Skip to content

Commit

Permalink
chore(trustengine): Rename Trust Engine to System Trust in logs and d…
Browse files Browse the repository at this point in the history
…ocs (#5210)

* rename Trust Engine to System Trust

* Revert "rename Trust Engine to System Trust"

This reverts commit 66d4680.

* rename Trust Engine to System Trust in logs and docs
  • Loading branch information
jliempt authored Dec 19, 2024
1 parent 8205624 commit aa1e675
Show file tree
Hide file tree
Showing 5 changed files with 34 additions and 33 deletions.
2 changes: 1 addition & 1 deletion pkg/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -297,7 +297,7 @@ func (c *Config) GetStepConfig(flagValues map[string]interface{}, paramJSON stri
// hooks need to have been loaded from the defaults before the server URL is known
err = c.setTrustEngineConfiguration(stepConfig.HookConfig)
if err != nil {
log.Entry().WithError(err).Debug("Trust Engine lookup skipped due to missing or incorrect configuration")
log.Entry().WithError(err).Debug("System Trust lookup skipped due to missing or incorrect configuration")
} else {
trustengineClient := trustengine.PrepareClient(&piperhttp.Client{}, c.trustEngineConfiguration)
resolveAllTrustEngineReferences(&stepConfig, append(parameters, ReportingParameters.Parameters...), c.trustEngineConfiguration, trustengineClient)
Expand Down
22 changes: 11 additions & 11 deletions pkg/config/trustengine.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,57 +11,57 @@ import (
// const RefTypeTrustengineSecretFile = "trustengineSecretFile"
const RefTypeTrustengineSecret = "trustengineSecret"

// resolveAllTrustEngineReferences retrieves all the step's secrets from the Trust Engine
// resolveAllTrustEngineReferences retrieves all the step's secrets from the System Trust
func resolveAllTrustEngineReferences(config *StepConfig, params []StepParameters, trustEngineConfiguration trustengine.Configuration, client *piperhttp.Client) {
for _, param := range params {
if ref := param.GetReference(RefTypeTrustengineSecret); ref != nil {
if config.Config[param.Name] == "" {
log.Entry().Infof("Getting '%s' from Trust Engine", param.Name)
log.Entry().Infof("Getting '%s' from System Trust", param.Name)
token, err := trustengine.GetToken(ref.Default, client, trustEngineConfiguration)
if err != nil {
log.Entry().Info(" failed")
log.Entry().WithError(err).Debugf("Couldn't get '%s' token from Trust Engine", ref.Default)
log.Entry().WithError(err).Debugf("Couldn't get '%s' token from System Trust", ref.Default)
continue
}
log.RegisterSecret(token)
config.Config[param.Name] = token
log.Entry().Info(" succeeded")
} else {
log.Entry().Debugf("Skipping retrieval of '%s' from Trust Engine: parameter already set", param.Name)
log.Entry().Debugf("Skipping retrieval of '%s' from System Trust: parameter already set", param.Name)
}
}
}
}

// setTrustEngineConfiguration sets the server URL for the Trust Engine by taking it from the hooks
// setTrustEngineConfiguration sets the server URL for the System Trust by taking it from the hooks
func (c *Config) setTrustEngineConfiguration(hookConfig map[string]interface{}) error {
trustEngineHook, ok := hookConfig["trustengine"].(map[string]interface{})
if !ok {
return errors.New("no Trust Engine hook configuration found")
return errors.New("no System Trust hook configuration found")
}
if serverURL, ok := trustEngineHook["serverURL"].(string); ok {
c.trustEngineConfiguration.ServerURL = serverURL
} else {
return errors.New("no Trust Engine server URL found")
return errors.New("no System Trust server URL found")
}
if tokenEndPoint, ok := trustEngineHook["tokenEndPoint"].(string); ok {
c.trustEngineConfiguration.TokenEndPoint = tokenEndPoint
} else {
return errors.New("no Trust Engine service endpoint found")
return errors.New("no System Trust service endpoint found")
}
if tokenQueryParamName, ok := trustEngineHook["tokenQueryParamName"].(string); ok {
c.trustEngineConfiguration.TokenQueryParamName = tokenQueryParamName
} else {
return errors.New("no Trust Engine query parameter name found")
return errors.New("no System Trust query parameter name found")
}

if len(c.trustEngineConfiguration.Token) == 0 {
return errors.New("no Trust Engine token found and envvar is empty")
return errors.New("no System Trust token found and envvar is empty")
}
return nil
}

// SetTrustEngineToken sets the token for the Trust Engine
// SetTrustEngineToken sets the token for the System Trust
func (c *Config) SetTrustEngineToken(token string) {
c.trustEngineConfiguration.Token = token
}
9 changes: 5 additions & 4 deletions pkg/config/trustengine_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,12 @@ package config

import (
"fmt"
"net/http"
"testing"

piperhttp "github.com/SAP/jenkins-library/pkg/http"
"github.com/SAP/jenkins-library/pkg/trustengine"
"github.com/jarcoal/httpmock"
"net/http"
"testing"

"github.com/stretchr/testify/assert"
)
Expand Down Expand Up @@ -40,7 +41,7 @@ func TestTrustEngineConfig(t *testing.T) {
client := &piperhttp.Client{}
client.SetOptions(piperhttp.ClientOptions{MaxRetries: -1, UseDefaultTransport: true})

t.Run("Load secret from Trust Engine - secret not set yet by Vault or config.yml", func(t *testing.T) {
t.Run("Load secret from System Trust - secret not set yet by Vault or config.yml", func(t *testing.T) {
stepConfig := &StepConfig{Config: map[string]interface{}{
secretName: "",
}}
Expand All @@ -49,7 +50,7 @@ func TestTrustEngineConfig(t *testing.T) {
assert.Equal(t, mockSonarToken, stepConfig.Config[secretName])
})

t.Run("Load secret from Trust Engine - secret already by Vault or config.yml", func(t *testing.T) {
t.Run("Load secret from System Trust - secret already by Vault or config.yml", func(t *testing.T) {
stepConfig := &StepConfig{Config: map[string]interface{}{
secretName: "aMockTokenFromVault",
}}
Expand Down
6 changes: 3 additions & 3 deletions pkg/documentation/generator/parameters.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ const (
vaultBadge = "![Vault](https://img.shields.io/badge/-Vault-lightgrey)"
jenkinsOnlyBadge = "![Jenkins only](https://img.shields.io/badge/-Jenkins%20only-yellowgreen)"
secretBadge = "![Secret](https://img.shields.io/badge/-Secret-yellowgreen)"
trustengineBadge = "![Trust Engine](https://img.shields.io/badge/-Trust%20Engine-lightblue)"
trustengineBadge = "![System Trust](https://img.shields.io/badge/-System%20Trust-lightblue)"
deprecatedBadge = "![deprecated](https://img.shields.io/badge/-deprecated-red)"
)

Expand Down Expand Up @@ -124,7 +124,7 @@ func parameterFurtherInfo(paramName string, stepData *config.StepData, execution
isVaultSecret := param.GetReference("vaultSecret") != nil || param.GetReference("vaultSecretFile") != nil
isTrustengineSecret := param.GetReference(config.RefTypeTrustengineSecret) != nil
if isVaultSecret && isTrustengineSecret {
secretInfo = fmt.Sprintf(" %s %s %s pass via ENV, Vault, Trust Engine or Jenkins credentials", vaultBadge, trustengineBadge, secretBadge)
secretInfo = fmt.Sprintf(" %s %s %s pass via ENV, Vault, System Trust or Jenkins credentials", vaultBadge, trustengineBadge, secretBadge)
} else if isVaultSecret {
secretInfo = fmt.Sprintf(" %s %s pass via ENV, Vault or Jenkins credentials", vaultBadge, secretBadge)
}
Expand Down Expand Up @@ -370,7 +370,7 @@ func addVaultResourceDetails(resource config.ResourceReference, resourceDetails
}

func addTrustEngineResourceDetails(resource config.ResourceReference, resourceDetails string) string {
resourceDetails += "<br/>Trust Engine resource:<br />"
resourceDetails += "<br/>System Trust resource:<br />"
resourceDetails += fmt.Sprintf("&nbsp;&nbsp;name: `%v`<br />", resource.Name)
resourceDetails += fmt.Sprintf("&nbsp;&nbsp;value: `%v`<br />", resource.Default)

Expand Down
28 changes: 14 additions & 14 deletions pkg/trustengine/trustengine.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,17 +35,17 @@ type Configuration struct {
func GetToken(refName string, client *piperhttp.Client, trustEngineConfiguration Configuration) (string, error) {
secrets, err := GetSecrets([]string{refName}, client, trustEngineConfiguration)
if err != nil {
return "", errors.Wrap(err, "couldn't get token from trust engine")
return "", errors.Wrap(err, "couldn't get token from System Trust")
}
for _, s := range secrets {
if s.System == refName {
return s.Token, nil
}
}
return "", errors.New("could not find token in trust engine response")
return "", errors.New("could not find token in System Trust response")
}

// GetSecrets transforms the trust engine JSON response into trust engine secrets, and can be used to request multiple tokens
// GetSecrets transforms the System Trust JSON response into System Trust secrets, and can be used to request multiple tokens
func GetSecrets(refNames []string, client *piperhttp.Client, trustEngineConfiguration Configuration) ([]Secret, error) {
var secrets []Secret
query := url.Values{
Expand All @@ -55,7 +55,7 @@ func GetSecrets(refNames []string, client *piperhttp.Client, trustEngineConfigur
}
response, err := getResponse(trustEngineConfiguration.ServerURL, trustEngineConfiguration.TokenEndPoint, query, client)
if err != nil {
return secrets, errors.Wrap(err, "getting secrets from trust engine failed")
return secrets, errors.Wrap(err, "getting secrets from System Trust failed")
}
for k, v := range response {
secrets = append(secrets, Secret{
Expand All @@ -66,13 +66,13 @@ func GetSecrets(refNames []string, client *piperhttp.Client, trustEngineConfigur
return secrets, nil
}

// getResponse returns a map of the JSON response that the trust engine puts out
// getResponse returns a map of the JSON response that the System Trust puts out
func getResponse(serverURL, endpoint string, query url.Values, client *piperhttp.Client) (map[string]string, error) {
var secrets map[string]string

rawURL, err := parseURL(serverURL, endpoint, query)
if err != nil {
return secrets, errors.Wrap(err, "parsing trust engine url failed")
return secrets, errors.Wrap(err, "parsing System Trust url failed")
}
header := make(http.Header)
header.Add("Accept", "application/json")
Expand All @@ -88,38 +88,38 @@ func getResponse(serverURL, endpoint string, query url.Values, client *piperhttp
err = errors.Wrap(err, string(bodyBytes))
}
}
return secrets, errors.Wrap(err, "getting response from trust engine failed")
return secrets, errors.Wrap(err, "getting response from System Trust failed")
}
defer response.Body.Close()

err = json.NewDecoder(response.Body).Decode(&secrets)
if err != nil {
return secrets, errors.Wrap(err, "getting response from trust engine failed")
return secrets, errors.Wrap(err, "getting response from System Trust failed")
}

return secrets, nil
}

// parseURL creates the full URL for a Trust Engine GET request
// parseURL creates the full URL for a System Trust GET request
func parseURL(serverURL, endpoint string, query url.Values) (string, error) {
rawFullEndpoint, err := url.JoinPath(serverURL, endpoint)
if err != nil {
return "", errors.New("error parsing trust engine URL")
return "", errors.New("error parsing System Trust URL")
}
fullURL, err := url.Parse(rawFullEndpoint)
if err != nil {
return "", errors.New("error parsing trust engine URL")
return "", errors.New("error parsing System Trust URL")
}
// commas and spaces shouldn't be escaped since the Trust Engine won't accept it
// commas and spaces shouldn't be escaped since the System Trust won't accept it
unescapedRawQuery, err := url.QueryUnescape(query.Encode())
if err != nil {
return "", errors.New("error parsing trust engine URL")
return "", errors.New("error parsing System Trust URL")
}
fullURL.RawQuery = unescapedRawQuery
return fullURL.String(), nil
}

// PrepareClient adds the Trust Engine authentication token to the client
// PrepareClient adds the System Trust authentication token to the client
func PrepareClient(client *piperhttp.Client, trustEngineConfiguration Configuration) *piperhttp.Client {
var logEntry *logrus.Entry
if logrus.GetLevel() < logrus.DebugLevel {
Expand Down

0 comments on commit aa1e675

Please sign in to comment.