From c6824b6cd805f4d0f2b4bb46c23845f8d2e334a8 Mon Sep 17 00:00:00 2001
From: Sergei Trofimov <sergei.trofimov@arm.com>
Date: Fri, 15 Sep 2023 13:50:58 +0100
Subject: [PATCH] deploy/docker: CLI auth support

Upgrade the CLI tools in the docker deployment to the latest versions
that have auth support. This fixes end-to-end script which did not work
since the deployment had auth enabled.

Signed-off-by: Sergei Trofimov <sergei.trofimov@arm.com>
---
 deployments/docker/src/builder-dispatcher         | 2 ++
 deployments/docker/src/builder.docker             | 2 +-
 deployments/docker/src/cocli-config.yaml.template | 8 ++++++++
 deployments/docker/src/config.yaml.template       | 2 +-
 deployments/docker/src/manager.docker             | 4 +++-
 deployments/docker/src/pocli-config.yaml.template | 9 +++++++++
 6 files changed, 24 insertions(+), 3 deletions(-)
 create mode 100644 deployments/docker/src/cocli-config.yaml.template
 create mode 100644 deployments/docker/src/pocli-config.yaml.template

diff --git a/deployments/docker/src/builder-dispatcher b/deployments/docker/src/builder-dispatcher
index e37e8f63..0e06508f 100755
--- a/deployments/docker/src/builder-dispatcher
+++ b/deployments/docker/src/builder-dispatcher
@@ -48,6 +48,8 @@ function deploy() {
     set +a
     cat $BUILD_DIR/deployments/docker/src/config.yaml.template | envsubst > $DEPLOY_DIR/config.yaml
     cat $BUILD_DIR/deployments/docker/src/keycloak.conf.template | envsubst > $DEPLOY_DIR/keycloak.conf
+    cat $BUILD_DIR/deployments/docker/src/cocli-config.yaml.template | envsubst > $DEPLOY_DIR/utils/cocli-config.yaml
+    cat $BUILD_DIR/deployments/docker/src/pocli-config.yaml.template | envsubst > $DEPLOY_DIR/utils/pocli-config.yaml
 
     echo "initializing stores"
     for t in en ta po
diff --git a/deployments/docker/src/builder.docker b/deployments/docker/src/builder.docker
index ba01ec0e..15eead85 100644
--- a/deployments/docker/src/builder.docker
+++ b/deployments/docker/src/builder.docker
@@ -57,7 +57,7 @@ RUN go mod download &&\
     go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26 &&\
     go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.1 &&\
     go install github.com/mitchellh/protoc-gen-go-json@v1.1.0 &&\
-    go install github.com/veraison/corim/cocli@latest &&\
+    go install github.com/veraison/corim/cocli@eeb7bd48 &&\
     go install github.com/veraison/evcli/v2@latest &&\
     go install github.com/veraison/pocli@latest &&\
     go install github.com/go-delve/delve/cmd/dlv@latest
diff --git a/deployments/docker/src/cocli-config.yaml.template b/deployments/docker/src/cocli-config.yaml.template
new file mode 100644
index 00000000..8344a544
--- /dev/null
+++ b/deployments/docker/src/cocli-config.yaml.template
@@ -0,0 +1,8 @@
+api_server: http://provisioning-service:${PROVISIONING_PORT}/endorsement-provisioning/v1/submit
+auth: oauth2
+username: veraison-provisioner
+password: veraison
+client_id: veraison-client
+client_secret: YifmabB4cVSPPtFLAmHfq7wKaEHQn10Z
+token_url: http://keycloak-service:${KEYCLOAK_PORT}/realms/veraison/protocol/openid-connect/token
+# vim: set ft=yaml:
diff --git a/deployments/docker/src/config.yaml.template b/deployments/docker/src/config.yaml.template
index b6a46a19..795c32ed 100644
--- a/deployments/docker/src/config.yaml.template
+++ b/deployments/docker/src/config.yaml.template
@@ -38,5 +38,5 @@ po-agent:
 auth:
   backend: keycloak
   host: keycloak-service
-  port: 11111
+  port: ${KEYCLOAK_PORT}
 # vim: set ft=yaml:
diff --git a/deployments/docker/src/manager.docker b/deployments/docker/src/manager.docker
index 689e85f3..5668e3cf 100644
--- a/deployments/docker/src/manager.docker
+++ b/deployments/docker/src/manager.docker
@@ -33,10 +33,12 @@ USER manager
 WORKDIR /opt/veraison
 
 RUN mkdir -p /home/manager/.config/pocli && \
-    echo "host: management-service" > /home/manager/.config/pocli/config.yaml
+    mkdir -p /home/manager/.config/cocli
 
 ADD --chown=manager:nogroup utils/evcli utils/cocli utils/pocli ./utils/
 ADD --chown=manager:nogroup manager-dispatcher ./
+ADD --chown=manager:nogroup utils/cocli-config.yaml /home/manager/.config/cocli/config.yaml
+ADD --chown=manager:nogroup utils/pocli-config.yaml /home/manager/.config/pocli/config.yaml
 
 ENTRYPOINT ["/opt/veraison/manager-dispatcher"]
 CMD ["help"]
diff --git a/deployments/docker/src/pocli-config.yaml.template b/deployments/docker/src/pocli-config.yaml.template
new file mode 100644
index 00000000..a01ef077
--- /dev/null
+++ b/deployments/docker/src/pocli-config.yaml.template
@@ -0,0 +1,9 @@
+host: management-service
+port: ${MANAGEMENT_PORT}
+auth: oauth2
+username: veraison-provisioner
+password: veraison
+client_id: veraison-client
+client_secret: YifmabB4cVSPPtFLAmHfq7wKaEHQn10Z
+token_url: http://keycloak-service:${KEYCLOAK_PORT}/realms/veraison/protocol/openid-connect/token
+# vim: set ft=yaml: