Skip to content

Commit

Permalink
Vault explore (#1163)
Browse files Browse the repository at this point in the history
* Update config.yml (#1161)

Removes app checklist on db_sanitise as config import etc are not needed

* Update config.yml

* Update config.yml

* Update config.yml

* Update config.yml

* Update config.yml

* Update push.local.sh

* Update config.yml

* PAR-2491 & PAR-2492: Updating CF scripts to use new user creds

* PAR-2491: More user switching

* PAR-2491: Using same db import as stage fr the test env
  • Loading branch information
robwild-affinitydigital authored Aug 27, 2024
1 parent fd9463f commit ad07a54
Show file tree
Hide file tree
Showing 6 changed files with 64 additions and 65 deletions.
7 changes: 4 additions & 3 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -92,8 +92,9 @@ references:
configure_secrets: &configure_secrets
run:
name: "Configure secrets"
name: "Configure secrets from Vault"
command: |
curl icanhazip.com
./devops/vault/vault-export.sh ci
prepare_application: &prepare_application
Expand Down Expand Up @@ -186,6 +187,7 @@ jobs:
- .

compile_code:
circleci_ip_ranges: false
<<: *defaults
steps:
- *clean_working_directory
Expand Down Expand Up @@ -413,7 +415,7 @@ jobs:
command: |
DEPLOY_ENV=($(echo $CIRCLE_TAG | awk -F '-' '{print $1}'))
printf "Deploying to test environment: https://beis-par-$DEPLOY_ENV.cloudapps.digital\n"
./devops/cf/push.local.sh -T $CIRCLE_TAG -r -b /var/www/html/backups/${SANITISED_DATABASE}-latest.sql -d /tmp/workspace $DEPLOY_ENV
./devops/cf/push.local.sh -T $CIRCLE_TAG -r -b /var/www/html/backups/${SANITISED_DATABASE}.sql -d /tmp/workspace $DEPLOY_ENV
archive_database:
<<: *defaults
Expand Down Expand Up @@ -454,7 +456,6 @@ jobs:
command: cd web && sed -e '/-- do not execute if not member of manager role/,+4d' < ../backups/${UNSANITISED_DATABASE}.sql | ../vendor/bin/drush @par.paas sql:cli
environment:
APP_ENV: ci-sanitise
- *check_application
- run:
name: "Sanitise database"
command: |
Expand Down
26 changes: 13 additions & 13 deletions devops/cf/check_opensearch.sh
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,8 @@ command -v cf >/dev/null 2>&1 || {
# Set required parameters
# ENV (required) - the environment to check for
# BUILD_VER (optional) - the build tag being pushed
# GOVUK_CF_USER (required) - the user deploying the script
# GOVUK_CF_PWD (required) - the password for the user account
# DEV_GOVUK_CF_USER (required) - the user deploying the script
# DEV_GOVUK_CF_PWD (required) - the password for the user account
# BUILD_DIR - the directory containing the build assets
# VAULT_ADDR - the vault service endpoint
# VAULT_UNSEAL_KEY (required) - the key used to unseal the vault
Expand All @@ -55,8 +55,8 @@ eval set -- "$PARSED"

# Defaults
ENV_ONLY=${ENV_ONLY:=n}
GOVUK_CF_USER=${GOVUK_CF_USER:-}
GOVUK_CF_PWD=${GOVUK_CF_PWD:-}
DEV_GOVUK_CF_USER=${DEV_GOVUK_CF_USER:-}
DEV_GOVUK_CF_PWD=${DEV_GOVUK_CF_PWD:-}
INDEX=${INDEX:="partnership_index"}
LOCAL_PORT=${LOCAL_PORT:="4430"}

Expand All @@ -71,11 +71,11 @@ while true; do
shift 2
;;
-u|--user)
GOVUK_CF_USER="$2"
DEV_GOVUK_CF_USER="$2"
shift 2
;;
-p|--password)
GOVUK_CF_PWD="$2"
DEV_GOVUK_CF_PWD="$2"
shift 2
;;
--)
Expand All @@ -100,17 +100,17 @@ ENV=$1
####################################################################################
# Allow manual input of missing parameters
# ENV (required) - the password for the user account
# GOVUK_CF_USER (required) - the user deploying the script
# GOVUK_CF_PWD (required) - the password for the user account
# DEV_GOVUK_CF_USER (required) - the user deploying the script
# DEV_GOVUK_CF_PWD (required) - the password for the user account
# INDEX - the index to check the health for
####################################################################################
if [[ -z "${GOVUK_CF_USER}" ]]; then
if [[ -z "${DEV_GOVUK_CF_USER}" ]]; then
echo -n "Enter your Cloud Foundry username: "
read GOVUK_CF_USER
read DEV_GOVUK_CF_USER
fi
if [[ -z "${GOVUK_CF_PWD}" ]]; then
if [[ -z "${DEV_GOVUK_CF_PWD}" ]]; then
echo -n "Enter your Cloud Foundry password (will be hidden): "
read -s GOVUK_CF_PWD
read -s DEV_GOVUK_CF_PWD
fi
if [[ -z "${INDEX}" ]]; then
echo -n "Please choose an index to check: "
Expand All @@ -130,7 +130,7 @@ elif [[ $ENV == 'staging' ]] || [[ $ENV == staging-* ]]; then
cf login -a api.cloud.service.gov.uk -u $GOVUK_CF_USER -p $GOVUK_CF_PWD \
-o "office-for-product-safety-and-standards" -s "primary-authority-register-staging"
else
cf login -a api.cloud.service.gov.uk -u $GOVUK_CF_USER -p $GOVUK_CF_PWD \
cf login -a api.cloud.service.gov.uk -u $DEV_GOVUK_CF_USER -p $DEV_GOVUK_CF_PWD \
-o "office-for-product-safety-and-standards" -s "primary-authority-register-development"
fi

Expand Down
26 changes: 13 additions & 13 deletions devops/cf/destroy.app.sh
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ command -v cf >/dev/null 2>&1 || {
####################################################################################
# Set required parameters
# ENV (required) - the password for the user account
# GOVUK_CF_USER (required) - the user deploying the script
# GOVUK_CF_PWD (required) - the password for the user account
# DEV_GOVUK_CF_USER (required) - the user deploying the script
# DEV_GOVUK_CF_PWD (required) - the password for the user account
####################################################################################
OPTIONS=u:p:
LONGOPTS=user:,password:
Expand All @@ -50,17 +50,17 @@ fi
eval set -- "$PARSED"

# Defaults
GOVUK_CF_USER=${GOVUK_CF_USER:-}
GOVUK_CF_PWD=${GOVUK_CF_PWD:-}
DEV_GOVUK_CF_USER=${DEV_GOVUK_CF_USER:-}
DEV_GOVUK_CF_PWD=${DEV_GOVUK_CF_PWD:-}

while true; do
case "$1" in
-u|--user)
GOVUK_CF_USER="$2"
DEV_GOVUK_CF_USER="$2"
shift 2
;;
-p|--password)
GOVUK_CF_PWD="$2"
DEV_GOVUK_CF_PWD="$2"
shift 2
;;
--)
Expand Down Expand Up @@ -90,19 +90,19 @@ fi
####################################################################################
# Allow manual input of missing parameters
# ENV (required) - the password for the user account
# GOVUK_CF_USER (required) - the user deploying the script
# GOVUK_CF_PWD (required) - the password for the user account
# DEV_GOVUK_CF_USER (required) - the user deploying the script
# DEV_GOVUK_CF_PWD (required) - the password for the user account
# BUILD_DIR - the directory containing the build assets
# VAULT_ADDR - the vault service endpoint
# VAULT_UNSEAL_KEY (required) - the key used to unseal the vault
####################################################################################
if [[ -z "${GOVUK_CF_USER}" ]]; then
if [[ -z "${DEV_GOVUK_CF_USER}" ]]; then
echo -n "Enter your Cloud Foundry username: "
read GOVUK_CF_USER
read DEV_GOVUK_CF_USER
fi
if [[ -z "${GOVUK_CF_PWD}" ]]; then
if [[ -z "${DEV_GOVUK_CF_PWD}" ]]; then
echo -n "Enter your Cloud Foundry password (will be hidden): "
read -s GOVUK_CF_PWD
read -s DEV_GOVUK_CF_PWD
fi


Expand All @@ -116,7 +116,7 @@ if [[ $ENV == 'staging' ]] || [[ $ENV =~ ^staging-.* ]]; then
cf login -a api.cloud.service.gov.uk -u $GOVUK_CF_USER -p $GOVUK_CF_PWD \
-o "office-for-product-safety-and-standards" -s "primary-authority-register-staging"
else
cf login -a api.cloud.service.gov.uk -u $GOVUK_CF_USER -p $GOVUK_CF_PWD \
cf login -a api.cloud.service.gov.uk -u $DEV_GOVUK_CF_USER -p $DEV_GOVUK_CF_PWD \
-o "office-for-product-safety-and-standards" -s "primary-authority-register-development"
fi

Expand Down
37 changes: 18 additions & 19 deletions devops/cf/pull.local.sh
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,8 @@ command -v cf >/dev/null 2>&1 || {
# VERSION (required) - the semver tag to be deployed
# ENV (required) - the environment to push to
# AWS_KEY (required) - the user deploying the script
# GOVUK_CF_USER (required) - the user deploying the script
# GOVUK_CF_USER (required) - the user deploying the script
# GOVUK_CF_PWD (required) - the password for the user account
# DEV_GOVUK_CF_USER (required) - the user deploying the script
# DEV_GOVUK_CF_PWD (required) - the password for the user account
# BUILD_DIR - the directory containing the build assets
# VAULT_ADDR - the vault service endpoint
# VAULT_UNSEAL_KEY (required) - the key used to unseal the vault
Expand All @@ -75,8 +74,8 @@ eval set -- "$PARSED"
# Defaults
VERSION=${VERSION:-}
ENV_ONLY=${ENV_ONLY:=n}
GOVUK_CF_USER=${GOVUK_CF_USER:-}
GOVUK_CF_PWD=${GOVUK_CF_PWD:-}
DEV_GOVUK_CF_USER=${DEV_GOVUK_CF_USER:-}
DEV_GOVUK_CF_PWD=${DEV_GOVUK_CF_PWD:-}
CF_INSTANCES=${CF_INSTANCES:=1}
DB_IMPORT=${DB_IMPORT:="$PWD/backups/sanitised-db.sql"}
DB_RESET=${DB_RESET:=n}
Expand All @@ -96,11 +95,11 @@ while true; do
shift
;;
-u|--user)
GOVUK_CF_USER="$2"
DEV_GOVUK_CF_USER="$2"
shift 2
;;
-p|--password)
GOVUK_CF_PWD="$2"
DEV_GOVUK_CF_PWD="$2"
shift 2
;;
-i|--instances)
Expand Down Expand Up @@ -166,23 +165,23 @@ fi
####################################################################################
# Allow manual input of missing parameters
# ENV (required) - the password for the user account
# GOVUK_CF_USER (required) - the user deploying the script
# GOVUK_CF_PWD (required) - the password for the user account
# DEV_GOVUK_CF_USER (required) - the user deploying the script
# DEV_GOVUK_CF_PWD (required) - the password for the user account
# BUILD_DIR - the directory containing the build assets
# VAULT_ADDR - the vault service endpoint
# VAULT_UNSEAL_KEY (required) - the key used to unseal the vault
####################################################################################
if [[ -z "${VERSION}" ]]; then
echo -n "Enter the tag you wish to deploy: "
read GOVUK_CF_USER
read DEV_GOVUK_CF_USER
fi
if [[ -z "${GOVUK_CF_USER}" ]]; then
if [[ -z "${DEV_GOVUK_CF_USER}" ]]; then
echo -n "Enter your Cloud Foundry username: "
read GOVUK_CF_USER
read DEV_GOVUK_CF_USER
fi
if [[ -z "${GOVUK_CF_PWD}" ]]; then
if [[ -z "${DEV_GOVUK_CF_PWD}" ]]; then
echo -n "Enter your Cloud Foundry password (will be hidden): "
read -s GOVUK_CF_PWD
read -s DEV_GOVUK_CF_PWD
fi
if [[ -z "${VAULT_UNSEAL}" ]]; then
echo -n "Enter your Vault unseal key (will be hidden): "
Expand Down Expand Up @@ -218,28 +217,28 @@ vault operator seal -tls-skip-verify
# Pull the packaged version from S3
####################################################################################
printf "Pulling version $VERSION...\n"

mkdir -p $BUILD_DIR
rm -rf $BUILD_DIR/*

printf "Downloading build package s3://beis-par-artifacts/builds/$VERSION.tar.gz...\n"
aws s3 cp s3://beis-par-artifacts/builds/$VERSION.tar.gz /tmp/

## Check that we got the package
if [ ! -f /tmp/$VERSION.tar.gz ]; then
exit
fi

## Unpack and remove package file
printf "Extracting the tar ball to $BUILD_DIR...\n"
tar -zxvf /tmp/$VERSION.tar.gz -C $BUILD_DIR > /dev/null 2>&1
rm /tmp/$VERSION.tar.gz

####################################################################################
# Run the deployment script
####################################################################################
SCRIPT="${BASH_SOURCE%/*}/push.local.sh -d $BUILD_DIR $ENV"

printf "Tag $VERSION has been pulled...\n"
printf "Please deploy this to an environment using the following command...\n"
printf "$SCRIPT\n"
printf "$SCRIPT\n"
31 changes: 15 additions & 16 deletions devops/cf/push.local.sh
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@ command -v cf >/dev/null 2>&1 || {
# Set required parameters
# ENV (required) - the password for the user account
# BUILD_VER (optional) - the build tag being pushed
# GOVUK_CF_USER (required) - the user deploying the script
# GOVUK_CF_PWD (required) - the password for the user account
# DEV_GOVUK_CF_USER (required) - the user deploying the script
# DEV_GOVUK_CF_PWD (required) - the password for the user account
# BUILD_DIR - the directory containing the build assets
# VAULT_ADDR - the vault service endpoint
# VAULT_UNSEAL_KEY (required) - the key used to unseal the vault
Expand All @@ -63,8 +63,8 @@ eval set -- "$PARSED"

# Defaults
ENV_ONLY=${ENV_ONLY:=n}
GOVUK_CF_USER=${GOVUK_CF_USER:-}
GOVUK_CF_PWD=${GOVUK_CF_PWD:-}
DEV_GOVUK_CF_USER=${DEV_GOVUK_CF_USER:-}
DEV_GOVUK_CF_PWD=${DEV_GOVUK_CF_PWD:-}
CF_INSTANCES=${CF_INSTANCES:=1}
BUILD_VER=${BUILD_VER:-}
BUILD_DIR=${BUILD_DIR:=$PWD}
Expand All @@ -88,11 +88,11 @@ while true; do
shift 2
;;
-u|--user)
GOVUK_CF_USER="$2"
DEV_GOVUK_CF_USER="$2"
shift 2
;;
-p|--password)
GOVUK_CF_PWD="$2"
DEV_GOVUK_CF_PWD="$2"
shift 2
;;
-i|--instances)
Expand Down Expand Up @@ -140,7 +140,6 @@ done

# Defaults that incorporate user defined values
DB_IMPORT=${DB_IMPORT:="$BUILD_DIR/$DB_DIR/$DB_NAME.sql"}
printf "DB Import path: $DB_IMPORT \n"

## Ensure an environment has been passed
if [[ $# -ne 1 ]]; then
Expand All @@ -167,19 +166,19 @@ fi
####################################################################################
# Allow manual input of missing parameters
# ENV (required) - the password for the user account
# GOVUK_CF_USER (required) - the user deploying the script
# GOVUK_CF_PWD (required) - the password for the user account
# DEV_GOVUK_CF_USER (required) - the user deploying the script
# DEV_GOVUK_CF_PWD (required) - the password for the user account
# BUILD_DIR - the directory containing the build assets
# VAULT_ADDR - the vault service endpoint
# VAULT_UNSEAL_KEY (required) - the key used to unseal the vault
####################################################################################
if [[ -z "${GOVUK_CF_USER}" ]]; then
if [[ -z "${DEV_GOVUK_CF_USER}" ]]; then
echo -n "Enter your Cloud Foundry username: "
read GOVUK_CF_USER
read DEV_GOVUK_CF_USER
fi
if [[ -z "${GOVUK_CF_PWD}" ]]; then
if [[ -z "${DEV_GOVUK_CF_PWD}" ]]; then
echo -n "Enter your Cloud Foundry password (will be hidden): "
read -s GOVUK_CF_PWD
read -s DEV_GOVUK_CF_PWD
fi
if [[ -z "${VAULT_UNSEAL}" ]]; then
echo -n "Enter your Vault unseal key (will be hidden): "
Expand Down Expand Up @@ -242,8 +241,8 @@ elif [[ $ENV == 'staging' ]] || [[ $ENV =~ ^staging-.* ]]; then
cf login -a api.cloud.service.gov.uk -u $GOVUK_CF_USER -p $GOVUK_CF_PWD \
-o "office-for-product-safety-and-standards" -s "primary-authority-register-staging"
else
cf login -a api.cloud.service.gov.uk -u $GOVUK_CF_USER -p $GOVUK_CF_PWD \
-o "office-for-product-safety-and-standards" -s "primary-authority-register-development"
cf login -a api.cloud.service.gov.uk -u $DEV_GOVUK_CF_USER -p $DEV_GOVUK_CF_PWD \
-o office-for-product-safety-and-standards -s primary-authority-register-development
fi


Expand Down Expand Up @@ -559,7 +558,7 @@ if [[ $ENV != "production" ]] && [[ $DB_RESET ]]; then
tar --no-same-owner -zxvf $REMOTE_BUILD_DIR/$DB_DIR/$DB_NAME.tar.gz -C $REMOTE_BUILD_DIR/$DB_DIR && \
../vendor/bin/drush @par.paas sql:cli < $REMOTE_BUILD_DIR/$DB_DIR/$DB_NAME.sql && \
rm -f $REMOTE_BUILD_DIR/$DB_DIR/$DB_NAME.sql"

# Wait for database to be imported.
cf_poll_task $TARGET_ENV DB_IMPORT

Expand Down
2 changes: 1 addition & 1 deletion scripts/db-remote-backup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ elif [[ $NAME == 'staging' ]] || [[ $NAME == staging-* ]]; then
cf login -a api.cloud.service.gov.uk -u $GOVUK_CF_USER -p $GOVUK_CF_PWD \
-o "office-for-product-safety-and-standards" -s "primary-authority-register-staging"
else
cf login -a api.cloud.service.gov.uk -u $GOVUK_CF_USER -p $GOVUK_CF_PWD \
cf login -a api.cloud.service.gov.uk -u $DEV_GOVUK_CF_USER -p $DEV_GOVUK_CF_PWD \
-o "office-for-product-safety-and-standards" -s "primary-authority-register-development"
fi

Expand Down

0 comments on commit ad07a54

Please sign in to comment.