Skip to content

Commit

Permalink
Allow setting key vault secret name & Unify API versions (#335)
Browse files Browse the repository at this point in the history
* Unified the api-versions to use the latest version globally and remove individual settings; Add key vault secret parameter to allow setting the secret name during deployment.

* Remove unneeded temp value
  • Loading branch information
maxilampert authored Oct 6, 2023
1 parent 39ea3e7 commit d91ce9d
Show file tree
Hide file tree
Showing 50 changed files with 409 additions and 764 deletions.
118 changes: 0 additions & 118 deletions builder/azure/arm/TestVirtualMachineDeployment05.approved.txt

This file was deleted.

4 changes: 4 additions & 0 deletions builder/azure/arm/builder.go
Original file line number Diff line number Diff line change
Expand Up @@ -488,12 +488,16 @@ func (b *Builder) configureStateBag(stateBag multistep.StateBag) {
}

stateBag.Put(constants.ArmKeyVaultName, b.config.tmpKeyVaultName)
stateBag.Put(constants.ArmKeyVaultSecretName, DefaultSecretName)
stateBag.Put(constants.ArmIsExistingKeyVault, false)
if b.config.BuildKeyVaultName != "" {
stateBag.Put(constants.ArmKeyVaultName, b.config.BuildKeyVaultName)
b.config.tmpKeyVaultName = b.config.BuildKeyVaultName
stateBag.Put(constants.ArmIsExistingKeyVault, true)
}
if b.config.BuildKeyVaultSecretName != "" {
stateBag.Put(constants.ArmKeyVaultSecretName, b.config.BuildKeyVaultSecretName)
}

stateBag.Put(constants.ArmNicName, b.config.tmpNicName)
stateBag.Put(constants.ArmPublicIPAddressName, b.config.tmpPublicIPAddressName)
Expand Down
8 changes: 7 additions & 1 deletion builder/azure/arm/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -363,9 +363,11 @@ type Config struct {
TempResourceGroupName string `mapstructure:"temp_resource_group_name"`
// Specify an existing resource group to run the build in.
BuildResourceGroupName string `mapstructure:"build_resource_group_name"`
// Specify an existing key vault to use for uploading certificates to the
// Specify an existing key vault to use for uploading the certificate for the
// instance to connect.
BuildKeyVaultName string `mapstructure:"build_key_vault_name"`
// Specify the secret name to use for the certificate created in the key vault.
BuildKeyVaultSecretName string `mapstructure:"build_key_vault_secret_name"`
// Specify the KeyVault SKU to create during the build. Valid values are
// standard or premium. The default value is standard.
BuildKeyVaultSKU string `mapstructure:"build_key_vault_sku"`
Expand Down Expand Up @@ -1005,6 +1007,10 @@ func provideDefaultValues(c *Config) {
c.BuildKeyVaultSKU = DefaultKeyVaultSKU
}

if c.BuildKeyVaultSecretName == "" {
c.BuildKeyVaultSecretName = DefaultSecretName
}

_ = c.ClientConfig.SetDefaultValues()
}

Expand Down
2 changes: 2 additions & 0 deletions builder/azure/arm/config.hcl2spec.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion builder/azure/arm/step_certificate_in_keyvault.go
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,8 @@ func (s *StepCertificateInKeyVault) Run(ctx context.Context, state multistep.Sta
var keyVaultName = state.Get(constants.ArmKeyVaultName).(string)
var subscriptionId = state.Get(constants.ArmSubscription).(string)
var resourceGroupName = state.Get(constants.ArmResourceGroupName).(string)
id := secrets.NewSecretID(subscriptionId, resourceGroupName, keyVaultName, DefaultSecretName)
var keyVaultSecretName = state.Get(constants.ArmKeyVaultSecretName).(string)
id := secrets.NewSecretID(subscriptionId, resourceGroupName, keyVaultName, keyVaultSecretName)
err := s.set(ctx, id)
if err != nil {
s.error(fmt.Errorf("Error setting winrm cert in custom keyvault: %s", err))
Expand Down
2 changes: 2 additions & 0 deletions builder/azure/arm/step_certificate_in_keyvault_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ func TestNewStepCertificateInKeyVault(t *testing.T) {
state.Put(constants.ArmKeyVaultName, "testKeyVaultName")
state.Put(constants.ArmSubscription, "testSubscription")
state.Put(constants.ArmResourceGroupName, "testResourceGroupName")
state.Put(constants.ArmKeyVaultSecretName, "testKeyVaultSecretName")

config := &Config{
winrmCertificate: "testCertificateString",
Expand All @@ -44,6 +45,7 @@ func TestNewStepCertificateInKeyVault_error(t *testing.T) {
state.Put(constants.ArmKeyVaultName, "testKeyVaultName")
state.Put(constants.ArmSubscription, "testSubscription")
state.Put(constants.ArmResourceGroupName, "testResourceGroupName")
state.Put(constants.ArmKeyVaultSecretName, "testKeyVaultSecretName")

config := &Config{
winrmCertificate: "testCertificateString",
Expand Down
5 changes: 3 additions & 2 deletions builder/azure/arm/step_get_certificate.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,14 +56,15 @@ func (s *StepGetCertificate) Run(ctx context.Context, state multistep.StateBag)
var keyVaultName = state.Get(constants.ArmKeyVaultName).(string)
var resourceGroupName = state.Get(constants.ArmResourceGroupName).(string)
var subscriptionId = state.Get(constants.ArmSubscription).(string)
var keyVaultSecretName = state.Get(constants.ArmKeyVaultSecretName).(string)

s.say(fmt.Sprintf(" -> Key Vault Name : '%s'", keyVaultName))
s.say(fmt.Sprintf(" -> Key Vault Secret Name : '%s'", DefaultSecretName))
s.say(fmt.Sprintf(" -> Key Vault Secret Name : '%s'", keyVaultSecretName))

var err error
var url string
for i := 0; i < 5; i++ {
url, err = s.get(ctx, subscriptionId, resourceGroupName, keyVaultName, DefaultSecretName)
url, err = s.get(ctx, subscriptionId, resourceGroupName, keyVaultName, keyVaultSecretName)
if err == nil {
break
}
Expand Down
6 changes: 5 additions & 1 deletion builder/azure/arm/step_get_certificate_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,10 @@ func TestStepGetCertificateShouldTakeStepArgumentsFromStateBag(t *testing.T) {
if actualKeyVaultName != expectedKeyVaultName {
t.Fatal("Expected StepGetCertificate to source 'constants.ArmKeyVaultName' from the state bag, but it did not.")
}
if actualSecretName != DefaultSecretName {

var expectedKeyVaultSecretName = stateBag.Get(constants.ArmKeyVaultSecretName).(string)

if actualSecretName != expectedKeyVaultSecretName {
t.Fatal("Expected StepGetCertificate to use default value for secret, but it did not.")
}

Expand All @@ -101,5 +104,6 @@ func createTestStateBagStepGetCertificate() multistep.StateBag {
stateBag.Put(constants.ArmKeyVaultName, "Unit Test: KeyVaultName")
stateBag.Put(constants.ArmSubscription, "testSubscription")
stateBag.Put(constants.ArmResourceGroupName, "testResourceGroupName")
stateBag.Put(constants.ArmKeyVaultSecretName, "testKeyVaultSecretName")
return stateBag
}
1 change: 1 addition & 0 deletions builder/azure/arm/template_factory.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ func GetKeyVaultDeployment(config *Config, secretValue string, exp *int64) (*dep
params := &template.TemplateParameters{
KeyVaultName: &template.TemplateParameter{Value: config.tmpKeyVaultName},
KeyVaultSKU: &template.TemplateParameter{Value: config.BuildKeyVaultSKU},
KeyVaultSecretName: &template.TemplateParameter{Value: config.BuildKeyVaultSecretName},
KeyVaultSecretValue: &template.TemplateParameter{Value: secretValue},
ObjectId: &template.TemplateParameter{Value: config.ClientConfig.ObjectID},
TenantId: &template.TemplateParameter{Value: config.ClientConfig.TenantID},
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json",
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVaultName": {
Expand All @@ -8,6 +8,9 @@
"keyVaultSKU": {
"type": "string"
},
"keyVaultSecretName": {
"type": "string"
},
"keyVaultSecretValue": {
"type": "securestring"
},
Expand Down Expand Up @@ -47,30 +50,32 @@
},
"tenantId": "[parameters('tenantId')]"
},
"resources": [
{
"apiVersion": "[variables('apiVersion')]",
"dependsOn": [
"[concat('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]"
],
"name": "[variables('keyVaultSecretName')]",
"properties": {
"value": "[parameters('keyVaultSecretValue')]"
},
"type": "secrets"
}
],
"tags": {
"tag01": "value01",
"tag02": "value02",
"tag03": "value03"
},
"type": "Microsoft.KeyVault/vaults"
},
{
"apiVersion": "[variables('apiVersion')]",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]"
],
"name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('keyVaultSecretName'))]",
"properties": {
"value": "[parameters('keyVaultSecretValue')]"
},
"tags": {
"tag01": "value01",
"tag02": "value02",
"tag03": "value03"
},
"type": "Microsoft.KeyVault/vaults/secrets"
}
],
"variables": {
"apiVersion": "2015-06-01",
"keyVaultSecretName": "packerKeyVaultSecret",
"apiVersion": "2022-07-01",
"location": "[resourceGroup().location]"
}
}
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json",
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"keyVaultName": {
Expand All @@ -8,6 +8,9 @@
"keyVaultSKU": {
"type": "string"
},
"keyVaultSecretName": {
"type": "string"
},
"keyVaultSecretValue": {
"type": "securestring"
},
Expand Down Expand Up @@ -47,28 +50,25 @@
},
"tenantId": "[parameters('tenantId')]"
},
"resources": [
{
"apiVersion": "[variables('apiVersion')]",
"dependsOn": [
"[concat('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]"
],
"name": "[variables('keyVaultSecretName')]",
"properties": {
"attributes": {
"exp": 4102444800
},
"value": "[parameters('keyVaultSecretValue')]"
},
"type": "secrets"
}
],
"type": "Microsoft.KeyVault/vaults"
},
{
"apiVersion": "[variables('apiVersion')]",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults/', parameters('keyVaultName'))]"
],
"name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('keyVaultSecretName'))]",
"properties": {
"attributes": {
"exp": 4102444800
},
"value": "[parameters('keyVaultSecretValue')]"
},
"type": "Microsoft.KeyVault/vaults/secrets"
}
],
"variables": {
"apiVersion": "2015-06-01",
"keyVaultSecretName": "packerKeyVaultSecret",
"apiVersion": "2022-07-01",
"location": "[resourceGroup().location]"
}
}
Loading

0 comments on commit d91ce9d

Please sign in to comment.