Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Promote from main to preprod #179

Merged
merged 37 commits into from
Oct 7, 2024
Merged

Promote from main to preprod #179

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
29814a5
Added code to detect if a variable is a secret. If it is then gcloud …
lambeb Sep 12, 2024
734011c
Added logging and renamed file incase the filepath change has same bu…
lambeb Sep 13, 2024
f237d64
adding code to update script variables. Keeping logging in for now to…
lambeb Sep 16, 2024
be72e81
Added Update Environmental Changes
lambeb Sep 20, 2024
c8c9e6c
Fixed UpdateEnvironmentalVariables function
lambeb Sep 20, 2024
f954656
Fixed function call
lambeb Sep 20, 2024
457e4d3
Renamed script to see if it changes
lambeb Sep 20, 2024
d815e9c
Added logging around any place blaise_Admin_password is used to check…
lambeb Sep 23, 2024
9d94e6b
Adding ProjectID flag --project to gcloud secrets as there was a disc…
lambeb Sep 26, 2024
c6f3258
Getting ProjectId from ProjectNumber in secret
lambeb Sep 26, 2024
9da3b38
Removing project code as it isn't needed.
lambeb Sep 30, 2024
4095847
putting more logging around CreateVariables Call as script is throwin…
lambeb Sep 30, 2024
4976cb9
putting in possible fix for BOM invalid characters being placed in se…
lambeb Sep 30, 2024
17dc88c
made same changes as terraform repo to set secret and remove possible…
lambeb Oct 1, 2024
a122a1f
trying to remove BOM character
lambeb Oct 1, 2024
cd27cc1
wip: debug replace tokens task
kristian4res Oct 1, 2024
1604b01
Merge branch 'BLAIS5-4406' of github.com:ONSdigital/blaise-azure-pipe…
kristian4res Oct 1, 2024
85b3cd6
Trying to output a string
lambeb Oct 1, 2024
30eadd3
Merge branch 'BLAIS5-4406' of https://github.com/ONSdigital/blaise-az…
lambeb Oct 1, 2024
3ea8f0f
Trying a different approach, creating a file and then removing the file
lambeb Oct 1, 2024
3861ea4
wrong variable name given for secret, corrected
lambeb Oct 1, 2024
b6b8739
Using out-File to prevent \n or \r from being appended which google s…
lambeb Oct 1, 2024
9f01a9e
encoding as utf8
lambeb Oct 1, 2024
44e9793
still BOM getting added, trying old way with NoNewLine and utf8
lambeb Oct 1, 2024
4a116d9
trying a different encoding which states no BOM
lambeb Oct 1, 2024
8971197
wip: write bom set to default -> false
kristian4res Oct 1, 2024
896db4b
created encoding needed to write to file without BOM
lambeb Oct 1, 2024
242f9dd
Merge branch 'BLAIS5-4406' of https://github.com/ONSdigital/blaise-az…
lambeb Oct 1, 2024
8e4c7a2
wip: write bom set to true
kristian4res Oct 1, 2024
a236acf
Merge branch 'BLAIS5-4406' of github.com:ONSdigital/blaise-azure-pipe…
kristian4res Oct 1, 2024
3252d6a
Trying to get environmental variables to be updated before being used…
lambeb Oct 2, 2024
1d2e9bc
Merge branch 'BLAIS5-4406' of https://github.com/ONSdigital/blaise-az…
lambeb Oct 2, 2024
42fd573
Also adding script environment variables, as only ENV had no effect
lambeb Oct 2, 2024
9d1d55c
Trying to run update variables task before replacetokens
lambeb Oct 2, 2024
13a214f
Removed calls to update environmental variables and scripts, as not n…
lambeb Oct 3, 2024
528ba8f
Removed Logs that could give away secret values/passwords
lambeb Oct 3, 2024
b9350d1
Merge pull request #171 from ONSdigital/BLAIS5-4406
lambeb Oct 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions scripts/blaise/register_node.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ function Check-NodeRegistered {
param(
[string] $ServerPark
)

$IsNodeRegistered = c:\blaise5\bin\servermanager.exe -listserverparkservers `
-server:$BlaiseManagementNode `
-user:$BlaiseAdminUser `
Expand Down
11 changes: 10 additions & 1 deletion scripts/update_script_environment_variables.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,16 @@ function CreateVariables($variableList) {
$pattern = "^(.*?)$([regex]::Escape($varName))(.?=)(.*)"
$varValue = ($varDefinition -replace $pattern, '$3')

if ($variable.Name -Like "BLAISE_*") {
if ($variable.Name -Like "BLAISE_*" -and $varValue -Like "projects/*/secrets/*") {

$parts = $varValue -split "/"
$secret = $parts[3]

$secretValue = & gcloud secrets versions access latest --secret=$secret

New-Variable -Scope script -Name ($varName) -Value $secretValue -Force
}
elseif ($variable.Name -Like "BLAISE_*") {
New-Variable -Scope script -Name ($varName) -Value $varValue -Force
LogInfo("Script env var - $varName = $varValue")
}
Expand Down
48 changes: 47 additions & 1 deletion scripts/update_system_environment_variables.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,60 @@ function GetMetadataVariables {
return $variablesFromMetadata | Get-Member -MemberType NoteProperty
}

function UpdateEnvironmentalVariable {

param (
[string]$varName,
[string]$secretValue,
[string]$secret
)

$envValue = [System.Environment]::GetEnvironmentVariable($varName, [System.EnvironmentVariableTarget]::Machine)

if ($envValue -eq $secretValue) {
Write-Host "Values are the same, no need to update secrets."
}
elseif ($envValue -eq "" -or $null -eq $envValue) {
Write-Host "Environmental Variable not set, setting to secret value."
[System.Environment]::SetEnvironmentVariable($varName, ($secretValue), [System.EnvironmentVariableTarget]::Machine)
}
elseif ($envValue -ne "" -and $null -ne $envValue -and $secretValue -ne "" -and $null -ne $secretValue) {
# If Environmental values are updated, secret values should be updated
Write-Host "Environmental Variable is set to a different value than secret, updating secret value"

$tempFile = New-TemporaryFile

# Create a UTF8 encoding without BOM
$utf8NoBomEncoding = New-Object System.Text.UTF8Encoding($false)

# Write the content to the file using the specified encoding
[System.IO.File]::WriteAllText($tempFile, $envValue, $utf8NoBomEncoding)

# Add the secret using gcloud
& gcloud secrets versions add $secret --data-file=$tempFile

# Clean up the temporary file
Remove-Item $tempFile
}
}

function CreateVariables($variableList) {
foreach ($variable in $variableList) {
$varName = $variable.Name
$varDefinition = $variable.Definition
$pattern = "^(.*?)$([regex]::Escape($varName))(.?=)(.*)"
$varValue = ($varDefinition -replace $pattern, '$3')

if ($variable.Name -Like "ENV_*") {
if ($variable.Name -Like "ENV_*" -and $varValue -Like "projects/*/secrets/*") {

$parts = $varValue -split "/"
$secret = $parts[3]

$secretValue = & gcloud secrets versions access latest --secret=$secret

UpdateEnvironmentalVariable $variable.Name $secretValue $secret
}
elseif ($variable.Name -Like "ENV_*") {
[System.Environment]::SetEnvironmentVariable($varName, ($varValue), [System.EnvironmentVariableTarget]::Machine)
LogInfo("System env var - $varName = $varValue")
}
Expand Down
Loading