Skip to content

Commit

Permalink
Merge pull request #49 from Appdynamics/features/rbac
Browse files Browse the repository at this point in the history
Merging RBAC and License Rules
  • Loading branch information
AlexJov authored Apr 20, 2021
2 parents fecd49d + 57a28ff commit b45610f
Show file tree
Hide file tree
Showing 31 changed files with 1,665 additions and 38 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/DockerBuildPush.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
tag_with_ref: true
dockerfile: docker/Dockerfile

QA-DcokerImage:
QA-DockerImage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
Expand Down
75 changes: 58 additions & 17 deletions .github/workflows/QAConfigMyApp.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ on:
branches: [ master, develop ]

jobs:
DcokerImage-QA:
DockerImage-QA:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
Expand All @@ -32,53 +32,53 @@ jobs:
echo Running basic CMA
pwd
ls -ltr
./start.sh -a Jenkins_API -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }}
./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }}
- name: TestCase1- Basic ConfigMyApp with default dashboard off
run: |
echo Running basic CMA with default dashboard off
pwd
ls -ltr
./start.sh -a Jenkins_API -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
- name: TestCase2- BT_ONLY
env:
CMA_USE_HTTPS: false
run: |
echo Running BT_ONLY,
./start.sh -a Jenkins_API --bt-only -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
./start.sh -a Jenkins_API_Demo --bt-only -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
- name: TestCase3- Action suppression. Default.
run: |
echo Running Action Suppression,
./start.sh -a Jenkins_API --suppress-action -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
./start.sh -a Jenkins_API_Demo --suppress-action -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
- name: TestCase4- Action suppression. Date and duration.
run: |
echo Running Action Suppression
#--suppress-start=$(date -d " + 20 minutes" -u +%FT%T)
./start.sh -a Jenkins_API --suppress-action --suppress-duration=120 -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
./start.sh -a Jenkins_API_Demo --suppress-action --suppress-duration=120 -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
- name: TestCase5- Upload custom dashboard - runtime
run: |
echo Running Dash upload
curl https://gist.githubusercontent.com/iogbole/48e7568454b066132700c4fe039c2cff/raw/4aa417193e7ce9f3cce2410e67d525761cb6d678/gistfile1.txt -o ./custom_dashboards/CustomDashboard_vanilla.json
echo Running SIM and DB,
./start.sh -a IoT_API --upload-custom-dashboard -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
./start.sh -a Jenkins_API_Demo --upload-custom-dashboard -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
- name: TestCase6- Upload custom dashboard - env variables
run: |
echo Running Dash upload
curl https://gist.githubusercontent.com/iogbole/48e7568454b066132700c4fe039c2cff/raw/4aa417193e7ce9f3cce2410e67d525761cb6d678/gistfile1.txt -o ./custom_dashboards/CustomDashboard_vanilla.json
export CMA_UPLOAD_CUSTOM_DASHBOARD=true
./start.sh -a IoT_API -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
- name: TestCase7- Health rules only - no overwrite - parameters
env:
CMA_USE_HTTPS: false
run: |
echo Running health rules only, get values from runtime parameters,
./start.sh -a Jenkins_API --health-rules-only --no-health-rules-overwrite -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
./start.sh -a Jenkins_API_Demo --health-rules-only --no-health-rules-overwrite -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
- name: TestCase8- Health rules only - overwrite - env variables
env:
Expand All @@ -87,7 +87,7 @@ jobs:
CMA_HEALTH_RULES_ONLY: true
run: |
echo Running health rules only, get values from environment variables,
./start.sh -a Jenkins_API -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
- name: TestCase9- Health rules only - overwrite default - config
env:
Expand All @@ -96,7 +96,7 @@ jobs:
cp config.json config.json.bkp
curl https://gist.githubusercontent.com/AlexJov/63ccb17421208679ef63b55afafea712/raw/b8e5ebc5399a8d7df5422ff07c49c892f0c3bd63/config.json -o ./config.json
echo Running health rules only, get values from config,
./start.sh -a Jenkins_API -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
cp config.json.bkp config.json
- name: TestCase10- Delete health rules, existing
Expand All @@ -107,29 +107,29 @@ jobs:
curl https://gist.githubusercontent.com/AlexJov/03317fd4271325fbd6678dded2df6e91/raw/bb33a4b3abcaed762f1a5b262586183c6efd4402/CpuUtilisationTooHighToDelete.json -o ./health_rules/ServerVisibility/CpuUtilisationTooHighToDelete.json
echo Running health rules only, import additional health rules,
./start.sh -a Jenkins_API -u appd --include-sim --health-rules-only -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
./start.sh -a Jenkins_API_Demo -u appd --include-sim --health-rules-only -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
echo Delete health rules:
./start.sh -a Jenkins_API --health-rules-delete "Agent Availability to Delete, Server Health: CPU Utilisation is too high to Delete" -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
./start.sh -a Jenkins_API_Demo --health-rules-delete "Agent Availability to Delete, Server Health: CPU Utilisation is too high to Delete" -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
- name: TestCase11- Delete health rules, non existing
env:
CMA_USE_HTTPS: false
run: |
echo Delete health rules, delete health rules from TestCase10
./start.sh -a Jenkins_API --health-rules-delete "There is no this rule name" -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
./start.sh -a Jenkins_API_Demo --health-rules-delete "There is no this rule name" -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
- name: TestCase12- Overwrite Health rules - runtime
run: |
echo Running basic CMA
pwd
ls -ltr
./start.sh -a Jenkins_API --health-rules-only --overwrite-health-rules -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
./start.sh -a Jenkins_API_Demo --health-rules-only --overwrite-health-rules -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --no-upload-default-dashboard
- name: TestCase13- Upload default dashboard SIM and DB - runtime
run: |
echo Running SIM and DB, runtime
./start.sh -a IoT_API --upload-default-dashboard --include-database --database-name 'ConfigMyApp' --include-sim -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }}
./start.sh -a Jenkins_API_Demo --upload-default-dashboard --include-database --database-name 'ConfigMyApp' --include-sim -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }}
- name: TestCase14- Upload default dashboard - env variables
env:
Expand All @@ -140,5 +140,46 @@ jobs:
CMA_INCLUDE_SIM: true
run: |
echo Running SIM and DB, env vars
./start.sh -a IoT_API -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }}
./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }}
- name: TestCase15- rbac roles and saml groups - runtime
env:
CMA_UPLOAD_DEFAULT_DASHBOARD: false
run: |
echo Running RBAC, runtime parameters
./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }} --rbac-only --rbac-action="role-saml"
- name: TestCase16- rbac roles and saml groups - env variables
env:
CMA_UPLOAD_DEFAULT_DASHBOARD: false
CMA_RBAC_ONLY: true
CMA_RBAC_ACTION: "role-saml"
CMA_RBAC_ROLE_NAME: "test-role"
CMA_RBAC_ROLE_DESCRIPTION: "test-role-desc"
CMA_RBAC_SAML_GROUP_NAME: "test-saml-group"
run: |
echo Running RBAC, env vars
./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }}
- name: TestCase17- rbac roles and saml groups - no names provided - env variables
env:
CMA_UPLOAD_DEFAULT_DASHBOARD: false
CMA_RBAC_ONLY: true
CMA_RBAC_ACTION: "role-saml"
run: |
echo Running RBAC, env vars
./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }}
- name: TestCase18- sensitive data masking - env variables
env:
CMA_UPLOAD_DEFAULT_DASHBOARD: false
CMA_DATA_MASKING: true
CMA_DATA_MASKING_PATTERNS: "-.*8090"
CMA_DATA_MASKING_STRATEGY: "exact"
run: |
echo Running sensitive data masking, env vars
./start.sh -a Jenkins_API_Demo -c ${{ secrets.CONTROLLER_HOST }} -p ${{ secrets.CONTROLLER_USERNAME }} -u ${{ secrets.CONTROLLER_PASSWORD }}
last_log_line=$(tail -n 1 error.log)
echo "Logged: ${last_log_line}"
4 changes: 4 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,7 @@ api_actions/uploaded/*.json*
api_actions/actions/*.json*
custom_dashboards/*.json*
custom_dashboards/uploaded/*.json*
cookie.appd
rbac/restui_role_files/uploaded/*.json
rbac/restui_saml_files/uploaded/*.json
rbac/restui_license_rules_files/uploaded/*.json
17 changes: 17 additions & 0 deletions config.json
Original file line number Diff line number Diff line change
Expand Up @@ -49,5 +49,22 @@
"suppress_upload_files": false,
"suppress_delete": ""
}
],
"rbac": [
{
"rbac_only": false,
"rbac_action": "role-saml",
"rbac_role_name": "",
"rbac_role_description": "",
"rbac_saml_group_name": "",
"rbac_license_rule_name": ""
}
],
"sensitive_data": [
{
"data_masking": true,
"data_masking_patterns": "-.*8090",
"data_masking_strategy": "exact"
}
]
}
4 changes: 2 additions & 2 deletions docker/env.list
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@

CMA_APPLICATION_NAME=IoT_API
CMA_CONTROLLER_HOST=configmyappdemo-2044no-uzyczrm0.appd-cx.com
CMA_APPLICATION_NAME=Jenkins_API
CMA_CONTROLLER_HOST=configmyappdemo-20103n-m3lp0zmi.appd-cx.com
CMA_CONTROLLER_PORT=8090
CMA_USE_HTTPS=false
CMA_USERNAME=appd
Expand Down
8 changes: 8 additions & 0 deletions docker/run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,14 @@ fi
#standard run
docker run --rm --env-file env.list ${image_name}:${version}

if [ $? -eq 0 ]
then
echo "Successful Docker container run. Proceeding..."
else
echo "Error occurred. Could not run the Docker container." >&2
exit 1
fi

docker ps

# change directory to the root folder where mounted volumes are located - if you're executing the ./run.sh script
Expand Down
5 changes: 4 additions & 1 deletion modules/actions/application-action-suppression.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

source ./modules/common/http_check.sh # func_check_http_status, func_check_http_response
source ./modules/common/application.sh # func_get_application_id
source ./modules/common/logging.sh # func_log_error_to_file
source ./modules/common/sensitive_data.sh # func_data_masking

# 1. INPUT PARAMETERS
_controller_url=${1} # hostname + /controller
Expand All @@ -27,8 +29,9 @@ function func_check_http_response(){ # override default
cp -rf "$filePath" "./api_actions/uploaded/${fileName}.${dt}"
echo "Success..."
else
echo "${dt} ERROR "{$http_message_body}"" >> error.log
echo "ERROR $http_message_body"
http_message_body=$(func_data_masking ${http_message_body})
logged_to_file=$(func_log_error_to_file "${http_message_body}" "ERROR")
exit 1
fi
}
Expand Down
5 changes: 4 additions & 1 deletion modules/actions/upload-files-action-suppression.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

source ./modules/common/http_check.sh # func_check_http_status, func_check_http_response
source ./modules/common/application.sh # func_get_application_id
source ./modules/common/logging.sh # func_log_error_to_file
source ./modules/common/sensitive_data.sh # func_data_masking

# 1. INPUT PARAMETERS
_controller_url=${1} # hostname + /controller
Expand Down Expand Up @@ -31,8 +33,9 @@ function func_check_http_response(){ # function override
cp -rf "$filePath" "./api_actions/uploaded/${fileName}.${dt}"
echo "Success..."
else
echo "${dt} ERROR "{$http_message_body}"" >> error.log
echo "ERROR $http_message_body"
http_message_body=$(func_data_masking ${http_message_body})
logged_to_file=$(func_log_error_to_file "${http_message_body}" "ERROR")
# do not break on failure
fi
}
Expand Down
12 changes: 7 additions & 5 deletions modules/business_transactions/configBT.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
# Match types: MATCHES_REGEX, CONTAINS, EQUALS, STARTS_WITH, ENDS_WITH, IS_IN_LIST, IS_NOT_EMPTY
# The format of the JSON must be maintained at all times.. all four sections must be available even if you're not using them, leave them blank.

source ./modules/common/logging.sh # func_log_error_to_file

bt_folder="./bt_api_templates"
bt_conf="./bt_config/configBT.json"
bt_config_template="bt_config_template.xml"
Expand Down Expand Up @@ -293,7 +295,7 @@ if [ -f "$bt_file_path" ]; then
echo "The file path is $bt_file_path"
sleep 1
echo ""
echo "Please wait while we configure BT detection rules in $appName"
echo "Please wait while we configure BT detection rules in $app_name"

btendpoint="/transactiondetection/${app_name}/custom"

Expand All @@ -303,13 +305,13 @@ if [ -f "$bt_file_path" ]; then
echo ""
echo "*********************************************************************"
echo "ConfigMyApp created Business transaction detection rules successfully."
echo "Please check $appName detection rule configuration pages."
echo "Please check $app_name detection rule configuration pages."
echo "*********************************************************************"
echo ""
else
msg="An Error occured whilst creating business transaction detection rules. Please refer to the error.log file for further details"
echo "${dt} An Error occured whilst creating business transaction detection rules." >> error.log
echo "${dt} ERROR $bt_response" >>error.log
msg="An Error occured whilst creating business transaction detection rules. Please refer to the error.log file for further details."
func_log_error_to_file "An Error occured whilst creating business transaction detection rules for application '$app_name'."
func_log_error_to_file "$bt_response" "ERROR"
echo "$msg"
echo "$bt_response"
echo ""
Expand Down
28 changes: 18 additions & 10 deletions modules/common/http_check.sh
Original file line number Diff line number Diff line change
@@ -1,12 +1,18 @@
#!/bin/bash

source ./modules/common/sensitive_data.sh # func_data_masking
source ./modules/common/logging.sh # func_log_error_to_file

# external
function func_check_http_status() {
local http_code=$1
local message_on_failure=$2
#echo "HTTP status code: $http_code"
if [[ $http_code -lt 200 ]] || [[ $http_code -gt 299 ]]; then
echo "${dt} ERROR "{$http_code: $message_on_failure}"" >> ../../error.log
echo "$http_code: $message_on_failure"
echo "ERROR $http_code: $message_on_failure"
# mask sensitive info (if needed)
message_on_failure=$(func_data_masking "${message_on_failure}" "" "")
logged_to_file=$(func_log_error_to_file "${message_on_failure}" "ERROR" "$http_code")
exit 1
fi
}
Expand All @@ -15,14 +21,16 @@ function func_check_http_response(){
local http_message_body="$1"
local string_success_response_contains="$2"
if [[ "$http_message_body" =~ "$string_success_response_contains" ]]; then # contains
echo "*********************************************************************"
echo "Success"
echo "*********************************************************************"
else
echo "${dt} ERROR "{$http_message_body}"" >> ../../error.log
echo "ERROR $http_message_body"
exit 1
fi
echo "*********************************************************************"
echo "Success"
echo "*********************************************************************"
else
echo "ERROR HTTP response does not contain '$string_success_response_contains'. Check logs for mode detils..."
# mask sensitive info (if needed)
http_message_body=$(func_data_masking "${http_message_body}" "" "")
logged_to_file=$(func_log_error_to_file "${http_message_body}" "ERROR")
exit 1
fi
}

function func_cleanup() {
Expand Down
20 changes: 20 additions & 0 deletions modules/common/logging.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#!/bin/bash

# intent to be internal
function func_log_error_to_file(){
local message="$1"
local severity="$2" # optional, error by default
local status_code="$3" # optional

dt=$(date '+%Y-%m-%d_%H-%M-%S')

if [[ -z "$severity" ]]; then
severity="ERROR"
fi

if [[ ! -z "$status_code" ]]; then
status_code="'$status_code' "
fi

echo "${dt} ${severity} ${status_code}"${message}"" >> error.log
}
Loading

0 comments on commit b45610f

Please sign in to comment.