From 29814a5da5f031de81568ad57933b159b732c79a Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Thu, 12 Sep 2024 15:56:57 +0100 Subject: [PATCH 01/31] Added code to detect if a variable is a secret. If it is then gcloud secrets is called to retrieve the value. --- scripts/update_system_environment_variables.ps1 | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index c9ed777e..7d8260c7 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -12,7 +12,16 @@ function CreateVariables($variableList) { $pattern = "^(.*?)$([regex]::Escape($varName))(.?=)(.*)" $varValue = ($varDefinition -replace $pattern, '$3') - if ($variable.Name -Like "ENV_*") { + if ($variable.Name -Like "ENV_*" -and $varValue -Like "projects/*/secrets/*") { + + $parts = $varValue -split "/" + $secret = $parts[3] + + $secretValue = & gcloud secrets versions access latest --secret=$secret + + [System.Environment]::SetEnvironmentVariable($varName, ($secretValue), [System.EnvironmentVariableTarget]::Machine) + } + elseif ($variable.Name -Like "ENV_*") { [System.Environment]::SetEnvironmentVariable($varName, ($varValue), [System.EnvironmentVariableTarget]::Machine) LogInfo("System env var - $varName = $varValue") } From 734011c2cc79d46c7dd45859c96f09c4afc09036 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Fri, 13 Sep 2024 11:09:32 +0100 Subject: [PATCH 02/31] Added logging and renamed file incase the filepath change has same bug as on blaise-terraform where it doesn't update --- pipelines/configure_blaise.yml | 2 +- ...ariables.ps1 => update_system_environment_variables_new.ps1} | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) rename scripts/{update_system_environment_variables.ps1 => update_system_environment_variables_new.ps1} (93%) diff --git a/pipelines/configure_blaise.yml b/pipelines/configure_blaise.yml index 85f27b96..d3791b86 100644 --- a/pipelines/configure_blaise.yml +++ b/pipelines/configure_blaise.yml @@ -26,7 +26,7 @@ stages: - checkout: self - task: PowerShell@2 inputs: - filePath: $(Agent.BuildDirectory)/s/scripts/update_system_environment_variables.ps1 + filePath: $(Agent.BuildDirectory)/s/scripts/update_system_environment_variables_new.ps1 - deployment: InstallStackDriver displayName: Install Stackdriver environment: diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables_new.ps1 similarity index 93% rename from scripts/update_system_environment_variables.ps1 rename to scripts/update_system_environment_variables_new.ps1 index 7d8260c7..051a1d4d 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables_new.ps1 @@ -20,6 +20,7 @@ function CreateVariables($variableList) { $secretValue = & gcloud secrets versions access latest --secret=$secret [System.Environment]::SetEnvironmentVariable($varName, ($secretValue), [System.EnvironmentVariableTarget]::Machine) + LogInfo("BENNY Secret Update System Environment Variables - $varName = $secretValue") } elseif ($variable.Name -Like "ENV_*") { [System.Environment]::SetEnvironmentVariable($varName, ($varValue), [System.EnvironmentVariableTarget]::Machine) From f237d64aaf6b11988019c49e0e9b548f5e05d55b Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Mon, 16 Sep 2024 08:10:17 +0100 Subject: [PATCH 03/31] adding code to update script variables. Keeping logging in for now to check that this code is getting hit and processed correctly --- scripts/update_script_environment_variables.ps1 | 12 +++++++++++- scripts/update_system_environment_variables_new.ps1 | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/scripts/update_script_environment_variables.ps1 b/scripts/update_script_environment_variables.ps1 index 647c6953..4aa16b4f 100644 --- a/scripts/update_script_environment_variables.ps1 +++ b/scripts/update_script_environment_variables.ps1 @@ -12,7 +12,17 @@ function CreateVariables($variableList) { $pattern = "^(.*?)$([regex]::Escape($varName))(.?=)(.*)" $varValue = ($varDefinition -replace $pattern, '$3') - if ($variable.Name -Like "BLAISE_*") { + if ($variable.Name -Like "BLAISE_*" -and $varValue -Like "projects/*/secrets/*") { + + $parts = $varValue -split "/" + $secret = $parts[3] + + $secretValue = & gcloud secrets versions access latest --secret=$secret + + New-Variable -Scope script -Name ($varName) -Value $secretValue -Force + LogInfo("BENNY2 Secret Update Script env var - $varName = $secretValue") + } + elseif ($variable.Name -Like "BLAISE_*") { New-Variable -Scope script -Name ($varName) -Value $varValue -Force LogInfo("Script env var - $varName = $varValue") } diff --git a/scripts/update_system_environment_variables_new.ps1 b/scripts/update_system_environment_variables_new.ps1 index 051a1d4d..c8d618b3 100644 --- a/scripts/update_system_environment_variables_new.ps1 +++ b/scripts/update_system_environment_variables_new.ps1 @@ -20,7 +20,7 @@ function CreateVariables($variableList) { $secretValue = & gcloud secrets versions access latest --secret=$secret [System.Environment]::SetEnvironmentVariable($varName, ($secretValue), [System.EnvironmentVariableTarget]::Machine) - LogInfo("BENNY Secret Update System Environment Variables - $varName = $secretValue") + LogInfo("BENNY1 Secret Update System Environment Variables - $varName = $secretValue") } elseif ($variable.Name -Like "ENV_*") { [System.Environment]::SetEnvironmentVariable($varName, ($varValue), [System.EnvironmentVariableTarget]::Machine) From be72e814687a159eb41bff26bd346256c9b9e438 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Fri, 20 Sep 2024 11:27:15 +0100 Subject: [PATCH 04/31] Added Update Environmental Changes --- ...pdate_system_environment_variables_new.ps1 | 30 +++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/scripts/update_system_environment_variables_new.ps1 b/scripts/update_system_environment_variables_new.ps1 index c8d618b3..d68c9d11 100644 --- a/scripts/update_system_environment_variables_new.ps1 +++ b/scripts/update_system_environment_variables_new.ps1 @@ -5,6 +5,33 @@ function GetMetadataVariables { return $variablesFromMetadata | Get-Member -MemberType NoteProperty } +function UpdateEnvironmentalVariable($varName, $secretValue, $secret) { + + Write-Host "UpdateEnvironmentalVariables Called with following values" + Write-Host "varName = $varName" + Write-Host "secretValue = $secretValue" + Write-Host "secret = $secret" + + $envValue = [System.Environment]::GetEnvironmentVariable($varName, [System.EnvironmentVariableTarget]::Machine) + + Write-Host "Retrieved the following value from Environmental Variables" + Write-Host "envValue = $envValue" + + if ($envValue -eq $secretValue) { + Write-Host "Values are the same, doing nothing" + } + elseif ($envValue -eq "" -or $envValue -eq $null) { + Write-Host "Environmental Variable not set, so using Secret value" + [System.Environment]::SetEnvironmentVariable($varName, ($secretValue), [System.EnvironmentVariableTarget]::Machine) + } + elseif ($envValue -ne "" -and $envValue -ne $null -and $secretValue -ne "" -and $null -ne $secretValue) { + # This is for environments that have been previously set up, so the secret values should remain the same + Write-Host "Environmental Variable is set to a different value than Secret, Creating new secret version" + # echo -n $envValue | gcloud secrets versions add $secret --data-file=- + Write-Output -NoNewline $envValue | gcloud secrets versions add $secret --data-file=- + } +} + function CreateVariables($variableList) { foreach ($variable in $variableList) { $varName = $variable.Name @@ -19,8 +46,7 @@ function CreateVariables($variableList) { $secretValue = & gcloud secrets versions access latest --secret=$secret - [System.Environment]::SetEnvironmentVariable($varName, ($secretValue), [System.EnvironmentVariableTarget]::Machine) - LogInfo("BENNY1 Secret Update System Environment Variables - $varName = $secretValue") + UpdateEnvironmentalVariable($variable.Name, $secretValue, $secret) } elseif ($variable.Name -Like "ENV_*") { [System.Environment]::SetEnvironmentVariable($varName, ($varValue), [System.EnvironmentVariableTarget]::Machine) From c8c9e6cc80a57d3012c383e8d6302e06fb17dedc Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Fri, 20 Sep 2024 11:57:04 +0100 Subject: [PATCH 05/31] Fixed UpdateEnvironmentalVariables function --- scripts/update_system_environment_variables_new.ps1 | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/update_system_environment_variables_new.ps1 b/scripts/update_system_environment_variables_new.ps1 index d68c9d11..307ed26c 100644 --- a/scripts/update_system_environment_variables_new.ps1 +++ b/scripts/update_system_environment_variables_new.ps1 @@ -5,7 +5,13 @@ function GetMetadataVariables { return $variablesFromMetadata | Get-Member -MemberType NoteProperty } -function UpdateEnvironmentalVariable($varName, $secretValue, $secret) { +function UpdateEnvironmentalVariable { + + param ( + [string]$varName, + [string]$secretValue, + [string]$secret + ) Write-Host "UpdateEnvironmentalVariables Called with following values" Write-Host "varName = $varName" From f954656450f346e72e791bc85384c34d225eecc4 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Fri, 20 Sep 2024 12:48:32 +0100 Subject: [PATCH 06/31] Fixed function call --- scripts/update_system_environment_variables_new.ps1 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/update_system_environment_variables_new.ps1 b/scripts/update_system_environment_variables_new.ps1 index 307ed26c..7bbab7fc 100644 --- a/scripts/update_system_environment_variables_new.ps1 +++ b/scripts/update_system_environment_variables_new.ps1 @@ -34,7 +34,7 @@ function UpdateEnvironmentalVariable { # This is for environments that have been previously set up, so the secret values should remain the same Write-Host "Environmental Variable is set to a different value than Secret, Creating new secret version" # echo -n $envValue | gcloud secrets versions add $secret --data-file=- - Write-Output -NoNewline $envValue | gcloud secrets versions add $secret --data-file=- + Write-Output $envValue | gcloud secrets versions add $secret --data-file=- } } @@ -52,7 +52,8 @@ function CreateVariables($variableList) { $secretValue = & gcloud secrets versions access latest --secret=$secret - UpdateEnvironmentalVariable($variable.Name, $secretValue, $secret) + + UpdateEnvironmentalVariable $variable.Name $secretValue $secret } elseif ($variable.Name -Like "ENV_*") { [System.Environment]::SetEnvironmentVariable($varName, ($varValue), [System.EnvironmentVariableTarget]::Machine) From 457e4d3309ccd1617aceaebcce70087fadacee3b Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Fri, 20 Sep 2024 15:46:45 +0100 Subject: [PATCH 07/31] Renamed script to see if it changes --- pipelines/configure_blaise.yml | 2 +- ...ariables_new.ps1 => update_system_environment_variables.ps1} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename scripts/{update_system_environment_variables_new.ps1 => update_system_environment_variables.ps1} (100%) diff --git a/pipelines/configure_blaise.yml b/pipelines/configure_blaise.yml index d3791b86..85f27b96 100644 --- a/pipelines/configure_blaise.yml +++ b/pipelines/configure_blaise.yml @@ -26,7 +26,7 @@ stages: - checkout: self - task: PowerShell@2 inputs: - filePath: $(Agent.BuildDirectory)/s/scripts/update_system_environment_variables_new.ps1 + filePath: $(Agent.BuildDirectory)/s/scripts/update_system_environment_variables.ps1 - deployment: InstallStackDriver displayName: Install Stackdriver environment: diff --git a/scripts/update_system_environment_variables_new.ps1 b/scripts/update_system_environment_variables.ps1 similarity index 100% rename from scripts/update_system_environment_variables_new.ps1 rename to scripts/update_system_environment_variables.ps1 From d815e9c6ba9b56752817cdbe561aea9bb24fcd69 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Mon, 23 Sep 2024 13:11:07 +0100 Subject: [PATCH 08/31] Added logging around any place blaise_Admin_password is used to check that it is coming through correctly in all cases or if it is using the old one. --- scripts/blaise/add_cma_serverpark.ps1 | 4 ++++ scripts/blaise/configure_serverpark.ps1 | 3 +++ scripts/blaise/install_cma_packages.ps1 | 6 ++++++ scripts/blaise/register_node.ps1 | 6 ++++++ 4 files changed, 19 insertions(+) diff --git a/scripts/blaise/add_cma_serverpark.ps1 b/scripts/blaise/add_cma_serverpark.ps1 index ff935325..908efede 100644 --- a/scripts/blaise/add_cma_serverpark.ps1 +++ b/scripts/blaise/add_cma_serverpark.ps1 @@ -9,6 +9,8 @@ function ServerParkExists { throw [System.IO.ArgumentException] "No server park name argument provided" } + LogInfo("BENNY001 ENV_BLAISE_ADMIN_PASSWORD = $env:ENV_BLAISE_ADMIN_PASSWORD") + $exists = c:\blaise5\bin\servermanager -listserverparks ` -server:$env:ENV_BLAISE_SERVER_HOST_NAME ` -binding:http ` @@ -34,6 +36,8 @@ function AddServerPark { LogInfo("Add and/or configure server park $ServerParkName to run in disconnected mode with sync surveys set to true") + LogInfo("BENNY002 ENV_BLAISE_ADMIN_PASSWORD = $env:ENV_BLAISE_ADMIN_PASSWORD") + # if the serverpark exists this will update the existing one c:\blaise5\bin\servermanager -addserverpark:$ServerParkName ` -runmode:disconnected ` diff --git a/scripts/blaise/configure_serverpark.ps1 b/scripts/blaise/configure_serverpark.ps1 index a8e487fd..09008f88 100644 --- a/scripts/blaise/configure_serverpark.ps1 +++ b/scripts/blaise/configure_serverpark.ps1 @@ -31,6 +31,9 @@ function ConfigureServerpark { LogInfo("Configuring server park $BlaiseServerPark to run in disconnected mode") + + LogInfo("BENNY003 ENV_BLAISE_ADMIN_PASSWORD = $env:ENV_BLAISE_ADMIN_PASSWORD") + c:\blaise5\bin\servermanager -editserverpark:$BlaiseServerPark -server:$managementNode -runmode:disconnected -syncsurveyswhenconnected:false -binding:http -port:$connectionPort -user:$blaiseUserName -password:$blaisePassword LogInfo("Configured server park $BlaiseServerPark") diff --git a/scripts/blaise/install_cma_packages.ps1 b/scripts/blaise/install_cma_packages.ps1 index 751af784..0285888e 100644 --- a/scripts/blaise/install_cma_packages.ps1 +++ b/scripts/blaise/install_cma_packages.ps1 @@ -19,6 +19,9 @@ function Test-InstrumentInstalled { [string]$InstrumentName ) + + LogInfo("BENNY004 ENV_BLAISE_ADMIN_PASSWORD = $env:ENV_BLAISE_ADMIN_PASSWORD") + $IsInstrumentInstalled = & "C:\blaise5\bin\servermanager.exe" -listsurveys ` -serverpark:$ServerParkName ` -binding:http ` @@ -73,6 +76,9 @@ function Install-PackageViaServerManager { throw "File '$FilePath' does not exist" } + + LogInfo("BENNY005 ENV_BLAISE_ADMIN_PASSWORD = $env:ENV_BLAISE_ADMIN_PASSWORD") + LogInfo("Installing package '$FilePath' into server park '$ServerParkName' via Server Manager") & "C:\blaise5\bin\servermanager.exe" -installsurvey:$FilePath ` -serverpark:$ServerParkName ` diff --git a/scripts/blaise/register_node.ps1 b/scripts/blaise/register_node.ps1 index 7f4439bb..88a508d3 100644 --- a/scripts/blaise/register_node.ps1 +++ b/scripts/blaise/register_node.ps1 @@ -25,6 +25,8 @@ function Register-Node { ) $RetryCount = 0 do { + + LogInfo("BENNY006 ENV_BLAISE_ADMIN_PASSWORD = $env:ENV_BLAISE_ADMIN_PASSWORD") LogInfo("Registering node '$CurrentNode' on management node '$BlaiseManagementNode' for server park '$ServerPark'") $output = & c:\blaise5\bin\servermanager.exe -addserverparkserver:$CurrentNode ` -server:$BlaiseManagementNode ` @@ -61,6 +63,10 @@ function Check-NodeRegistered { param( [string] $ServerPark ) + + + LogInfo("BENNY006 ENV_BLAISE_ADMIN_PASSWORD = $env:ENV_BLAISE_ADMIN_PASSWORD") + $IsNodeRegistered = c:\blaise5\bin\servermanager.exe -listserverparkservers ` -server:$BlaiseManagementNode ` -user:$BlaiseAdminUser ` From 9d94e6b90f59e34de82b620e03475651c7061ad9 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Thu, 26 Sep 2024 12:20:07 +0100 Subject: [PATCH 09/31] Adding ProjectID flag --project to gcloud secrets as there was a discrepancy between the secrets using the projectid and the projectname --- scripts/update_script_environment_variables.ps1 | 3 ++- scripts/update_system_environment_variables.ps1 | 12 +++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/scripts/update_script_environment_variables.ps1 b/scripts/update_script_environment_variables.ps1 index 4aa16b4f..357d5d26 100644 --- a/scripts/update_script_environment_variables.ps1 +++ b/scripts/update_script_environment_variables.ps1 @@ -15,9 +15,10 @@ function CreateVariables($variableList) { if ($variable.Name -Like "BLAISE_*" -and $varValue -Like "projects/*/secrets/*") { $parts = $varValue -split "/" + $projectId = $parts[1] $secret = $parts[3] - $secretValue = & gcloud secrets versions access latest --secret=$secret + $secretValue = & gcloud secrets versions access latest --secret=$secret --project=$projectId New-Variable -Scope script -Name ($varName) -Value $secretValue -Force LogInfo("BENNY2 Secret Update Script env var - $varName = $secretValue") diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index 7bbab7fc..4b13b6e3 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -10,13 +10,15 @@ function UpdateEnvironmentalVariable { param ( [string]$varName, [string]$secretValue, - [string]$secret + [string]$secret, + [string]$projectId ) Write-Host "UpdateEnvironmentalVariables Called with following values" Write-Host "varName = $varName" Write-Host "secretValue = $secretValue" Write-Host "secret = $secret" + Write-Host "projectId = $projectId" $envValue = [System.Environment]::GetEnvironmentVariable($varName, [System.EnvironmentVariableTarget]::Machine) @@ -34,7 +36,7 @@ function UpdateEnvironmentalVariable { # This is for environments that have been previously set up, so the secret values should remain the same Write-Host "Environmental Variable is set to a different value than Secret, Creating new secret version" # echo -n $envValue | gcloud secrets versions add $secret --data-file=- - Write-Output $envValue | gcloud secrets versions add $secret --data-file=- + Write-Output $envValue | gcloud secrets versions add $secret --project=$projectId --data-file=- } } @@ -48,12 +50,12 @@ function CreateVariables($variableList) { if ($variable.Name -Like "ENV_*" -and $varValue -Like "projects/*/secrets/*") { $parts = $varValue -split "/" + $projectId = $parts[1] $secret = $parts[3] - $secretValue = & gcloud secrets versions access latest --secret=$secret + $secretValue = & gcloud secrets versions access latest --secret=$secret --project=$projectId - - UpdateEnvironmentalVariable $variable.Name $secretValue $secret + UpdateEnvironmentalVariable $variable.Name $secretValue $secret $projectId } elseif ($variable.Name -Like "ENV_*") { [System.Environment]::SetEnvironmentVariable($varName, ($varValue), [System.EnvironmentVariableTarget]::Machine) From c6f3258de142850ce336895c34022c2f99a6129b Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Thu, 26 Sep 2024 16:09:28 +0100 Subject: [PATCH 10/31] Getting ProjectId from ProjectNumber in secret --- scripts/update_script_environment_variables.ps1 | 4 +++- scripts/update_system_environment_variables.ps1 | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/update_script_environment_variables.ps1 b/scripts/update_script_environment_variables.ps1 index 357d5d26..83cdbfc8 100644 --- a/scripts/update_script_environment_variables.ps1 +++ b/scripts/update_script_environment_variables.ps1 @@ -15,9 +15,11 @@ function CreateVariables($variableList) { if ($variable.Name -Like "BLAISE_*" -and $varValue -Like "projects/*/secrets/*") { $parts = $varValue -split "/" - $projectId = $parts[1] + $projectNumber = $parts[1] $secret = $parts[3] + $projectId = gcloud projects describe $projectNumber --format="get(projectId)" + $secretValue = & gcloud secrets versions access latest --secret=$secret --project=$projectId New-Variable -Scope script -Name ($varName) -Value $secretValue -Force diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index 4b13b6e3..dff248b9 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -50,9 +50,11 @@ function CreateVariables($variableList) { if ($variable.Name -Like "ENV_*" -and $varValue -Like "projects/*/secrets/*") { $parts = $varValue -split "/" - $projectId = $parts[1] + $projectNumber = $parts[1] $secret = $parts[3] + $projectId = gcloud projects describe $projectNumber --format="get(projectId)" + $secretValue = & gcloud secrets versions access latest --secret=$secret --project=$projectId UpdateEnvironmentalVariable $variable.Name $secretValue $secret $projectId From 9da3b38f464ff524465eb723501e99c82b3988c9 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Mon, 30 Sep 2024 15:32:39 +0100 Subject: [PATCH 11/31] Removing project code as it isn't needed. --- .../update_script_environment_variables.ps1 | 5 +--- .../update_system_environment_variables.ps1 | 23 +++++++++---------- 2 files changed, 12 insertions(+), 16 deletions(-) diff --git a/scripts/update_script_environment_variables.ps1 b/scripts/update_script_environment_variables.ps1 index 83cdbfc8..4aa16b4f 100644 --- a/scripts/update_script_environment_variables.ps1 +++ b/scripts/update_script_environment_variables.ps1 @@ -15,12 +15,9 @@ function CreateVariables($variableList) { if ($variable.Name -Like "BLAISE_*" -and $varValue -Like "projects/*/secrets/*") { $parts = $varValue -split "/" - $projectNumber = $parts[1] $secret = $parts[3] - $projectId = gcloud projects describe $projectNumber --format="get(projectId)" - - $secretValue = & gcloud secrets versions access latest --secret=$secret --project=$projectId + $secretValue = & gcloud secrets versions access latest --secret=$secret New-Variable -Scope script -Name ($varName) -Value $secretValue -Force LogInfo("BENNY2 Secret Update Script env var - $varName = $secretValue") diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index dff248b9..0132c6fb 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -10,15 +10,13 @@ function UpdateEnvironmentalVariable { param ( [string]$varName, [string]$secretValue, - [string]$secret, - [string]$projectId + [string]$secret ) Write-Host "UpdateEnvironmentalVariables Called with following values" Write-Host "varName = $varName" Write-Host "secretValue = $secretValue" Write-Host "secret = $secret" - Write-Host "projectId = $projectId" $envValue = [System.Environment]::GetEnvironmentVariable($varName, [System.EnvironmentVariableTarget]::Machine) @@ -28,15 +26,19 @@ function UpdateEnvironmentalVariable { if ($envValue -eq $secretValue) { Write-Host "Values are the same, doing nothing" } - elseif ($envValue -eq "" -or $envValue -eq $null) { + elseif ($envValue -eq "" -or $null -eq $envValue) { Write-Host "Environmental Variable not set, so using Secret value" [System.Environment]::SetEnvironmentVariable($varName, ($secretValue), [System.EnvironmentVariableTarget]::Machine) } - elseif ($envValue -ne "" -and $envValue -ne $null -and $secretValue -ne "" -and $null -ne $secretValue) { + elseif ($envValue -ne "" -and $null -ne $envValue -and $secretValue -ne "" -and $null -ne $secretValue) { # This is for environments that have been previously set up, so the secret values should remain the same Write-Host "Environmental Variable is set to a different value than Secret, Creating new secret version" - # echo -n $envValue | gcloud secrets versions add $secret --data-file=- - Write-Output $envValue | gcloud secrets versions add $secret --project=$projectId --data-file=- + # echo -n $envValue | gcloud secrets versions add $secret --data-file=- + Write-Output $envValue | gcloud secrets versions add $secret --data-file=- + } + elseif ($envValue -ne "" -and $null -ne $envValue) { + # Secret value must be empty at this stage, but Environmental variable is set. + Write-Output "Environmental Variable is set but there is no value for the secret value" } } @@ -50,14 +52,11 @@ function CreateVariables($variableList) { if ($variable.Name -Like "ENV_*" -and $varValue -Like "projects/*/secrets/*") { $parts = $varValue -split "/" - $projectNumber = $parts[1] $secret = $parts[3] - $projectId = gcloud projects describe $projectNumber --format="get(projectId)" + $secretValue = & gcloud secrets versions access latest --secret=$secret - $secretValue = & gcloud secrets versions access latest --secret=$secret --project=$projectId - - UpdateEnvironmentalVariable $variable.Name $secretValue $secret $projectId + UpdateEnvironmentalVariable $variable.Name $secretValue $secret } elseif ($variable.Name -Like "ENV_*") { [System.Environment]::SetEnvironmentVariable($varName, ($varValue), [System.EnvironmentVariableTarget]::Machine) From 40958471d30e67357f51d17b41d80ca938270068 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Mon, 30 Sep 2024 16:02:15 +0100 Subject: [PATCH 12/31] putting more logging around CreateVariables Call as script is throwing errors --- scripts/update_system_environment_variables.ps1 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index 0132c6fb..d1c0351f 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -54,8 +54,12 @@ function CreateVariables($variableList) { $parts = $varValue -split "/" $secret = $parts[3] + Write-Host "Calling gcloud with secret of '$secret'" + $secretValue = & gcloud secrets versions access latest --secret=$secret + Write-Host "After gcloud call retrieved secretValue of '$secretValue'" + UpdateEnvironmentalVariable $variable.Name $secretValue $secret } elseif ($variable.Name -Like "ENV_*") { From 4976cb91270359a73fcd9b70d0c5a968b4d7129f Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Mon, 30 Sep 2024 17:34:49 +0100 Subject: [PATCH 13/31] putting in possible fix for BOM invalid characters being placed in secrets file. Will need to test --- scripts/update_system_environment_variables.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index d1c0351f..ee057b6e 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -34,7 +34,8 @@ function UpdateEnvironmentalVariable { # This is for environments that have been previously set up, so the secret values should remain the same Write-Host "Environmental Variable is set to a different value than Secret, Creating new secret version" # echo -n $envValue | gcloud secrets versions add $secret --data-file=- - Write-Output $envValue | gcloud secrets versions add $secret --data-file=- + [Console]::OutputEncoding = [System.Text.Encoding]::UTF8 + [Console]::Write($envValue) | gcloud secrets versions add $secret --data-file=- } elseif ($envValue -ne "" -and $null -ne $envValue) { # Secret value must be empty at this stage, but Environmental variable is set. From 17dc88c287928b25d53ee5ad00e5a73e61158971 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Tue, 1 Oct 2024 12:14:33 +0100 Subject: [PATCH 14/31] made same changes as terraform repo to set secret and remove possible BOM character --- scripts/update_system_environment_variables.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index ee057b6e..016cb02e 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -34,8 +34,9 @@ function UpdateEnvironmentalVariable { # This is for environments that have been previously set up, so the secret values should remain the same Write-Host "Environmental Variable is set to a different value than Secret, Creating new secret version" # echo -n $envValue | gcloud secrets versions add $secret --data-file=- + $envValue = $envValue -replace "^\uFEFF", "" [Console]::OutputEncoding = [System.Text.Encoding]::UTF8 - [Console]::Write($envValue) | gcloud secrets versions add $secret --data-file=- + $envValue | gcloud secrets versions add $secret --data-file=- } elseif ($envValue -ne "" -and $null -ne $envValue) { # Secret value must be empty at this stage, but Environmental variable is set. From a122a1fb4b7e9b4a512fcd3001bf8cee43c34552 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Tue, 1 Oct 2024 13:39:22 +0100 Subject: [PATCH 15/31] trying to remove BOM character --- scripts/update_system_environment_variables.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index 016cb02e..5f75d1ec 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -36,7 +36,7 @@ function UpdateEnvironmentalVariable { # echo -n $envValue | gcloud secrets versions add $secret --data-file=- $envValue = $envValue -replace "^\uFEFF", "" [Console]::OutputEncoding = [System.Text.Encoding]::UTF8 - $envValue | gcloud secrets versions add $secret --data-file=- + $envValue | Out-String -NoNewline | gcloud secrets versions add $secret --data-file=- } elseif ($envValue -ne "" -and $null -ne $envValue) { # Secret value must be empty at this stage, but Environmental variable is set. From cd27cc19e2ca1ff7ee2ad9e462dd8831f93d163f Mon Sep 17 00:00:00 2001 From: kristian4res <57638182+kristian4res@users.noreply.github.com> Date: Tue, 1 Oct 2024 13:45:00 +0100 Subject: [PATCH 16/31] wip: debug replace tokens task --- templates/download_build_artifact.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/download_build_artifact.yml b/templates/download_build_artifact.yml index b5249df7..6fa4f263 100644 --- a/templates/download_build_artifact.yml +++ b/templates/download_build_artifact.yml @@ -33,5 +33,5 @@ steps: keepToken: false tokenPrefix: '#{' tokenSuffix: '}#' - verbosity: 'info' + verbosity: 'debug' enableTelemetry: true \ No newline at end of file From 85b3cd67ad05e59abe278d0926ee77087a1d078e Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Tue, 1 Oct 2024 13:52:36 +0100 Subject: [PATCH 17/31] Trying to output a string --- scripts/update_system_environment_variables.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index 5f75d1ec..585613e0 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -36,7 +36,7 @@ function UpdateEnvironmentalVariable { # echo -n $envValue | gcloud secrets versions add $secret --data-file=- $envValue = $envValue -replace "^\uFEFF", "" [Console]::OutputEncoding = [System.Text.Encoding]::UTF8 - $envValue | Out-String -NoNewline | gcloud secrets versions add $secret --data-file=- + [Console]::Write($envValue) | gcloud secrets versions add $secret --data-file=- } elseif ($envValue -ne "" -and $null -ne $envValue) { # Secret value must be empty at this stage, but Environmental variable is set. From 3ea8f0f028984293dc97f96dae45797a0dca3e75 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Tue, 1 Oct 2024 14:04:44 +0100 Subject: [PATCH 18/31] Trying a different approach, creating a file and then removing the file --- scripts/update_system_environment_variables.ps1 | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index 585613e0..42b8ce9a 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -33,10 +33,11 @@ function UpdateEnvironmentalVariable { elseif ($envValue -ne "" -and $null -ne $envValue -and $secretValue -ne "" -and $null -ne $secretValue) { # This is for environments that have been previously set up, so the secret values should remain the same Write-Host "Environmental Variable is set to a different value than Secret, Creating new secret version" - # echo -n $envValue | gcloud secrets versions add $secret --data-file=- - $envValue = $envValue -replace "^\uFEFF", "" - [Console]::OutputEncoding = [System.Text.Encoding]::UTF8 - [Console]::Write($envValue) | gcloud secrets versions add $secret --data-file=- + + $tempFile = New-TemporaryFile + Set-Content -Path $tempFile -Value $envValue + & gcloud secrets versions add $secretName --data-file=$tempFile + Remove-Item $tempFile } elseif ($envValue -ne "" -and $null -ne $envValue) { # Secret value must be empty at this stage, but Environmental variable is set. From 3861ea4889e3a68303038c0402bde19c60b5ea82 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Tue, 1 Oct 2024 14:24:42 +0100 Subject: [PATCH 19/31] wrong variable name given for secret, corrected --- scripts/update_system_environment_variables.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index 42b8ce9a..5a8b2819 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -36,7 +36,7 @@ function UpdateEnvironmentalVariable { $tempFile = New-TemporaryFile Set-Content -Path $tempFile -Value $envValue - & gcloud secrets versions add $secretName --data-file=$tempFile + & gcloud secrets versions add $secret --data-file=$tempFile Remove-Item $tempFile } elseif ($envValue -ne "" -and $null -ne $envValue) { From b6b87396c3cf49a07052c022fefd663a9e8c0f30 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Tue, 1 Oct 2024 14:50:18 +0100 Subject: [PATCH 20/31] Using out-File to prevent \n or \r from being appended which google secrets thinks is a space --- scripts/update_system_environment_variables.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index 5a8b2819..3a58c0e4 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -35,7 +35,8 @@ function UpdateEnvironmentalVariable { Write-Host "Environmental Variable is set to a different value than Secret, Creating new secret version" $tempFile = New-TemporaryFile - Set-Content -Path $tempFile -Value $envValue + #Set-Content -Path $tempFile -Value $envValue + $envValue | Out-File -FilePath $tempFile -NoNewline & gcloud secrets versions add $secret --data-file=$tempFile Remove-Item $tempFile } From 9f01a9eaea4fad5f5a8f39dcbce87c791824d2a4 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Tue, 1 Oct 2024 14:58:04 +0100 Subject: [PATCH 21/31] encoding as utf8 --- scripts/update_system_environment_variables.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index 3a58c0e4..7ad509c4 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -36,7 +36,7 @@ function UpdateEnvironmentalVariable { $tempFile = New-TemporaryFile #Set-Content -Path $tempFile -Value $envValue - $envValue | Out-File -FilePath $tempFile -NoNewline + $envValue | Out-File -FilePath $tempFile -NoNewline -Encoding utf8 & gcloud secrets versions add $secret --data-file=$tempFile Remove-Item $tempFile } From 44e9793955ada25c19897d38a013313601dc5a1d Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Tue, 1 Oct 2024 15:16:49 +0100 Subject: [PATCH 22/31] still BOM getting added, trying old way with NoNewLine and utf8 --- scripts/update_system_environment_variables.ps1 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index 7ad509c4..b3a0f4d0 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -35,8 +35,7 @@ function UpdateEnvironmentalVariable { Write-Host "Environmental Variable is set to a different value than Secret, Creating new secret version" $tempFile = New-TemporaryFile - #Set-Content -Path $tempFile -Value $envValue - $envValue | Out-File -FilePath $tempFile -NoNewline -Encoding utf8 + Set-Content -Path $tempFile -Value $envValue -NoNewline -Encoding utf8 & gcloud secrets versions add $secret --data-file=$tempFile Remove-Item $tempFile } From 4a116d9355987393f8064edfb5ae2e1d0766d06b Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Tue, 1 Oct 2024 15:25:47 +0100 Subject: [PATCH 23/31] trying a different encoding which states no BOM --- scripts/update_system_environment_variables.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index b3a0f4d0..697daca7 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -35,7 +35,7 @@ function UpdateEnvironmentalVariable { Write-Host "Environmental Variable is set to a different value than Secret, Creating new secret version" $tempFile = New-TemporaryFile - Set-Content -Path $tempFile -Value $envValue -NoNewline -Encoding utf8 + Set-Content -Path $tempFile -Value $envValue -NoNewline -Encoding utf8NoBOM & gcloud secrets versions add $secret --data-file=$tempFile Remove-Item $tempFile } From 897119732d90d9a2fa91f424106b419423c1bdcb Mon Sep 17 00:00:00 2001 From: kristian4res <57638182+kristian4res@users.noreply.github.com> Date: Tue, 1 Oct 2024 15:33:49 +0100 Subject: [PATCH 24/31] wip: write bom set to default -> false --- templates/download_build_artifact.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/download_build_artifact.yml b/templates/download_build_artifact.yml index 6fa4f263..dc00e24c 100644 --- a/templates/download_build_artifact.yml +++ b/templates/download_build_artifact.yml @@ -28,7 +28,7 @@ steps: rootDirectory: $(System.ArtifactsDirectory) targetFiles: ${{parameters.TargetFiles}} encoding: auto - writeBOM: true + writeBOM: false actionOnMissing: warn keepToken: false tokenPrefix: '#{' From 896db4b429b7fa8ec92353198d0884777c12fc82 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Tue, 1 Oct 2024 15:37:16 +0100 Subject: [PATCH 25/31] created encoding needed to write to file without BOM --- scripts/update_system_environment_variables.ps1 | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index 697daca7..e926c2ef 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -34,9 +34,19 @@ function UpdateEnvironmentalVariable { # This is for environments that have been previously set up, so the secret values should remain the same Write-Host "Environmental Variable is set to a different value than Secret, Creating new secret version" - $tempFile = New-TemporaryFile - Set-Content -Path $tempFile -Value $envValue -NoNewline -Encoding utf8NoBOM + $tempFile = New-TemporaryFile + + # Create a UTF8 encoding without BOM + $utf8NoBomEncoding = New-Object System.Text.UTF8Encoding($false) + + # Write the content to the file using the specified encoding + [System.IO.File]::WriteAllText($tempFile, $envValue, $utf8NoBomEncoding) + + + # Add the secret using gcloud & gcloud secrets versions add $secret --data-file=$tempFile + + # Clean up the temporary file Remove-Item $tempFile } elseif ($envValue -ne "" -and $null -ne $envValue) { From 8e4c7a2589dd880809d00fd1188e3db275806002 Mon Sep 17 00:00:00 2001 From: kristian4res <57638182+kristian4res@users.noreply.github.com> Date: Tue, 1 Oct 2024 15:59:02 +0100 Subject: [PATCH 26/31] wip: write bom set to true --- templates/download_build_artifact.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/download_build_artifact.yml b/templates/download_build_artifact.yml index dc00e24c..6fa4f263 100644 --- a/templates/download_build_artifact.yml +++ b/templates/download_build_artifact.yml @@ -28,7 +28,7 @@ steps: rootDirectory: $(System.ArtifactsDirectory) targetFiles: ${{parameters.TargetFiles}} encoding: auto - writeBOM: false + writeBOM: true actionOnMissing: warn keepToken: false tokenPrefix: '#{' From 3252d6a1967fbb2f736fcc26ff068a7894b1092d Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Wed, 2 Oct 2024 11:02:21 +0100 Subject: [PATCH 27/31] Trying to get environmental variables to be updated before being used in creating the .config files --- pipelines/deploy_blaise_cli.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pipelines/deploy_blaise_cli.yml b/pipelines/deploy_blaise_cli.yml index 8b59cd7b..89c0d9ae 100644 --- a/pipelines/deploy_blaise_cli.yml +++ b/pipelines/deploy_blaise_cli.yml @@ -59,6 +59,9 @@ stages: deploy: steps: - checkout: self + - task: PowerShell@2 + inputs: + filePath: $(Agent.BuildDirectory)/s/scripts/update_system_environment_variables.ps1 - template: /templates/download_build_artifact.yml parameters: ${{ if notin(parameters.Environment, 'prod', 'preprod') }}: From 42fd573a169453b161ad142f29037a991b65d8a5 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Wed, 2 Oct 2024 11:11:13 +0100 Subject: [PATCH 28/31] Also adding script environment variables, as only ENV had no effect --- pipelines/deploy_blaise_cli.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pipelines/deploy_blaise_cli.yml b/pipelines/deploy_blaise_cli.yml index 89c0d9ae..5c154152 100644 --- a/pipelines/deploy_blaise_cli.yml +++ b/pipelines/deploy_blaise_cli.yml @@ -62,6 +62,9 @@ stages: - task: PowerShell@2 inputs: filePath: $(Agent.BuildDirectory)/s/scripts/update_system_environment_variables.ps1 + - task: PowerShell@2 + inputs: + filePath: $(Agent.BuildDirectory)/s/scripts/update_script_environment_variables.ps1 - template: /templates/download_build_artifact.yml parameters: ${{ if notin(parameters.Environment, 'prod', 'preprod') }}: From 9d1d55cf663f0cdb8991595d05a86f8c3cc70ecf Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Wed, 2 Oct 2024 11:19:53 +0100 Subject: [PATCH 29/31] Trying to run update variables task before replacetokens --- templates/download_build_artifact.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/templates/download_build_artifact.yml b/templates/download_build_artifact.yml index 6fa4f263..1a531427 100644 --- a/templates/download_build_artifact.yml +++ b/templates/download_build_artifact.yml @@ -22,6 +22,12 @@ steps: downloadType: single artifactName: ${{parameters.ArtifactName}} downloadPath: ${{parameters.DownloadPath}} + - task: PowerShell@2 + inputs: + filePath: $(Agent.BuildDirectory)/s/scripts/update_system_environment_variables.ps1 + - task: PowerShell@2 + inputs: + filePath: $(Agent.BuildDirectory)/s/scripts/update_script_environment_variables.ps1 - task: replacetokens@6 displayName: Replace config settings inputs: From 13a214f3b40c6c4f2757279da2a8bfa0aa57c1b6 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Thu, 3 Oct 2024 11:50:00 +0100 Subject: [PATCH 30/31] Removed calls to update environmental variables and scripts, as not needed --- pipelines/deploy_blaise_cli.yml | 6 ------ templates/download_build_artifact.yml | 6 ------ 2 files changed, 12 deletions(-) diff --git a/pipelines/deploy_blaise_cli.yml b/pipelines/deploy_blaise_cli.yml index 5c154152..8b59cd7b 100644 --- a/pipelines/deploy_blaise_cli.yml +++ b/pipelines/deploy_blaise_cli.yml @@ -59,12 +59,6 @@ stages: deploy: steps: - checkout: self - - task: PowerShell@2 - inputs: - filePath: $(Agent.BuildDirectory)/s/scripts/update_system_environment_variables.ps1 - - task: PowerShell@2 - inputs: - filePath: $(Agent.BuildDirectory)/s/scripts/update_script_environment_variables.ps1 - template: /templates/download_build_artifact.yml parameters: ${{ if notin(parameters.Environment, 'prod', 'preprod') }}: diff --git a/templates/download_build_artifact.yml b/templates/download_build_artifact.yml index 1a531427..6fa4f263 100644 --- a/templates/download_build_artifact.yml +++ b/templates/download_build_artifact.yml @@ -22,12 +22,6 @@ steps: downloadType: single artifactName: ${{parameters.ArtifactName}} downloadPath: ${{parameters.DownloadPath}} - - task: PowerShell@2 - inputs: - filePath: $(Agent.BuildDirectory)/s/scripts/update_system_environment_variables.ps1 - - task: PowerShell@2 - inputs: - filePath: $(Agent.BuildDirectory)/s/scripts/update_script_environment_variables.ps1 - task: replacetokens@6 displayName: Replace config settings inputs: From 528ba8f617be0c5dc6c10278009562392597c1c2 Mon Sep 17 00:00:00 2001 From: lambeb <141648830+lambeb@users.noreply.github.com> Date: Thu, 3 Oct 2024 13:43:37 +0100 Subject: [PATCH 31/31] Removed Logs that could give away secret values/passwords --- scripts/blaise/add_cma_serverpark.ps1 | 4 --- scripts/blaise/configure_serverpark.ps1 | 3 --- scripts/blaise/install_cma_packages.ps1 | 6 ----- scripts/blaise/register_node.ps1 | 5 ---- .../update_script_environment_variables.ps1 | 1 - .../update_system_environment_variables.ps1 | 25 +++---------------- templates/download_build_artifact.yml | 2 +- 7 files changed, 5 insertions(+), 41 deletions(-) diff --git a/scripts/blaise/add_cma_serverpark.ps1 b/scripts/blaise/add_cma_serverpark.ps1 index 908efede..ff935325 100644 --- a/scripts/blaise/add_cma_serverpark.ps1 +++ b/scripts/blaise/add_cma_serverpark.ps1 @@ -9,8 +9,6 @@ function ServerParkExists { throw [System.IO.ArgumentException] "No server park name argument provided" } - LogInfo("BENNY001 ENV_BLAISE_ADMIN_PASSWORD = $env:ENV_BLAISE_ADMIN_PASSWORD") - $exists = c:\blaise5\bin\servermanager -listserverparks ` -server:$env:ENV_BLAISE_SERVER_HOST_NAME ` -binding:http ` @@ -36,8 +34,6 @@ function AddServerPark { LogInfo("Add and/or configure server park $ServerParkName to run in disconnected mode with sync surveys set to true") - LogInfo("BENNY002 ENV_BLAISE_ADMIN_PASSWORD = $env:ENV_BLAISE_ADMIN_PASSWORD") - # if the serverpark exists this will update the existing one c:\blaise5\bin\servermanager -addserverpark:$ServerParkName ` -runmode:disconnected ` diff --git a/scripts/blaise/configure_serverpark.ps1 b/scripts/blaise/configure_serverpark.ps1 index 09008f88..a8e487fd 100644 --- a/scripts/blaise/configure_serverpark.ps1 +++ b/scripts/blaise/configure_serverpark.ps1 @@ -31,9 +31,6 @@ function ConfigureServerpark { LogInfo("Configuring server park $BlaiseServerPark to run in disconnected mode") - - LogInfo("BENNY003 ENV_BLAISE_ADMIN_PASSWORD = $env:ENV_BLAISE_ADMIN_PASSWORD") - c:\blaise5\bin\servermanager -editserverpark:$BlaiseServerPark -server:$managementNode -runmode:disconnected -syncsurveyswhenconnected:false -binding:http -port:$connectionPort -user:$blaiseUserName -password:$blaisePassword LogInfo("Configured server park $BlaiseServerPark") diff --git a/scripts/blaise/install_cma_packages.ps1 b/scripts/blaise/install_cma_packages.ps1 index 0285888e..751af784 100644 --- a/scripts/blaise/install_cma_packages.ps1 +++ b/scripts/blaise/install_cma_packages.ps1 @@ -19,9 +19,6 @@ function Test-InstrumentInstalled { [string]$InstrumentName ) - - LogInfo("BENNY004 ENV_BLAISE_ADMIN_PASSWORD = $env:ENV_BLAISE_ADMIN_PASSWORD") - $IsInstrumentInstalled = & "C:\blaise5\bin\servermanager.exe" -listsurveys ` -serverpark:$ServerParkName ` -binding:http ` @@ -76,9 +73,6 @@ function Install-PackageViaServerManager { throw "File '$FilePath' does not exist" } - - LogInfo("BENNY005 ENV_BLAISE_ADMIN_PASSWORD = $env:ENV_BLAISE_ADMIN_PASSWORD") - LogInfo("Installing package '$FilePath' into server park '$ServerParkName' via Server Manager") & "C:\blaise5\bin\servermanager.exe" -installsurvey:$FilePath ` -serverpark:$ServerParkName ` diff --git a/scripts/blaise/register_node.ps1 b/scripts/blaise/register_node.ps1 index 88a508d3..9cda858b 100644 --- a/scripts/blaise/register_node.ps1 +++ b/scripts/blaise/register_node.ps1 @@ -25,8 +25,6 @@ function Register-Node { ) $RetryCount = 0 do { - - LogInfo("BENNY006 ENV_BLAISE_ADMIN_PASSWORD = $env:ENV_BLAISE_ADMIN_PASSWORD") LogInfo("Registering node '$CurrentNode' on management node '$BlaiseManagementNode' for server park '$ServerPark'") $output = & c:\blaise5\bin\servermanager.exe -addserverparkserver:$CurrentNode ` -server:$BlaiseManagementNode ` @@ -64,9 +62,6 @@ function Check-NodeRegistered { [string] $ServerPark ) - - LogInfo("BENNY006 ENV_BLAISE_ADMIN_PASSWORD = $env:ENV_BLAISE_ADMIN_PASSWORD") - $IsNodeRegistered = c:\blaise5\bin\servermanager.exe -listserverparkservers ` -server:$BlaiseManagementNode ` -user:$BlaiseAdminUser ` diff --git a/scripts/update_script_environment_variables.ps1 b/scripts/update_script_environment_variables.ps1 index 4aa16b4f..5372e85c 100644 --- a/scripts/update_script_environment_variables.ps1 +++ b/scripts/update_script_environment_variables.ps1 @@ -20,7 +20,6 @@ function CreateVariables($variableList) { $secretValue = & gcloud secrets versions access latest --secret=$secret New-Variable -Scope script -Name ($varName) -Value $secretValue -Force - LogInfo("BENNY2 Secret Update Script env var - $varName = $secretValue") } elseif ($variable.Name -Like "BLAISE_*") { New-Variable -Scope script -Name ($varName) -Value $varValue -Force diff --git a/scripts/update_system_environment_variables.ps1 b/scripts/update_system_environment_variables.ps1 index e926c2ef..92453dab 100644 --- a/scripts/update_system_environment_variables.ps1 +++ b/scripts/update_system_environment_variables.ps1 @@ -13,26 +13,18 @@ function UpdateEnvironmentalVariable { [string]$secret ) - Write-Host "UpdateEnvironmentalVariables Called with following values" - Write-Host "varName = $varName" - Write-Host "secretValue = $secretValue" - Write-Host "secret = $secret" - $envValue = [System.Environment]::GetEnvironmentVariable($varName, [System.EnvironmentVariableTarget]::Machine) - Write-Host "Retrieved the following value from Environmental Variables" - Write-Host "envValue = $envValue" - if ($envValue -eq $secretValue) { - Write-Host "Values are the same, doing nothing" + Write-Host "Values are the same, no need to update secrets." } elseif ($envValue -eq "" -or $null -eq $envValue) { - Write-Host "Environmental Variable not set, so using Secret value" + Write-Host "Environmental Variable not set, setting to secret value." [System.Environment]::SetEnvironmentVariable($varName, ($secretValue), [System.EnvironmentVariableTarget]::Machine) } elseif ($envValue -ne "" -and $null -ne $envValue -and $secretValue -ne "" -and $null -ne $secretValue) { - # This is for environments that have been previously set up, so the secret values should remain the same - Write-Host "Environmental Variable is set to a different value than Secret, Creating new secret version" + # If Environmental values are updated, secret values should be updated + Write-Host "Environmental Variable is set to a different value than secret, updating secret value" $tempFile = New-TemporaryFile @@ -42,16 +34,11 @@ function UpdateEnvironmentalVariable { # Write the content to the file using the specified encoding [System.IO.File]::WriteAllText($tempFile, $envValue, $utf8NoBomEncoding) - # Add the secret using gcloud & gcloud secrets versions add $secret --data-file=$tempFile # Clean up the temporary file Remove-Item $tempFile - } - elseif ($envValue -ne "" -and $null -ne $envValue) { - # Secret value must be empty at this stage, but Environmental variable is set. - Write-Output "Environmental Variable is set but there is no value for the secret value" } } @@ -67,12 +54,8 @@ function CreateVariables($variableList) { $parts = $varValue -split "/" $secret = $parts[3] - Write-Host "Calling gcloud with secret of '$secret'" - $secretValue = & gcloud secrets versions access latest --secret=$secret - Write-Host "After gcloud call retrieved secretValue of '$secretValue'" - UpdateEnvironmentalVariable $variable.Name $secretValue $secret } elseif ($variable.Name -Like "ENV_*") { diff --git a/templates/download_build_artifact.yml b/templates/download_build_artifact.yml index 6fa4f263..b5249df7 100644 --- a/templates/download_build_artifact.yml +++ b/templates/download_build_artifact.yml @@ -33,5 +33,5 @@ steps: keepToken: false tokenPrefix: '#{' tokenSuffix: '}#' - verbosity: 'debug' + verbosity: 'info' enableTelemetry: true \ No newline at end of file