPackageInfoFn = "Get-${Language}-DocsMsDevLanguageSpecificPackageInfo" $GetGithubIoDocIndexFn = "Get-${Language}-GithubIoDocIndex" $FindArtifactForApiReviewFn = "Find-${Language}-Artifacts-For-Apireview" +$TestProxyTrustCertFn = "Import-Dev-Cert-${Language}" diff --git a/eng/common/scripts/trust-proxy-certificate.ps1 b/eng/common/scripts/trust-proxy-certificate.ps1 new file mode 100644 index 000000000..144d304cf --- /dev/null +++ b/eng/common/scripts/trust-proxy-certificate.ps1 @@ -0,0 +1,6 @@ +. $PSScriptRoot/common.ps1 + +if ($TestProxyTrustCertFn -and (Test-Path "Function:$TestProxyTrustCertFn")) +{ + &$TestProxyTrustCertFn +} \ No newline at end of file diff --git a/eng/common/testproxy/apply-dev-cert.sh b/eng/common/testproxy/apply-dev-cert.sh new file mode 100644 index 000000000..5b4523e8c --- /dev/null +++ b/eng/common/testproxy/apply-dev-cert.sh @@ -0,0 +1,31 @@ +#!/bin/bash +TMP_PATH=$CERT_FOLDER +PFXFILE=$CERT_FOLDER/dotnet-devcert.pfx +CRTFILE=$CERT_FOLDER/dotnet-devcert.crt + +NSSDB_PATHS=( + "$HOME/.pki/nssdb" + "$HOME/snap/chromium/current/.pki/nssdb" + "$HOME/snap/postman/current/.pki/nssdb" +) + +function configure_nssdb() { + echo "Configuring nssdb for $1" + certutil -d sql:$1 -D -n dotnet-devcert + certutil -d sql:$1 -A -t "CP,," -n dotnet-devcert -i $CRTFILE +} + +for NSSDB in ${NSSDB_PATHS[@]}; do + if [ -d "$NSSDB" ]; then + configure_nssdb $NSSDB + fi +done + +if [ $(id -u) -ne 0 ]; then + SUDO='sudo' +fi + +$SUDO cp $CRTFILE "/usr/local/share/ca-certificates" +$SUDO update-ca-certificates + +dotnet dev-certs https --clean --import $PFXFILE -p "password" diff --git a/eng/common/testproxy/docker-start-proxy.ps1 b/eng/common/testproxy/docker-start-proxy.ps1 new file mode 100644 index 000000000..4e5da3727 --- /dev/null +++ b/eng/common/testproxy/docker-start-proxy.ps1 @@ -0,0 +1,83 @@ + #!/usr/bin/env pwsh -c + +<# +.DESCRIPTION +Start the docker proxy container. If it is already running, quietly exit. Any other error should fail. +.PARAMETER Mode +"start" or "stop" to start up or stop the test-proxy instance. +.PARAMETER TargetFolder +The folder in which context the test proxy will be started. Defaults to current working directory. +#> +[CmdletBinding(SupportsShouldProcess = $true)] +param( + [ValidateSet("start", "stop")] + [String] + $Mode, + [String] + $TargetFolder = "." +) + +try { + docker --version | Out-Null +} +catch { + Write-Error "A invocation of docker --version failed. This indicates that docker is not properly installed or running." + Write-Error "Please check your docker invocation and try running the script again." +} + +$SELECTED_IMAGE_TAG = "1037115" +$CONTAINER_NAME = "ambitious_azsdk_test_proxy" +$LINUX_IMAGE_SOURCE = "azsdkengsys.azurecr.io/engsys/testproxy-lin:${SELECTED_IMAGE_TAG}" +$WINDOWS_IMAGE_SOURCE = "azsdkengsys.azurecr.io/engsys/testproxy-win:${SELECTED_IMAGE_TAG}" +$root = (Resolve-Path $TargetFolder).Path.Replace("`\", "/") + +function Get-Proxy-Container(){ + return (docker container ls -a --format "{{ json . }}" --filter "name=$CONTAINER_NAME" ` + | ConvertFrom-Json ` + | Select-Object -First 1) +} + + +$SelectedImage = $LINUX_IMAGE_SOURCE +$Initial = "" + +# most of the time, running this script on a windows machine will work just fine, as docker defaults to linux containers +# however, in CI, windows images default to _windows_ containers. We cannot swap them. We can tell if we're in a CI build by +# checking for the environment variable TF_BUILD. +if ($IsWindows -and $env:TF_BUILD){ + $SelectedImage = $WINDOWS_IMAGE_SOURCE + $Initial = "C:" +} + +if ($Mode -eq "start"){ + $proxyContainer = Get-Proxy-Container + + # if we already have one, we just need to check the state + if($proxyContainer){ + if ($proxyContainer.State -eq "running") + { + Write-Host "Discovered an already running instance of the test-proxy!. Exiting" + exit(0) + } + } + # else we need to create it + else { + Write-Host "Attempting creation of Docker host $CONTAINER_NAME" + Write-Host "docker container create -v `"${root}:${Initial}/etc/testproxy`" -p 5001:5001 -p 5000:5000 --name $CONTAINER_NAME $SelectedImage" + docker container create -v "${root}:${Initial}/etc/testproxy" -p 5001:5001 -p 5000:5000 --name $CONTAINER_NAME $SelectedImage + } + + Write-Host "Attempting start of Docker host $CONTAINER_NAME" + docker container start $CONTAINER_NAME +} + +if ($Mode -eq "stop"){ + $proxyContainer = Get-Proxy-Container + + if($proxyContainer){ + if($proxyContainer.State -eq "running"){ + Write-Host "Found a running instance of $CONTAINER_NAME, shutting it down." + docker container stop $CONTAINER_NAME + } + } +} \ No newline at end of file diff --git a/eng/common/testproxy/dotnet-devcert.crt b/eng/common/testproxy/dotnet-devcert.crt new file mode 100644 index 000000000..e8575ea44 --- /dev/null +++ b/eng/common/testproxy/dotnet-devcert.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSDCCAjCgAwIBAgIUPMKpJ/j10eQrcQBNnkImIaOYHakwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIxMDgwNTAwMzU1NloXDTIyMDgw +NTAwMzU1NlowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAxe/ZseXgOTVoF7uTjX5Leknk95jIoyGc+VlxA8BhzGOr +r4u6VNQZRCMq+svHY36tW4+u/xHNe2kvbwy2mnS8cFFLfst+94qBZVJDBxSGZ9I/ +wekErNsjFsik4UrMvcC+ZlGPh7hb3f7tSx29tn1DIkAUXVnbZ6TT5s+mYRQpZ6fW +6kR3RNfc0A1IUM7Zs9yfNEr0O2H41P2HcLKoOPtvd7GvTQm9Ofh3srKvII+sZn/J +WH7r76oRQMX904mOMdryQwZLObsqX4dXIEbafKVSecB3PBVIhv8gVtJhcZbQP1pI +mMiWd6PHv46ZhGf7+cKnYUSa8Ia2t/wetK1wd00dFwIDAQABo4GRMIGOMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGmMBYGA1UdJQEB/wQMMAoGCCsGAQUF +BwMBMBcGA1UdEQEB/wQNMAuCCWxvY2FsaG9zdDA6BgorBgEEAYI3VAEBBCwMKkFT +UC5ORVQgQ29yZSBIVFRQUyBkZXZlbG9wbWVudCBjZXJ0aWZpY2F0ZTANBgkqhkiG +9w0BAQsFAAOCAQEAIj2VlBVcXGSly6KCBg6lgwFi+henWfSox77iuGAaAxDjN3jd +9lZahW4MPNLHKSrPRb4YNSLZ2jh7zdcttQrqd4qH65o1q56q5JrCmli99iIzY9Y8 +RdYyxK4Zzr31wjpsyFiWQfqJTuSFUUg9uDDj0negwEZLIGlt7nr12wflt2+QOJtD +byMeSZLbB5dPzn341DK0qfJEJMMgL0XsPEVZ3TQ6Alc9zq5wI608C/mXnz3xJE05 +UTYD8pRJJ/DyG0empvOVE8Sg93msHPquAbgqO9aqCpykgg/a8CFvI4wRdfvGEFlv +8XJKL8Y/PFsmFeO3axq3zUYKFVdc9Un4dFIaag== +-----END CERTIFICATE----- diff --git a/eng/common/testproxy/dotnet-devcert.pfx b/eng/common/testproxy/dotnet-devcert.pfx new file mode 100644 index 0000000000000000000000000000000000000000..28058ae4ce30e7a413e8f872d930fa2cf5c2107c GIT binary patch literal 2445 zcmY+Ec{me}AIEKGOw3W1T%&R;L(Z@fa?O=93FS=q=BQl7a-{|M|6Xqd27(0wI1w0#Ef}JdY@Ym$AHWSL zz(7zS3`GAI)K?F!Tb zfjk`X7|v1{OYWP-ZccVCBTB-xZYA4g%!tC;_FsW8vbMzZGh3`8ogVrPMR>ljPU4#- z`G@P4g@lf03(hTENs)vkx^jBoGHwj2avv-Dpe_DO>@3jk<%U$iX9rZd`=jP! zsg>})<%?TyfZg|Y*>jhF5Sk^W#Xi;Zf992<-1wem2j0S$iBLn3j~5NK^GDtfIXo`5 zEs4Sf`)CEeP0j%@`i~ke|2fh@=L=@SIJ}`Y+kWWchubBzbXCRXNLitiiMY3dmu!a( zFZPEvT^=8TlPT8*{GH8Y<-2>g>eDZprB2Z+>uP-Z?YAXY9h_{s@4_XehsU4Id_iyC zJ+N--k7cI{U3Bi+p2UKd+buQ)=Z*I*(W5Hw)&cuE;drYzBT8WE$tY9^^4o53%-qi5 z=n{`d!C!c+~BNXhVHGYMn+(JJ0#LCDfvOFPO#fMYz)uYiLDW|Co z(JGTK!;W~b1WLVc_OQ;;y-e`1>Itds$%e}1YQK|Ze#ae*l3sb6q>JipNOI#XV=WLu zsiaZOG)Y@E9Hc?8IGLp#_fdMEJxgwAltLxG(ZXfxQMhi>=<_k}P;!U4_5&K0su_n9 zQ&wnVaA_R&m2zs__fZs>G)%_NW)SfLFgowbEDRqBT^z zJMo)_(u@dc8+TU{Xdrq5=H(TjX}T`cCNE>>pH3;Ad}l6&(NCGu#)3`Gm)tWnFX*fWw>iusH-DeXc-0_K%B?cPcYb`dW?L5*s2f4hp zKeP|&@yDS&;8*PpQw~cQEhAf!7vf#A2DL4a-dY3E@O)XZKK~Y*%(FLu`*?(Zen_F2 zPxvUY0RHLI{s$pqq*$-r#fUBwfZo(KCs%hX?u@6-^jp@|GJ(4$>d|yLeaX7K7qf1N25=t-MWP)nc}xHt_coMNUZF&!y2dObegcrn^uF-D>4qs;DA=zqU?bmyx|I zx{YWUS(>xDdPsmyh{Z*-lg^&5RYzXkyVj#%Jjao_N!q@F2y*i=D;iN=%^8j1li)|W zO$Tp!3PT4fpfxfDq zUhF8y%X|XI1;l*cygss_+G?*f_ik^z=Ke5}=A~KOvHxYg)!i}dxwR25Xf+f!SPifN zK_Y9AKWpP+oI@T^$XT5`{_B4e3fD|c@Q}89T*QQwyld*zXZCAD4>GC}9;NG;RG0(5 znCLlG-=@yqe0I($$p5%?wp-oxY5FwGxwa%0!TBYiZX~;QPV~q@A%SXMowq=`bW3rT zPIq&knIrEPBS8(i=47qf){UF!GGy&r0Z;BbJc~h^^*-$0zZUMj%x?59QtrM0%^JKZ$4FPS{j?Ut<*pX!#dB%!EbOGU5*$5VFUa)Y@$M;Z z4sl8Ns(swP-zX*T#^Q9`@)Sed>bf4v-3@?4?C!~cisATi`B3dvT1mth0W%(+%O^(X)3 zB7ad%T0XtsUdE>o28`a;_iQtx4RfXR|6{`h;drtDABlWO*H zgT|>(isc2UO4D+-y-(X5*;PMlIb6=BB$EqoGaR;5T|(3cEW!exbkWR0 zKSxCTZ>!9^nIMV@rXZp3&~tT3_6(~U@dzr@{&LObWzJXp+%8Ugw8q*?g_nMorpp7&E#Ztx{^h3z}&B?D+fl@MlU+)b>qDi^1L1WD%$SyN(bMH5llaAfgwMN+(1yb)GL# zB644QI=;pr)DSWV2$)M5$_W(X;s71nM&EriZMXu9q4}jIu`Zb2ZMe}2;=yh6dp0e8 JEc(5Y{{n}~oSOgu literal 0 HcmV?d00001 diff --git a/eng/common/testproxy/localhost.conf b/eng/common/testproxy/localhost.conf new file mode 100644 index 000000000..2e0341529 --- /dev/null +++ b/eng/common/testproxy/localhost.conf @@ -0,0 +1,23 @@ +[req] +prompt = no +default_bits = 2048 +distinguished_name = subject +req_extensions = req_ext +x509_extensions = x509_ext + +[ subject ] +commonName = localhost + +[req_ext] +basicConstraints = critical, CA:true +subjectAltName = @alt_names + +[x509_ext] +basicConstraints = critical, CA:true +keyUsage = critical, keyCertSign, cRLSign, digitalSignature,keyEncipherment +extendedKeyUsage = critical, serverAuth +subjectAltName = critical, @alt_names +1.3.6.1.4.1.311.84.1.1 = ASN1:UTF8String:ASP.NET Core HTTPS development certificate # Needed to get it imported by dotnet dev-certs + +[alt_names] +DNS.1 = localhost diff --git a/eng/common/testproxy/test-proxy-docker.yml b/eng/common/testproxy/test-proxy-docker.yml new file mode 100644 index 000000000..97617b6fd --- /dev/null +++ b/eng/common/testproxy/test-proxy-docker.yml @@ -0,0 +1,15 @@ +parameters: + rootFolder: '$(Build.SourcesDirectory)' + +steps: + - pwsh: | + $(Build.SourcesDirectory)/eng/common/scripts/trust-proxy-certificate.ps1 + displayName: 'Language Specific Certificate Trust' + + - pwsh: | + $(Build.SourcesDirectory)/eng/common/testproxy/docker-start-proxy.ps1 -Mode start -TargetFolder "${{ parameters.rootFolder }}" + displayName: 'Run the docker container' + + - pwsh: | + docker container ls -a + displayName: Check running container \ No newline at end of file diff --git a/eng/common/testproxy/test-proxy-tool.yml b/eng/common/testproxy/test-proxy-tool.yml new file mode 100644 index 000000000..9f24b0f0d --- /dev/null +++ b/eng/common/testproxy/test-proxy-tool.yml @@ -0,0 +1,47 @@ +parameters: + rootFolder: '$(Build.SourcesDirectory)' + +steps: + - pwsh: | + $(Build.SourcesDirectory)/eng/common/scripts/trust-proxy-certificate.ps1 + displayName: 'Language Specific Certificate Trust' + + - pwsh: | + Write-Host "##vso[task.setvariable variable=OriginalPath]$env:PATH" + displayName: 'Store Path Value' + + - pwsh: | + Write-Host "##vso[task.setvariable variable=ASPNETCORE_Kestrel__Certificates__Default__Path]$(Build.SourcesDirectory)/eng/common/testproxy/dotnet-devcert.pfx" + Write-Host "##vso[task.setvariable variable=ASPNETCORE_Kestrel__Certificates__Default__Password]password" + displayName: 'Configure Kestrel Environment Variables' + + - task: UseDotNet@2 + displayName: "Use .NET Core SDK" + inputs: + packageType: sdk + version: 5.0.205 + + - pwsh: | + dotnet tool install azure.sdk.tools.testproxy ` + --tool-path $(Build.BinariesDirectory)/test-proxy ` + --add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json ` + --version 1.0.0-dev.20210811.2 + displayName: "Install test-proxy" + + - pwsh: | + Start-Process $(Build.BinariesDirectory)/test-proxy/test-proxy.exe ` + -ArgumentList "--storage-location '${{ parameters.rootFolder }}'" ` + -NoNewWindow -PassThru + displayName: 'Run the testproxy - windows' + condition: and(succeeded(), eq(variables['Agent.OS'],'Windows_NT')) + + # nohup does NOT continue beyond the current session if you use it within powershell + - bash: | + sudo nohup $(Build.BinariesDirectory)/test-proxy/test-proxy & + displayName: "Run the testproxy - linux/mac" + condition: and(succeeded(), ne(variables['Agent.OS'],'Windows_NT')) + workingDirectory: "${{ parameters.rootFolder }}" + + - pwsh: | + Write-Host "##vso[task.setvariable variable=PATH]$(OriginalPath)" + displayName: 'Restore .NET version by resetting path' \ No newline at end of file