Commit f87cec07 authored by Aman Verma's avatar Aman Verma
Browse files

updating the token generation mechanism during bootstrap

parent 56041c60
Pipeline #73828 failed with stages
in 44 seconds
FROM mcr.microsoft.com/azure-cli
RUN apk add ca-certificates bash curl wget gettext jq bind-tools \
&& wget -q https://storage.googleapis.com/kubernetes-release/release/v1.21.2/bin/linux/amd64/kubectl -O /usr/local/bin/kubectl \
&& chmod +x /usr/local/bin/kubectl \
&& chmod g+rwx /root \
&& mkdir /config \
&& chmod g+rwx /config
ENV AZURE_BUILD_SUBDIR="provider/schema-azure" \
AZURE_TEST_SUBDIR="testing/schema-test-core" \
AZURE_DEPLOYMENTS_SUBDIR="deployments/scripts/azure" \
AZURE_DEPLOYMENTS_SCRIPTS_SUBDIR="deployments/scripts" \
AZURE_DNS_NAME=$AZURE_DNS_NAME \
AZURE_STORAGE_CONNECTION_STRING="DefaultEndpointsProtocol=https;AccountName=${AZURE_BASE}data;AccountKey=${AZURE_STORAGE_KEY};EndpointSuffix=core.windows.net"
USER root
# Create osdu user
RUN addgroup --system osdu && adduser --system osdu --ingroup osdu
WORKDIR /home/osdu
# Install Requirements
ADD deployments/scripts/azure/requirements.txt ./requirements.txt
RUN pip install -r requirements.txt
# Add Scripts
COPY deployments deployments
RUN chmod +x deployments/scripts/azure/bootstrap.sh
USER osdu
ENTRYPOINT ["/bin/bash", "/home/osdu/deployments/scripts/azure/bootstrap.sh"]
[[_TOC_]]
## Prerequisites
- Azure CLI 2.11.x or higher
## How to build and push a docker container
- Navigate to repo root
- Login to your azure container registry
```
az login
az account set -s "AG-IND-OSDU-TEST" #Update subscription id
az acr login -n msosdu #Update registry name
```
- Build and push the container image
```
az acr build -r msosdu -t schema-data-init:0.12.0 -f "deployments/scripts/azure/Dockerfile" .
```
## Running the container locally
- Prepare a .env file, let's say `env_file.env` with following content:
```
AZURE_DNS_NAME=<your_dns> #e.g. osdu-dev.msft-osdu-test.org
AZURE_TENANT_ID=<tenant_id>
AZURE_AD_APP_RESOURCE_ID=<aad_client_id>
AZURE_CLIENT_ID=<client_id>
AZURE_CLIENT_SECRET=<client_secret>
```
- Run the container:
```
docker run --env-file .env msosdu.azurecr.io/schema-data-init:0.12.0
```
Ensure that image name is put at the very end of the command and all other parameters are specified before that.
## Validation
Once the container starts running, you'll see logs like this:
```
Current data-partition-id: opendes
Try POST for id: osdu:wks:AbstractAccessControlList:1.0.0
Try PUT for id: osdu:wks:AbstractAccessControlList:1.0.0
The kind osdu:wks:AbstractAccessControlList:1.0.0 was registered successfully.
Try POST for id: osdu:wks:AbstractActivityParameter:1.0.0
Try PUT for id: osdu:wks:AbstractActivityParameter:1.0.0
The kind osdu:wks:AbstractActivityParameter:1.0.0 was registered successfully.
...
```
\ No newline at end of file
export AZURE_SCHEMA_URL=https://$AZURE_DNS_NAME/api/schema-service/v1/schema
BEARER_TOKEN=`python $AZURE_DEPLOYMENTS_SUBDIR/Token.py`
export BEARER_TOKEN=$BEARER_TOKEN
export AZURE_SCHEMA_URL=https://${AZURE_DNS_NAME}/api/schema-service/v1/schema/
currentStatus="success"
currentMessage="All schemas uploaded successfully"
#cat get_access_token.sh
BEARER_TOKEN=$(sh $AZURE_DEPLOYMENTS_SUBDIR/get_access_token.sh)
#echo $BEARER_TOKEN
if [[ "$BEARER_TOKEN" == "TOKEN_FETCH_FAILURE" ]]; then
echo "Failed to fetch access token"
currentStatus="failure"
currentMessage="${currentMessage}. Failure fetching Access Token. "
else
echo "Access Token fetched successfully."
export BEARER_TOKEN=$BEARER_TOKEN
python $AZURE_DEPLOYMENTS_SCRIPTS_SUBDIR/DeploySharedSchemas.py -u $AZURE_SCHEMA_URL
IFS=',' read -r -a partitions_array <<< ${PARTITIONS}
for index in "${!partitions_array[@]}"
do
echo "Putting schemas in partition: ${partitions_array[index]}"
export DATA_PARTITION=${partitions_array[index]}
python $AZURE_DEPLOYMENTS_SCRIPTS_SUBDIR/DeploySharedSchemas.py -u $AZURE_SCHEMA_URL
ret=$?
if [ $ret -ne 0 ]; then
currentStatus="failure"
currentMessage="Schema loading failed. Please check error logs for more details."
fi
done
fi
#BEARER_TOKEN=`python $AZURE_DEPLOYMENTS_SUBDIR/Token.py`
if [ ! -z "$CONFIG_MAP_NAME" -a "$CONFIG_MAP_NAME" != " " ]; then
az login --identity --username $OSDU_IDENTITY_ID
ENV_AKS=$(az aks list --resource-group $RESOURCE_GROUP_NAME --query [].name -otsv)
az aks get-credentials --resource-group $RESOURCE_GROUP_NAME --name $ENV_AKS
kubectl config set-context $RESOURCE_GROUP_NAME --cluster $ENV_AKS
Status=$(kubectl get configmap $CONFIG_MAP_NAME -o jsonpath='{.data.status}')
Message=$(kubectl get configmap $CONFIG_MAP_NAME -o jsonpath='{.data.message}')
Message="${Message}Schema load Message: ${currentMessage}. "
## Update ConfigMap
kubectl create configmap $CONFIG_MAP_NAME \
--from-literal=status="$currentStatus" \
--from-literal=message="$Message" \
-o yaml --dry-run=client | kubectl replace -f -
fi
if [[ ${currentStatus} == "success" ]]; then
exit 0
else
exit 1
fi
#!/bin/bash
i=0
while [[ $i -lt 3 ]]; do
i=$(expr $i + 1)
response=$(curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F' -H Metadata:true -s)
if [ -z "$response" -a "$response"==" " ]; then
continue
fi
# Get Access Token
access_token=$(echo $response | python -c 'import sys, json; print (json.load(sys.stdin)["access_token"])')
if [ ! -z "$access_token" -a "$access_token" != " " ]; then
bearer="Bearer ${access_token}"
echo $bearer
exit 0
fi
done
echo "TOKEN_FETCH_FAILURE"
exit 1
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment