diff --git a/cmd/piper.go b/cmd/piper.go
index 295827f8fa..ed728f8099 100644
--- a/cmd/piper.go
+++ b/cmd/piper.go
@@ -41,7 +41,7 @@ type GeneralConfigOptions struct {
VaultServerURL string
VaultNamespace string
VaultPath string
- TrustEngineToken string
+ SystemTrustToken string
HookConfig HookConfiguration
MetaDataResolver func() map[string]config.StepData
GCPJsonKeyFilePath string
@@ -57,7 +57,7 @@ type HookConfiguration struct {
SplunkConfig SplunkConfiguration `json:"splunk,omitempty"`
PendoConfig PendoConfiguration `json:"pendo,omitempty"`
OIDCConfig OIDCConfiguration `json:"oidc,omitempty"`
- TrustEngineConfig TrustEngineConfiguration `json:"trustengine,omitempty"`
+ SystemTrustConfig SystemTrustConfiguration `json:"systemtrust,omitempty"`
}
type GCPPubSubConfiguration struct {
@@ -93,7 +93,7 @@ type OIDCConfiguration struct {
RoleID string `json:",roleID,omitempty"`
}
-type TrustEngineConfiguration struct {
+type SystemTrustConfiguration struct {
ServerURL string `json:"baseURL,omitempty"`
TokenEndPoint string `json:"tokenEndPoint,omitempty"`
TokenQueryParamName string `json:"tokenQueryParamName,omitempty"`
@@ -385,8 +385,8 @@ func PrepareConfig(cmd *cobra.Command, metadata *config.StepData, stepName strin
}
myConfig.SetVaultCredentials(GeneralConfig.VaultRoleID, GeneralConfig.VaultRoleSecretID, GeneralConfig.VaultToken)
- GeneralConfig.TrustEngineToken = os.Getenv("PIPER_trustEngineToken")
- myConfig.SetTrustEngineToken(GeneralConfig.TrustEngineToken)
+ GeneralConfig.SystemTrustToken = os.Getenv("PIPER_systemTrustToken")
+ myConfig.SetSystemTrustToken(GeneralConfig.SystemTrustToken)
if len(GeneralConfig.StepConfigJSON) != 0 {
// ignore config & defaults in favor of passed stepConfigJSON
diff --git a/cmd/sonarExecuteScan_generated.go b/cmd/sonarExecuteScan_generated.go
index 293ae88926..1f9e0c33c9 100644
--- a/cmd/sonarExecuteScan_generated.go
+++ b/cmd/sonarExecuteScan_generated.go
@@ -355,8 +355,8 @@ func sonarExecuteScanMetadata() config.StepData {
},
{
- Name: "sonarTrustengineSecretName",
- Type: "trustengineSecret",
+ Name: "sonarSystemtrustSecretName",
+ Type: "systemTrustSecret",
Default: "sonar",
},
},
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 32e967271d..99e7dda7be 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -11,7 +11,7 @@ import (
"regexp"
"strings"
- "github.com/SAP/jenkins-library/pkg/trustengine"
+ "github.com/SAP/jenkins-library/pkg/systemtrust"
piperhttp "github.com/SAP/jenkins-library/pkg/http"
"github.com/SAP/jenkins-library/pkg/log"
@@ -33,7 +33,7 @@ type Config struct {
accessTokens map[string]string
openFile func(s string, t map[string]string) (io.ReadCloser, error)
vaultCredentials VaultCredentials
- trustEngineConfiguration trustengine.Configuration
+ systemTrustConfiguration systemtrust.Configuration
}
// StepConfig defines the structure for merged step configuration
@@ -295,12 +295,12 @@ func (c *Config) GetStepConfig(flagValues map[string]interface{}, paramJSON stri
}
// hooks need to have been loaded from the defaults before the server URL is known
- err = c.setTrustEngineConfiguration(stepConfig.HookConfig)
+ err = c.setSystemTrustConfiguration(stepConfig.HookConfig)
if err != nil {
log.Entry().WithError(err).Debug("System Trust lookup skipped due to missing or incorrect configuration")
} else {
- trustengineClient := trustengine.PrepareClient(&piperhttp.Client{}, c.trustEngineConfiguration)
- resolveAllTrustEngineReferences(&stepConfig, append(parameters, ReportingParameters.Parameters...), c.trustEngineConfiguration, trustengineClient)
+ systemTrustClient := systemtrust.PrepareClient(&piperhttp.Client{}, c.systemTrustConfiguration)
+ resolveAllSystemTrustReferences(&stepConfig, append(parameters, ReportingParameters.Parameters...), c.systemTrustConfiguration, systemTrustClient)
}
// finally do the condition evaluation post processing
diff --git a/pkg/config/systemtrust.go b/pkg/config/systemtrust.go
new file mode 100644
index 0000000000..fb333d6f29
--- /dev/null
+++ b/pkg/config/systemtrust.go
@@ -0,0 +1,66 @@
+package config
+
+import (
+ "errors"
+
+ piperhttp "github.com/SAP/jenkins-library/pkg/http"
+ "github.com/SAP/jenkins-library/pkg/log"
+ "github.com/SAP/jenkins-library/pkg/systemtrust"
+)
+
+const RefTypeSystemTrustSecret = "systemTrustSecret"
+
+// resolveAllSystemTrustReferences retrieves all the step's secrets from the System Trust
+func resolveAllSystemTrustReferences(config *StepConfig, params []StepParameters, systemTrustConfiguration systemtrust.Configuration, client *piperhttp.Client) {
+ for _, param := range params {
+ if ref := param.GetReference(RefTypeSystemTrustSecret); ref != nil {
+ if config.Config[param.Name] == "" {
+ log.Entry().Infof("Getting '%s' from System Trust", param.Name)
+ token, err := systemtrust.GetToken(ref.Default, client, systemTrustConfiguration)
+ if err != nil {
+ log.Entry().Info(" failed")
+ log.Entry().WithError(err).Debugf("Couldn't get '%s' token from System Trust", ref.Default)
+ continue
+ }
+ log.RegisterSecret(token)
+ config.Config[param.Name] = token
+ log.Entry().Info(" succeeded")
+ } else {
+ log.Entry().Debugf("Skipping retrieval of '%s' from System Trust: parameter already set", param.Name)
+ }
+ }
+ }
+}
+
+// setSystemTrustConfiguration sets the server URL for the System Trust by taking it from the hooks
+func (c *Config) setSystemTrustConfiguration(hookConfig map[string]interface{}) error {
+ systemTrustHook, ok := hookConfig["systemtrust"].(map[string]interface{})
+ if !ok {
+ return errors.New("no System Trust hook configuration found")
+ }
+ if serverURL, ok := systemTrustHook["serverURL"].(string); ok {
+ c.systemTrustConfiguration.ServerURL = serverURL
+ } else {
+ return errors.New("no System Trust server URL found")
+ }
+ if tokenEndPoint, ok := systemTrustHook["tokenEndPoint"].(string); ok {
+ c.systemTrustConfiguration.TokenEndPoint = tokenEndPoint
+ } else {
+ return errors.New("no System Trust service endpoint found")
+ }
+ if tokenQueryParamName, ok := systemTrustHook["tokenQueryParamName"].(string); ok {
+ c.systemTrustConfiguration.TokenQueryParamName = tokenQueryParamName
+ } else {
+ return errors.New("no System Trust query parameter name found")
+ }
+
+ if len(c.systemTrustConfiguration.Token) == 0 {
+ return errors.New("no System Trust token found and envvar is empty")
+ }
+ return nil
+}
+
+// SetSystemTrustToken sets the token for the System Trust
+func (c *Config) SetSystemTrustToken(token string) {
+ c.systemTrustConfiguration.Token = token
+}
diff --git a/pkg/config/trustengine_test.go b/pkg/config/systemtrust_test.go
similarity index 77%
rename from pkg/config/trustengine_test.go
rename to pkg/config/systemtrust_test.go
index 0ba9827fc7..cd74b560fa 100644
--- a/pkg/config/trustengine_test.go
+++ b/pkg/config/systemtrust_test.go
@@ -9,14 +9,14 @@ import (
"testing"
piperhttp "github.com/SAP/jenkins-library/pkg/http"
- "github.com/SAP/jenkins-library/pkg/trustengine"
+ "github.com/SAP/jenkins-library/pkg/systemtrust"
"github.com/jarcoal/httpmock"
"github.com/stretchr/testify/assert"
)
const secretName = "sonar"
-const secretNameInTrustEngine = "sonarTrustengineSecretName"
+const secretNameInSystemTrust = "sonarSystemtrustSecretName"
const testServerURL = "https://www.project-piper.io"
const testTokenEndPoint = "tokens"
const testTokenQueryParamName = "systems"
@@ -25,14 +25,14 @@ const mockSonarToken = "mockSonarToken"
var testFullURL = fmt.Sprintf("%s/%s?%s=", testServerURL, testTokenEndPoint, testTokenQueryParamName)
var mockSingleTokenResponse = fmt.Sprintf("{\"sonar\": \"%s\"}", mockSonarToken)
-func TestTrustEngineConfig(t *testing.T) {
+func TestSystemTrustConfig(t *testing.T) {
httpmock.Activate()
defer httpmock.DeactivateAndReset()
httpmock.RegisterResponder(http.MethodGet, testFullURL+"sonar", httpmock.NewStringResponder(200, mockSingleTokenResponse))
- stepParams := []StepParameters{createStepParam(secretName, RefTypeTrustengineSecret, secretNameInTrustEngine, secretName)}
+ stepParams := []StepParameters{createStepParam(secretName, RefTypeSystemTrustSecret, secretNameInSystemTrust, secretName)}
- var trustEngineConfiguration = trustengine.Configuration{
+ var systemTrustConfiguration = systemtrust.Configuration{
Token: "testToken",
ServerURL: testServerURL,
TokenEndPoint: testTokenEndPoint,
@@ -46,7 +46,7 @@ func TestTrustEngineConfig(t *testing.T) {
secretName: "",
}}
- resolveAllTrustEngineReferences(stepConfig, stepParams, trustEngineConfiguration, client)
+ resolveAllSystemTrustReferences(stepConfig, stepParams, systemTrustConfiguration, client)
assert.Equal(t, mockSonarToken, stepConfig.Config[secretName])
})
@@ -55,19 +55,19 @@ func TestTrustEngineConfig(t *testing.T) {
secretName: "aMockTokenFromVault",
}}
- resolveAllTrustEngineReferences(stepConfig, stepParams, trustEngineConfiguration, client)
+ resolveAllSystemTrustReferences(stepConfig, stepParams, systemTrustConfiguration, client)
assert.NotEqual(t, mockSonarToken, stepConfig.Config[secretName])
})
}
-func createStepParam(name, refType, trustengineSecretNameProperty, defaultSecretNameName string) StepParameters {
+func createStepParam(name, refType, systemTrustSecretNameProperty, defaultSecretNameName string) StepParameters {
return StepParameters{
Name: name,
Aliases: []Alias{},
ResourceRef: []ResourceReference{
{
Type: refType,
- Name: trustengineSecretNameProperty,
+ Name: systemTrustSecretNameProperty,
Default: defaultSecretNameName,
},
},
diff --git a/pkg/config/trustengine.go b/pkg/config/trustengine.go
deleted file mode 100644
index 5bb4e238ef..0000000000
--- a/pkg/config/trustengine.go
+++ /dev/null
@@ -1,67 +0,0 @@
-package config
-
-import (
- "errors"
-
- piperhttp "github.com/SAP/jenkins-library/pkg/http"
- "github.com/SAP/jenkins-library/pkg/log"
- "github.com/SAP/jenkins-library/pkg/trustengine"
-)
-
-// const RefTypeTrustengineSecretFile = "trustengineSecretFile"
-const RefTypeTrustengineSecret = "trustengineSecret"
-
-// resolveAllTrustEngineReferences retrieves all the step's secrets from the System Trust
-func resolveAllTrustEngineReferences(config *StepConfig, params []StepParameters, trustEngineConfiguration trustengine.Configuration, client *piperhttp.Client) {
- for _, param := range params {
- if ref := param.GetReference(RefTypeTrustengineSecret); ref != nil {
- if config.Config[param.Name] == "" {
- log.Entry().Infof("Getting '%s' from System Trust", param.Name)
- token, err := trustengine.GetToken(ref.Default, client, trustEngineConfiguration)
- if err != nil {
- log.Entry().Info(" failed")
- log.Entry().WithError(err).Debugf("Couldn't get '%s' token from System Trust", ref.Default)
- continue
- }
- log.RegisterSecret(token)
- config.Config[param.Name] = token
- log.Entry().Info(" succeeded")
- } else {
- log.Entry().Debugf("Skipping retrieval of '%s' from System Trust: parameter already set", param.Name)
- }
- }
- }
-}
-
-// setTrustEngineConfiguration sets the server URL for the System Trust by taking it from the hooks
-func (c *Config) setTrustEngineConfiguration(hookConfig map[string]interface{}) error {
- trustEngineHook, ok := hookConfig["trustengine"].(map[string]interface{})
- if !ok {
- return errors.New("no System Trust hook configuration found")
- }
- if serverURL, ok := trustEngineHook["serverURL"].(string); ok {
- c.trustEngineConfiguration.ServerURL = serverURL
- } else {
- return errors.New("no System Trust server URL found")
- }
- if tokenEndPoint, ok := trustEngineHook["tokenEndPoint"].(string); ok {
- c.trustEngineConfiguration.TokenEndPoint = tokenEndPoint
- } else {
- return errors.New("no System Trust service endpoint found")
- }
- if tokenQueryParamName, ok := trustEngineHook["tokenQueryParamName"].(string); ok {
- c.trustEngineConfiguration.TokenQueryParamName = tokenQueryParamName
- } else {
- return errors.New("no System Trust query parameter name found")
- }
-
- if len(c.trustEngineConfiguration.Token) == 0 {
- return errors.New("no System Trust token found and envvar is empty")
- }
- return nil
-}
-
-// SetTrustEngineToken sets the token for the System Trust
-func (c *Config) SetTrustEngineToken(token string) {
- c.trustEngineConfiguration.Token = token
-}
diff --git a/pkg/documentation/generator/parameters.go b/pkg/documentation/generator/parameters.go
index e7aa5bc547..734cab1128 100644
--- a/pkg/documentation/generator/parameters.go
+++ b/pkg/documentation/generator/parameters.go
@@ -13,7 +13,7 @@ const (
vaultBadge = ""
jenkinsOnlyBadge = ""
secretBadge = ""
- trustengineBadge = ""
+ systemTrustBadge = ""
deprecatedBadge = ""
)
@@ -122,9 +122,9 @@ func parameterFurtherInfo(paramName string, stepData *config.StepData, execution
secretInfo := fmt.Sprintf("%s pass via ENV or Jenkins credentials", secretBadge)
isVaultSecret := param.GetReference("vaultSecret") != nil || param.GetReference("vaultSecretFile") != nil
- isTrustengineSecret := param.GetReference(config.RefTypeTrustengineSecret) != nil
- if isVaultSecret && isTrustengineSecret {
- secretInfo = fmt.Sprintf(" %s %s %s pass via ENV, Vault, System Trust or Jenkins credentials", vaultBadge, trustengineBadge, secretBadge)
+ isSystemTrustSecret := param.GetReference(config.RefTypeSystemTrustSecret) != nil
+ if isVaultSecret && isSystemTrustSecret {
+ secretInfo = fmt.Sprintf(" %s %s %s pass via ENV, Vault, System Trust or Jenkins credentials", vaultBadge, systemTrustBadge, secretBadge)
} else if isVaultSecret {
secretInfo = fmt.Sprintf(" %s %s pass via ENV, Vault or Jenkins credentials", vaultBadge, secretBadge)
}
@@ -347,8 +347,8 @@ func resourceReferenceDetails(resourceRef []config.ResourceReference) string {
resourceDetails = addVaultResourceDetails(resource, resourceDetails)
continue
}
- if resource.Type == config.RefTypeTrustengineSecret {
- resourceDetails = addTrustEngineResourceDetails(resource, resourceDetails)
+ if resource.Type == config.RefTypeSystemTrustSecret {
+ resourceDetails = addSystemTrustResourceDetails(resource, resourceDetails)
}
}
@@ -369,7 +369,7 @@ func addVaultResourceDetails(resource config.ResourceReference, resourceDetails
return resourceDetails
}
-func addTrustEngineResourceDetails(resource config.ResourceReference, resourceDetails string) string {
+func addSystemTrustResourceDetails(resource config.ResourceReference, resourceDetails string) string {
resourceDetails += "
System Trust resource:
"
resourceDetails += fmt.Sprintf(" name: `%v`
", resource.Name)
resourceDetails += fmt.Sprintf(" value: `%v`
", resource.Default)
diff --git a/pkg/trustengine/trustengine.go b/pkg/systemtrust/systemtrust.go
similarity index 82%
rename from pkg/trustengine/trustengine.go
rename to pkg/systemtrust/systemtrust.go
index a84738a1e3..637fa598f3 100644
--- a/pkg/trustengine/trustengine.go
+++ b/pkg/systemtrust/systemtrust.go
@@ -1,4 +1,4 @@
-package trustengine
+package systemtrust
import (
"encoding/json"
@@ -32,8 +32,8 @@ type Configuration struct {
}
// GetToken requests a single token
-func GetToken(refName string, client *piperhttp.Client, trustEngineConfiguration Configuration) (string, error) {
- secrets, err := GetSecrets([]string{refName}, client, trustEngineConfiguration)
+func GetToken(refName string, client *piperhttp.Client, systemTrustConfiguration Configuration) (string, error) {
+ secrets, err := getSecrets([]string{refName}, client, systemTrustConfiguration)
if err != nil {
return "", errors.Wrap(err, "couldn't get token from System Trust")
}
@@ -45,15 +45,15 @@ func GetToken(refName string, client *piperhttp.Client, trustEngineConfiguration
return "", errors.New("could not find token in System Trust response")
}
-// GetSecrets transforms the System Trust JSON response into System Trust secrets, and can be used to request multiple tokens
-func GetSecrets(refNames []string, client *piperhttp.Client, trustEngineConfiguration Configuration) ([]Secret, error) {
+// getSecrets transforms the System Trust JSON response into System Trust secrets, and can be used to request multiple tokens
+func getSecrets(refNames []string, client *piperhttp.Client, systemTrustConfiguration Configuration) ([]Secret, error) {
var secrets []Secret
query := url.Values{
- trustEngineConfiguration.TokenQueryParamName: {
+ systemTrustConfiguration.TokenQueryParamName: {
strings.Join(refNames, ","),
},
}
- response, err := getResponse(trustEngineConfiguration.ServerURL, trustEngineConfiguration.TokenEndPoint, query, client)
+ response, err := getResponse(systemTrustConfiguration.ServerURL, systemTrustConfiguration.TokenEndPoint, query, client)
if err != nil {
return secrets, errors.Wrap(err, "getting secrets from System Trust failed")
}
@@ -120,7 +120,7 @@ func parseURL(serverURL, endpoint string, query url.Values) (string, error) {
}
// PrepareClient adds the System Trust authentication token to the client
-func PrepareClient(client *piperhttp.Client, trustEngineConfiguration Configuration) *piperhttp.Client {
+func PrepareClient(client *piperhttp.Client, systemTrustConfiguration Configuration) *piperhttp.Client {
var logEntry *logrus.Entry
if logrus.GetLevel() < logrus.DebugLevel {
logger := logrus.New()
@@ -128,7 +128,7 @@ func PrepareClient(client *piperhttp.Client, trustEngineConfiguration Configurat
logEntry = logrus.NewEntry(logger)
}
client.SetOptions(piperhttp.ClientOptions{
- Token: fmt.Sprintf("Bearer %s", trustEngineConfiguration.Token),
+ Token: fmt.Sprintf("Bearer %s", systemTrustConfiguration.Token),
Logger: logEntry,
})
return client
diff --git a/pkg/trustengine/trustengine_test.go b/pkg/systemtrust/systemtrust_test.go
similarity index 87%
rename from pkg/trustengine/trustengine_test.go
rename to pkg/systemtrust/systemtrust_test.go
index d1ca1b1793..e01534b8d8 100644
--- a/pkg/trustengine/trustengine_test.go
+++ b/pkg/systemtrust/systemtrust_test.go
@@ -1,7 +1,7 @@
//go:build unit
// +build unit
-package trustengine
+package systemtrust
import (
"fmt"
@@ -23,14 +23,14 @@ const errorMsg403 = "unauthorized to request token"
var testFullURL = fmt.Sprintf("%s/%s?%s=", testServerURL, testTokenEndPoint, testTokenQueryParamName)
var mockSingleTokenResponse = fmt.Sprintf("{\"sonar\": \"%s\"}", mockSonarToken)
var mockTwoTokensResponse = fmt.Sprintf("{\"sonar\": \"%s\", \"blackduck\": \"%s\"}", mockSonarToken, mockblackduckToken)
-var trustEngineConfiguration = Configuration{
+var systemTrustConfiguration = Configuration{
Token: "testToken",
ServerURL: testServerURL,
TokenEndPoint: testTokenEndPoint,
TokenQueryParamName: testTokenQueryParamName,
}
-func TestTrustEngine(t *testing.T) {
+func TestSystemTrust(t *testing.T) {
httpmock.Activate()
defer httpmock.DeactivateAndReset()
@@ -40,7 +40,7 @@ func TestTrustEngine(t *testing.T) {
client := &piperhttp.Client{}
client.SetOptions(piperhttp.ClientOptions{MaxRetries: -1, UseDefaultTransport: true})
- token, err := GetToken("sonar", client, trustEngineConfiguration)
+ token, err := GetToken("sonar", client, systemTrustConfiguration)
assert.NoError(t, err)
assert.Equal(t, mockSonarToken, token)
})
@@ -51,7 +51,7 @@ func TestTrustEngine(t *testing.T) {
client := &piperhttp.Client{}
client.SetOptions(piperhttp.ClientOptions{MaxRetries: -1, UseDefaultTransport: true})
- secrets, err := GetSecrets([]string{"sonar", "blackduck"}, client, trustEngineConfiguration)
+ secrets, err := getSecrets([]string{"sonar", "blackduck"}, client, systemTrustConfiguration)
assert.NoError(t, err)
assert.Len(t, secrets, 2)
@@ -73,7 +73,7 @@ func TestTrustEngine(t *testing.T) {
client := &piperhttp.Client{}
client.SetOptions(piperhttp.ClientOptions{MaxRetries: -1, UseDefaultTransport: true})
- _, err := GetToken("sonar", client, trustEngineConfiguration)
+ _, err := GetToken("sonar", client, systemTrustConfiguration)
assert.Error(t, err)
})
diff --git a/resources/metadata/sonarExecuteScan.yaml b/resources/metadata/sonarExecuteScan.yaml
index eb1b0c6819..b542da8a08 100644
--- a/resources/metadata/sonarExecuteScan.yaml
+++ b/resources/metadata/sonarExecuteScan.yaml
@@ -53,8 +53,8 @@ spec:
default: sonar
- name: sonarTokenCredentialsId
type: secret
- - type: trustengineSecret
- name: sonarTrustengineSecretName
+ - type: systemTrustSecret
+ name: sonarSystemtrustSecretName
default: sonar
aliases:
- name: sonarToken