From a83f8bc6f2fda3a18b9c0aa1175118564fde2eef Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Mon, 31 Mar 2025 13:33:02 -0400 Subject: [PATCH 01/64] created branch for fetching key_vault_Feature --- .../DEV-WEEU-SAP01-X00/sap-parameters.yaml | 5 + scripts/sap_automation_qa.sh | 107 ++++++++++++++++-- 2 files changed, 103 insertions(+), 9 deletions(-) diff --git a/WORKSPACES/SYSTEM/DEV-WEEU-SAP01-X00/sap-parameters.yaml b/WORKSPACES/SYSTEM/DEV-WEEU-SAP01-X00/sap-parameters.yaml index 2221c9fc..2043be4e 100644 --- a/WORKSPACES/SYSTEM/DEV-WEEU-SAP01-X00/sap-parameters.yaml +++ b/WORKSPACES/SYSTEM/DEV-WEEU-SAP01-X00/sap-parameters.yaml @@ -27,3 +27,8 @@ database_cluster_type: AFA # Storage Profile # ############################################################################# NFS_provider: AFS +############################################################################# +# Key Vault # +############################################################################# +key_vault_id: test +secret_name: test \ No newline at end of file diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 2d83de28..a0fa707b 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -100,6 +100,45 @@ get_playbook_name() { esac } +# Function to check if the MSI has the correct permissions on the Key Vault +check_msi_permissions() { + local key_vault_id=$1 + local required_permission="Get" + + # Extract resource group name and key vault name from the key_vault_id + resource_group_name=$(echo "$key_vault_id" | awk -F'/' '{for(i=1;i<=NF;i++){if($i=="resourceGroups"){print $(i+1)}}}') + key_vault_name=$(echo "$key_vault_id" | awk -F'/' '{for(i=1;i<=NF;i++){if($i=="vaults"){print $(i+1)}}}') + + if [[ -z "$resource_group_name" || -z "$key_vault_name" ]]; then + log "ERROR" "Failed to extract resource group name or key vault name from key_vault_id: $key_vault_id" + exit 1 + fi + + log "INFO" "Extracted resource group name: $resource_group_name" + log "INFO" "Extracted key vault name: $key_vault_name" + + log "INFO" "Checking MSI permissions on Key Vault: $key_vault_name..." + + # Get the MSI name dynamically + MSI_NAME=$(az vm identity show --resource-group "$RESOURCE_GROUP" --name "$(az vm list --query "[?identity.type=='UserAssigned'].name" -o tsv)" --query "userAssignedIdentities | keys(@)[0]" -o tsv) + + # Get the MSI object ID + msi_object_id=$(az identity show --name "$MSI_NAME" --resource-group "$RESOURCE_GROUP" --query "principalId" -o tsv) + if [[ -z "$msi_object_id" ]]; then + log "ERROR" "Failed to retrieve MSI object ID for $MSI_NAME in resource group $RESOURCE_GROUP." + exit 1 + fi + + # Check Key Vault permissions + permissions=$(az keyvault show --name "$key_vault_name" --query "properties.accessPolicies[?objectId=='$msi_object_id'].permissions.secrets" -o tsv) + if [[ ! "$permissions" =~ (^|[[:space:]])"$required_permission"($|[[:space:]]) ]]; then + log "ERROR" "MSI $MSI_NAME does not have the required '$required_permission' permission on Key Vault $key_vault_name." + exit 1 + fi + + log "INFO" "MSI $MSI_NAME has the required permissions on Key Vault $key_vault_name." +} + # Function to run the ansible playbook run_ansible_playbook() { local playbook_name=$1 @@ -107,17 +146,53 @@ run_ansible_playbook() { local system_params=$3 local auth_type=$4 local system_config_folder=$5 + local key_vault_name=$6 + local secret_name=$7 + local temp_file if [[ "$auth_type" == "SSHKEY" ]]; then - local ssh_key="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" - log "INFO" "Using SSH key: $ssh_key." - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \ - -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" + if [[ -n "$key_vault_name" && -n "$secret_name" ]]; then + log "INFO" "Using Key Vault for SSH key retrieval." + secret_value=$(az keyvault secret show --vault-name "$key_vault_name" --name "$secret_name" --query "value" -o tsv) + if [[ -z "$secret_value" ]]; then + log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault '$key_vault_name'." + exit 1 + fi + temp_file=$(mktemp --suffix=.ppk) + echo "$secret_value" > "$temp_file" + log "INFO" "Temporary SSH key file created: $temp_file" + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $temp_file \ + -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" + else + local ssh_key="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" + log "INFO" "Using local SSH key: $ssh_key." + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \ + -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" + fi + elif [[ "$auth_type" == "VMPASSWORD" ]]; then + if [[ -n "$key_vault_name" && -n "$secret_name" ]]; then + log "INFO" "Using Key Vault for password retrieval." + secret_value=$(az keyvault secret show --vault-name "$key_vault_name" --name "$secret_name" --query "value" -o tsv) + if [[ -z "$secret_value" ]]; then + log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault '$key_vault_name'." + exit 1 + fi + temp_file=$(mktemp --suffix=.password) + echo "$secret_value" > "$temp_file" + log "INFO" "Temporary password file created: $temp_file" + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ + --extra-vars \"ansible_ssh_pass=$(cat $temp_file)\" --extra-vars @$VARS_FILE -e @$system_params \ + -e '_workspace_directory=$system_config_folder'" + else + local password_file="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" + log "INFO" "Using local password file: $password_file." + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ + --extra-vars \"ansible_ssh_pass=$(cat $password_file)\" --extra-vars @$VARS_FILE -e @$system_params \ + -e '_workspace_directory=$system_config_folder'" + fi else - log "INFO" "Using password authentication." - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ - --extra-vars \"ansible_ssh_pass=$(cat ${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password)\" \ - --extra-vars @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" + log "ERROR" "Unknown authentication type: $auth_type" + exit 1 fi log "INFO" "Running ansible playbook..." @@ -126,6 +201,12 @@ run_ansible_playbook() { return_code=$? log "INFO" "Ansible playbook execution completed with return code: $return_code" + # Clean up temporary file if it exists + if [[ -n "$temp_file" && -f "$temp_file" ]]; then + rm -f "$temp_file" + log "INFO" "Temporary file deleted: $temp_file" + fi + exit $return_code } @@ -156,15 +237,23 @@ main() { if [[ "$AUTHENTICATION_TYPE" == "SSHKEY" ]]; then check_file_exists "${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" \ "ssh_key.ppk not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." - else + elif [[ "$AUTHENTICATION_TYPE" == "VMPASSWORD" ]]; then check_file_exists "${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" \ "password file not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." + elif [[ "$AUTHENTICATION_TYPE" == "KEYVAULT" ]]; then + log "INFO" "Key Vault authentication selected. Ensure Key Vault parameters are set." fi playbook_name=$(get_playbook_name "$sap_functional_test_type") log "INFO" "Using playbook: $playbook_name." run_ansible_playbook "$playbook_name" "$SYSTEM_HOSTS" "$SYSTEM_PARAMS" "$AUTHENTICATION_TYPE" "$SYSTEM_CONFIG_FOLDER" + + # Clean up any remaining temporary files + if [[ -n "$temp_file" && -f "$temp_file" ]]; then + rm -f "$temp_file" + log "INFO" "Temporary file deleted: $temp_file" + fi } # Execute the main function From 62fe0a7f9d46deea9af1096f0d3fe4fe749d1fc3 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Mon, 31 Mar 2025 16:42:52 -0400 Subject: [PATCH 02/64] testing --- scripts/sap_automation_qa.sh | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index a0fa707b..d432ad7f 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -146,13 +146,13 @@ run_ansible_playbook() { local system_params=$3 local auth_type=$4 local system_config_folder=$5 - local key_vault_name=$6 - local secret_name=$7 + local secret_name=$6 local temp_file if [[ "$auth_type" == "SSHKEY" ]]; then if [[ -n "$key_vault_name" && -n "$secret_name" ]]; then log "INFO" "Using Key Vault for SSH key retrieval." + check_msi_permissions "$key_vault_name" # Call the function to check MSI permissions secret_value=$(az keyvault secret show --vault-name "$key_vault_name" --name "$secret_name" --query "value" -o tsv) if [[ -z "$secret_value" ]]; then log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault '$key_vault_name'." @@ -233,21 +233,22 @@ main() { check_file_exists "$SYSTEM_PARAMS" \ "sap-parameters.yaml not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." - log "INFO" "Checking if the SSH key or password file exists..." - if [[ "$AUTHENTICATION_TYPE" == "SSHKEY" ]]; then - check_file_exists "${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" \ - "ssh_key.ppk not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." - elif [[ "$AUTHENTICATION_TYPE" == "VMPASSWORD" ]]; then - check_file_exists "${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" \ - "password file not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." - elif [[ "$AUTHENTICATION_TYPE" == "KEYVAULT" ]]; then - log "INFO" "Key Vault authentication selected. Ensure Key Vault parameters are set." - fi + # log "INFO" "Checking if the SSH key or password file exists..." + # if [[ "$AUTHENTICATION_TYPE" == "SSHKEY" ]]; then + # check_file_exists "${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" \ + # "ssh_key.ppk not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." + # elif [[ "$AUTHENTICATION_TYPE" == "VMPASSWORD" ]]; then + # check_file_exists "${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" \ + # "password file not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." + # elif [[ "$AUTHENTICATION_TYPE" == "KEYVAULT" ]]; then + # log "INFO" "Key Vault authentication selected. Ensure Key Vault parameters are set." + # fi playbook_name=$(get_playbook_name "$sap_functional_test_type") log "INFO" "Using playbook: $playbook_name." - run_ansible_playbook "$playbook_name" "$SYSTEM_HOSTS" "$SYSTEM_PARAMS" "$AUTHENTICATION_TYPE" "$SYSTEM_CONFIG_FOLDER" + + run_ansible_playbook "$playbook_name" "$SYSTEM_HOSTS" "$SYSTEM_PARAMS" "$AUTHENTICATION_TYPE" "$SYSTEM_CONFIG_FOLDER" "$SECRET_NAME" # Clean up any remaining temporary files if [[ -n "$temp_file" && -f "$temp_file" ]]; then From eb59eff938792b050a5e847bebb2f52b3b312522 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Mon, 31 Mar 2025 16:52:01 -0400 Subject: [PATCH 03/64] testing --- scripts/sap_automation_qa.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index d432ad7f..4e52fe8b 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -150,6 +150,9 @@ run_ansible_playbook() { local temp_file if [[ "$auth_type" == "SSHKEY" ]]; then + log "INFO" "Authentication type is SSHKEY." + log "INFO" "Key Vault Name: $key_vault_name" + log "INFO" "Secret Name: $secret_name" if [[ -n "$key_vault_name" && -n "$secret_name" ]]; then log "INFO" "Using Key Vault for SSH key retrieval." check_msi_permissions "$key_vault_name" # Call the function to check MSI permissions From 1e7bb7521b68d6dc2c9c08e5391260bf478cdbd8 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Mon, 31 Mar 2025 16:54:12 -0400 Subject: [PATCH 04/64] testing --- scripts/sap_automation_qa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 4e52fe8b..8b79842f 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -251,7 +251,7 @@ main() { log "INFO" "Using playbook: $playbook_name." - run_ansible_playbook "$playbook_name" "$SYSTEM_HOSTS" "$SYSTEM_PARAMS" "$AUTHENTICATION_TYPE" "$SYSTEM_CONFIG_FOLDER" "$SECRET_NAME" + run_ansible_playbook "$playbook_name" "$SYSTEM_HOSTS" "$SYSTEM_PARAMS" "$AUTHENTICATION_TYPE" "$SYSTEM_CONFIG_FOLDER" "$secret_name" # Clean up any remaining temporary files if [[ -n "$temp_file" && -f "$temp_file" ]]; then From 44706854f28a2a1667489893a24a5b9d1191a68e Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Mon, 31 Mar 2025 16:59:08 -0400 Subject: [PATCH 05/64] testing --- scripts/sap_automation_qa.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 8b79842f..28684889 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -247,6 +247,17 @@ main() { # log "INFO" "Key Vault authentication selected. Ensure Key Vault parameters are set." # fi + # Extract secret_name from sap-parameters.yaml + secret_name=$(yq eval '.secret_name' "$SYSTEM_PARAMS") # Using yq + # Alternatively, use grep and awk: + # secret_name=$(grep "^secret_name:" "$SYSTEM_PARAMS" | awk '{split($0,a,": "); print a[2]}' | xargs) + + if [[ -z "$secret_name" ]]; then + log "ERROR" "Error: secret_name is not defined in $SYSTEM_PARAMS." + exit 1 + fi + log "INFO" "Extracted secret_name: $secret_name" + playbook_name=$(get_playbook_name "$sap_functional_test_type") log "INFO" "Using playbook: $playbook_name." From 9917f84c248cab26ecfa6b74458f40bdcd9bfb76 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Mon, 31 Mar 2025 17:01:35 -0400 Subject: [PATCH 06/64] testing --- scripts/sap_automation_qa.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 28684889..5a6fac31 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -249,8 +249,10 @@ main() { # Extract secret_name from sap-parameters.yaml secret_name=$(yq eval '.secret_name' "$SYSTEM_PARAMS") # Using yq + log "INFO" "Secret Name: $secret_name" # Alternatively, use grep and awk: - # secret_name=$(grep "^secret_name:" "$SYSTEM_PARAMS" | awk '{split($0,a,": "); print a[2]}' | xargs) + secret_name=$(grep "^secret_name:" "$SYSTEM_PARAMS" | awk '{split($0,a,": "); print a[2]}' | xargs) + log "INFO" "Secret Name: $secret_name" if [[ -z "$secret_name" ]]; then log "ERROR" "Error: secret_name is not defined in $SYSTEM_PARAMS." From 0a5dec8835d3ae0b7937bf324d38edc4f751b450 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Mon, 31 Mar 2025 17:02:06 -0400 Subject: [PATCH 07/64] testing --- scripts/sap_automation_qa.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 5a6fac31..81ceed61 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -248,8 +248,8 @@ main() { # fi # Extract secret_name from sap-parameters.yaml - secret_name=$(yq eval '.secret_name' "$SYSTEM_PARAMS") # Using yq - log "INFO" "Secret Name: $secret_name" + #secret_name=$(yq eval '.secret_name' "$SYSTEM_PARAMS") # Using yq + #log "INFO" "Secret Name: $secret_name" # Alternatively, use grep and awk: secret_name=$(grep "^secret_name:" "$SYSTEM_PARAMS" | awk '{split($0,a,": "); print a[2]}' | xargs) log "INFO" "Secret Name: $secret_name" From 7e6a0de6ff7de6e063e59bce0d421b3b01038c12 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Mon, 31 Mar 2025 17:11:52 -0400 Subject: [PATCH 08/64] testing --- scripts/sap_automation_qa.sh | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 81ceed61..6e7e632c 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -105,7 +105,7 @@ check_msi_permissions() { local key_vault_id=$1 local required_permission="Get" - # Extract resource group name and key vault name from the key_vault_id + # Extract resource group name and key vault name from key_vault_id resource_group_name=$(echo "$key_vault_id" | awk -F'/' '{for(i=1;i<=NF;i++){if($i=="resourceGroups"){print $(i+1)}}}') key_vault_name=$(echo "$key_vault_id" | awk -F'/' '{for(i=1;i<=NF;i++){if($i=="vaults"){print $(i+1)}}}') @@ -151,11 +151,22 @@ run_ansible_playbook() { if [[ "$auth_type" == "SSHKEY" ]]; then log "INFO" "Authentication type is SSHKEY." + + # Extract key_vault_id from sap-parameters.yaml + key_vault_id=$(grep "^key_vault_id:" "$system_params" | awk '{split($0,a,": "); print a[2]}' | xargs) + if [[ -z "$key_vault_id" ]]; then + log "ERROR" "Error: key_vault_id is not defined in $system_params." + exit 1 + fi + log "INFO" "Extracted key_vault_id: $key_vault_id" + + # Extract Key Vault details and check MSI permissions + check_msi_permissions "$key_vault_id" + log "INFO" "Key_vault_id: $key_vault_id" log "INFO" "Key Vault Name: $key_vault_name" log "INFO" "Secret Name: $secret_name" if [[ -n "$key_vault_name" && -n "$secret_name" ]]; then log "INFO" "Using Key Vault for SSH key retrieval." - check_msi_permissions "$key_vault_name" # Call the function to check MSI permissions secret_value=$(az keyvault secret show --vault-name "$key_vault_name" --name "$secret_name" --query "value" -o tsv) if [[ -z "$secret_value" ]]; then log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault '$key_vault_name'." @@ -248,11 +259,7 @@ main() { # fi # Extract secret_name from sap-parameters.yaml - #secret_name=$(yq eval '.secret_name' "$SYSTEM_PARAMS") # Using yq - #log "INFO" "Secret Name: $secret_name" - # Alternatively, use grep and awk: secret_name=$(grep "^secret_name:" "$SYSTEM_PARAMS" | awk '{split($0,a,": "); print a[2]}' | xargs) - log "INFO" "Secret Name: $secret_name" if [[ -z "$secret_name" ]]; then log "ERROR" "Error: secret_name is not defined in $SYSTEM_PARAMS." From c516567bbda1651054bab4c40602c542f24d7b5a Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Mon, 31 Mar 2025 17:22:35 -0400 Subject: [PATCH 09/64] testing --- scripts/sap_automation_qa.sh | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 6e7e632c..c17c6b71 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -100,7 +100,22 @@ get_playbook_name() { esac } -# Function to check if the MSI has the correct permissions on the Key Vault +# Function to get MSI object ID using Azure Instance Metadata Service (IMDS) +get_msi_object_id() { + local resource_group_name=$1 + local vm_name=$2 + + # Use IMDS to get the MSI object ID + msi_object_id=$(curl -s -H "Metadata:true" "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2019-08-01&resource=https://management.azure.com" | jq -r '.client_id') + if [[ -z "$msi_object_id" ]]; then + log "ERROR" "Failed to retrieve MSI object ID using IMDS." + exit 1 + fi + + echo "$msi_object_id" +} + +# Updated check_msi_permissions function to use MSI token check_msi_permissions() { local key_vault_id=$1 local required_permission="Get" @@ -119,24 +134,21 @@ check_msi_permissions() { log "INFO" "Checking MSI permissions on Key Vault: $key_vault_name..." - # Get the MSI name dynamically - MSI_NAME=$(az vm identity show --resource-group "$RESOURCE_GROUP" --name "$(az vm list --query "[?identity.type=='UserAssigned'].name" -o tsv)" --query "userAssignedIdentities | keys(@)[0]" -o tsv) - - # Get the MSI object ID - msi_object_id=$(az identity show --name "$MSI_NAME" --resource-group "$RESOURCE_GROUP" --query "principalId" -o tsv) + # Get MSI object ID using IMDS + msi_object_id=$(get_msi_object_id "$resource_group_name" "$VM_NAME") if [[ -z "$msi_object_id" ]]; then - log "ERROR" "Failed to retrieve MSI object ID for $MSI_NAME in resource group $RESOURCE_GROUP." + log "ERROR" "Failed to retrieve MSI object ID." exit 1 fi # Check Key Vault permissions permissions=$(az keyvault show --name "$key_vault_name" --query "properties.accessPolicies[?objectId=='$msi_object_id'].permissions.secrets" -o tsv) if [[ ! "$permissions" =~ (^|[[:space:]])"$required_permission"($|[[:space:]]) ]]; then - log "ERROR" "MSI $MSI_NAME does not have the required '$required_permission' permission on Key Vault $key_vault_name." + log "ERROR" "MSI does not have the required '$required_permission' permission on Key Vault $key_vault_name." exit 1 fi - log "INFO" "MSI $MSI_NAME has the required permissions on Key Vault $key_vault_name." + log "INFO" "MSI has the required permissions on Key Vault $key_vault_name." } # Function to run the ansible playbook @@ -162,9 +174,6 @@ run_ansible_playbook() { # Extract Key Vault details and check MSI permissions check_msi_permissions "$key_vault_id" - log "INFO" "Key_vault_id: $key_vault_id" - log "INFO" "Key Vault Name: $key_vault_name" - log "INFO" "Secret Name: $secret_name" if [[ -n "$key_vault_name" && -n "$secret_name" ]]; then log "INFO" "Using Key Vault for SSH key retrieval." secret_value=$(az keyvault secret show --vault-name "$key_vault_name" --name "$secret_name" --query "value" -o tsv) From 209a4807e7f666d69c69285743e46905aa20a071 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Mon, 31 Mar 2025 17:25:38 -0400 Subject: [PATCH 10/64] testing --- scripts/sap_automation_qa.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index c17c6b71..e23b5c22 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -136,6 +136,7 @@ check_msi_permissions() { # Get MSI object ID using IMDS msi_object_id=$(get_msi_object_id "$resource_group_name" "$VM_NAME") + log "INFO" "MSI OBJECT ID: $msi_object_id..." if [[ -z "$msi_object_id" ]]; then log "ERROR" "Failed to retrieve MSI object ID." exit 1 From b6e57fc3a8683912df266a3c152430e45db7568e Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Mon, 31 Mar 2025 17:26:33 -0400 Subject: [PATCH 11/64] testing --- scripts/sap_automation_qa.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index e23b5c22..78600e74 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -137,6 +137,7 @@ check_msi_permissions() { # Get MSI object ID using IMDS msi_object_id=$(get_msi_object_id "$resource_group_name" "$VM_NAME") log "INFO" "MSI OBJECT ID: $msi_object_id..." + log "INFO" "resource group NAME: $resource_group_name..." if [[ -z "$msi_object_id" ]]; then log "ERROR" "Failed to retrieve MSI object ID." exit 1 From 7a948117f75a221ea69f853d8142ff4719fba0d2 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Mon, 31 Mar 2025 17:33:24 -0400 Subject: [PATCH 12/64] testing --- scripts/sap_automation_qa.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 78600e74..d4c0e90d 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -112,6 +112,7 @@ get_msi_object_id() { exit 1 fi + echo "$msi_object_id" } @@ -142,7 +143,15 @@ check_msi_permissions() { log "ERROR" "Failed to retrieve MSI object ID." exit 1 fi - + + # Log in using MSI object ID + log "INFO" "Logging in using MSI object ID: $msi_object_id" + az login --identity --username "$msi_object_id" &> /dev/null + if [[ $? -ne 0 ]]; then + log "ERROR" "Failed to log in using MSI object ID: $msi_object_id" + exit 1 + fi + # Check Key Vault permissions permissions=$(az keyvault show --name "$key_vault_name" --query "properties.accessPolicies[?objectId=='$msi_object_id'].permissions.secrets" -o tsv) if [[ ! "$permissions" =~ (^|[[:space:]])"$required_permission"($|[[:space:]]) ]]; then From 3d6525b10f19585736c45707c5646cf69f7d8c14 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Mon, 31 Mar 2025 17:35:40 -0400 Subject: [PATCH 13/64] testing --- scripts/sap_automation_qa.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index d4c0e90d..d08967aa 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -146,12 +146,12 @@ check_msi_permissions() { # Log in using MSI object ID log "INFO" "Logging in using MSI object ID: $msi_object_id" - az login --identity --username "$msi_object_id" &> /dev/null + az login --identity --username "$msi_object_id" if [[ $? -ne 0 ]]; then log "ERROR" "Failed to log in using MSI object ID: $msi_object_id" exit 1 fi - + # Check Key Vault permissions permissions=$(az keyvault show --name "$key_vault_name" --query "properties.accessPolicies[?objectId=='$msi_object_id'].permissions.secrets" -o tsv) if [[ ! "$permissions" =~ (^|[[:space:]])"$required_permission"($|[[:space:]]) ]]; then From 7119de6031b2b97de2d19a4af806eeb0a37d183e Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Mon, 31 Mar 2025 17:37:08 -0400 Subject: [PATCH 14/64] testing --- scripts/sap_automation_qa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index d08967aa..7b8fb540 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -146,7 +146,7 @@ check_msi_permissions() { # Log in using MSI object ID log "INFO" "Logging in using MSI object ID: $msi_object_id" - az login --identity --username "$msi_object_id" + az login --identity --username "$msi_object_id" --allow-no-subscriptions if [[ $? -ne 0 ]]; then log "ERROR" "Failed to log in using MSI object ID: $msi_object_id" exit 1 From 59150ae68d4834f72f0f4d8bd9d179d3b7e72b5e Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Mon, 31 Mar 2025 17:40:15 -0400 Subject: [PATCH 15/64] testing --- scripts/sap_automation_qa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 7b8fb540..568a05e9 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -146,7 +146,7 @@ check_msi_permissions() { # Log in using MSI object ID log "INFO" "Logging in using MSI object ID: $msi_object_id" - az login --identity --username "$msi_object_id" --allow-no-subscriptions + az login --identity --client-id "$msi_object_id" --allow-no-subscriptions if [[ $? -ne 0 ]]; then log "ERROR" "Failed to log in using MSI object ID: $msi_object_id" exit 1 From 6752a377b4ceebe55f209f6533661131f2a126eb Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Mon, 31 Mar 2025 17:48:20 -0400 Subject: [PATCH 16/64] testing --- scripts/sap_automation_qa.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 568a05e9..a5b0e7b4 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -124,6 +124,7 @@ check_msi_permissions() { # Extract resource group name and key vault name from key_vault_id resource_group_name=$(echo "$key_vault_id" | awk -F'/' '{for(i=1;i<=NF;i++){if($i=="resourceGroups"){print $(i+1)}}}') key_vault_name=$(echo "$key_vault_id" | awk -F'/' '{for(i=1;i<=NF;i++){if($i=="vaults"){print $(i+1)}}}') + subscription_id=$(echo "$key_vault_id" | awk -F'/' '{for(i=1;i<=NF;i++){if($i=="subscriptions"){print $(i+1)}}}') if [[ -z "$resource_group_name" || -z "$key_vault_name" ]]; then log "ERROR" "Failed to extract resource group name or key vault name from key_vault_id: $key_vault_id" @@ -146,7 +147,8 @@ check_msi_permissions() { # Log in using MSI object ID log "INFO" "Logging in using MSI object ID: $msi_object_id" - az login --identity --client-id "$msi_object_id" --allow-no-subscriptions + az login --identity + az account set --subscription "$subscription_id" if [[ $? -ne 0 ]]; then log "ERROR" "Failed to log in using MSI object ID: $msi_object_id" exit 1 From 7cdb16b8f831446f0e565fa407646b0d29824379 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Tue, 1 Apr 2025 15:53:56 -0400 Subject: [PATCH 17/64] testing --- scripts/sap_automation_qa.sh | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index a5b0e7b4..49d2a0b5 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -102,17 +102,13 @@ get_playbook_name() { # Function to get MSI object ID using Azure Instance Metadata Service (IMDS) get_msi_object_id() { - local resource_group_name=$1 - local vm_name=$2 - - # Use IMDS to get the MSI object ID - msi_object_id=$(curl -s -H "Metadata:true" "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2019-08-01&resource=https://management.azure.com" | jq -r '.client_id') - if [[ -z "$msi_object_id" ]]; then - log "ERROR" "Failed to retrieve MSI object ID using IMDS." + # Use IMDS to get the system-assigned MSI object ID + msi_object_id=$(curl -s -H "Metadata:true" "http://169.254.169.254/metadata/identity/info?api-version=2019-08-01" | jq -r '.compute.identity.systemAssignedIdentity') + if [[ -z "$msi_object_id" || "$msi_object_id" == "null" ]]; then + log "ERROR" "Failed to retrieve system-assigned MSI object ID using IMDS." exit 1 fi - echo "$msi_object_id" } From a929ea06f3086c4305e96d727e213daaf92e180f Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Tue, 1 Apr 2025 15:58:40 -0400 Subject: [PATCH 18/64] testing --- scripts/sap_automation_qa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 49d2a0b5..d15c345f 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -108,7 +108,7 @@ get_msi_object_id() { log "ERROR" "Failed to retrieve system-assigned MSI object ID using IMDS." exit 1 fi - + log "INFO" "MSI OBJECT ID: $msi_object_id..." echo "$msi_object_id" } From 4db7056cd0ccc2d374c6c3930f10e0514c4f8451 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Tue, 1 Apr 2025 16:00:37 -0400 Subject: [PATCH 19/64] testing --- scripts/sap_automation_qa.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index d15c345f..35e3b307 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -102,8 +102,8 @@ get_playbook_name() { # Function to get MSI object ID using Azure Instance Metadata Service (IMDS) get_msi_object_id() { - # Use IMDS to get the system-assigned MSI object ID - msi_object_id=$(curl -s -H "Metadata:true" "http://169.254.169.254/metadata/identity/info?api-version=2019-08-01" | jq -r '.compute.identity.systemAssignedIdentity') + # Use IMDS to get the system-assigned MSI client ID + msi_object_id=$(curl -s -H "Metadata:true" "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2019-08-01&resource=https://management.azure.com" | jq -r '.client_id') if [[ -z "$msi_object_id" || "$msi_object_id" == "null" ]]; then log "ERROR" "Failed to retrieve system-assigned MSI object ID using IMDS." exit 1 From 37057c4ffa82f6616031ff902a524259be733891 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Tue, 1 Apr 2025 16:29:56 -0400 Subject: [PATCH 20/64] testing --- scripts/sap_automation_qa.sh | 40 ++++++++---------------------------- 1 file changed, 9 insertions(+), 31 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 35e3b307..dc6688aa 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -100,19 +100,7 @@ get_playbook_name() { esac } -# Function to get MSI object ID using Azure Instance Metadata Service (IMDS) -get_msi_object_id() { - # Use IMDS to get the system-assigned MSI client ID - msi_object_id=$(curl -s -H "Metadata:true" "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2019-08-01&resource=https://management.azure.com" | jq -r '.client_id') - if [[ -z "$msi_object_id" || "$msi_object_id" == "null" ]]; then - log "ERROR" "Failed to retrieve system-assigned MSI object ID using IMDS." - exit 1 - fi - log "INFO" "MSI OBJECT ID: $msi_object_id..." - echo "$msi_object_id" -} - -# Updated check_msi_permissions function to use MSI token +# Updated check_msi_permissions function to authenticate and error out if permissions are incorrect check_msi_permissions() { local key_vault_id=$1 local required_permission="Get" @@ -130,30 +118,20 @@ check_msi_permissions() { log "INFO" "Extracted resource group name: $resource_group_name" log "INFO" "Extracted key vault name: $key_vault_name" - log "INFO" "Checking MSI permissions on Key Vault: $key_vault_name..." - - # Get MSI object ID using IMDS - msi_object_id=$(get_msi_object_id "$resource_group_name" "$VM_NAME") - log "INFO" "MSI OBJECT ID: $msi_object_id..." - log "INFO" "resource group NAME: $resource_group_name..." - if [[ -z "$msi_object_id" ]]; then - log "ERROR" "Failed to retrieve MSI object ID." - exit 1 - fi - - # Log in using MSI object ID - log "INFO" "Logging in using MSI object ID: $msi_object_id" + # Authenticate using MSI + log "INFO" "Authenticating using MSI..." az login --identity az account set --subscription "$subscription_id" if [[ $? -ne 0 ]]; then - log "ERROR" "Failed to log in using MSI object ID: $msi_object_id" + log "ERROR" "Failed to authenticate using MSI." exit 1 fi - # Check Key Vault permissions - permissions=$(az keyvault show --name "$key_vault_name" --query "properties.accessPolicies[?objectId=='$msi_object_id'].permissions.secrets" -o tsv) - if [[ ! "$permissions" =~ (^|[[:space:]])"$required_permission"($|[[:space:]]) ]]; then - log "ERROR" "MSI does not have the required '$required_permission' permission on Key Vault $key_vault_name." + # Attempt to access Key Vault to verify permissions + log "INFO" "Verifying permissions on Key Vault: $key_vault_name..." + secret_check=$(az keyvault secret list --vault-name "$key_vault_name" --maxresults 1 2>&1) + if [[ $? -ne 0 ]]; then + log "ERROR" "Permission check failed: $secret_check" exit 1 fi From 7b96b1a3a8a9a905352de0ea96bbfe9dc2ee72d9 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Wed, 2 Apr 2025 12:08:40 -0400 Subject: [PATCH 21/64] testing --- scripts/sap_automation_qa.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index dc6688aa..e1bb98cf 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -129,12 +129,13 @@ check_msi_permissions() { # Attempt to access Key Vault to verify permissions log "INFO" "Verifying permissions on Key Vault: $key_vault_name..." - secret_check=$(az keyvault secret list --vault-name "$key_vault_name" --maxresults 1 2>&1) - if [[ $? -ne 0 ]]; then - log "ERROR" "Permission check failed: $secret_check" + if ! az keyvault secret list --vault-name "$key_vault_name" --maxresults 1 2>/tmp/az_error.log; then + log "ERROR" "Azure CLI error: $(cat /tmp/az_error.log)" + rm -f /tmp/az_error.log exit 1 fi + rm -f /tmp/az_error.log log "INFO" "MSI has the required permissions on Key Vault $key_vault_name." } From afc0f1d3fa56c7d72fbd4ba315d08a743d8eb2d1 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Wed, 2 Apr 2025 12:11:18 -0400 Subject: [PATCH 22/64] testing --- scripts/sap_automation_qa.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index e1bb98cf..a5236c7c 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -129,13 +129,16 @@ check_msi_permissions() { # Attempt to access Key Vault to verify permissions log "INFO" "Verifying permissions on Key Vault: $key_vault_name..." - if ! az keyvault secret list --vault-name "$key_vault_name" --maxresults 1 2>/tmp/az_error.log; then - log "ERROR" "Azure CLI error: $(cat /tmp/az_error.log)" - rm -f /tmp/az_error.log + error_message=$(az keyvault secret list --vault-name "$key_vault_name" --maxresults 1 2>&1) + if [[ $? -ne 0 ]]; then + extracted_message=$(echo "$error_message" | grep -oP '(?<=Message: ).*' | head -n 1) + if [[ -z "$extracted_message" ]]; then + extracted_message="An unknown error occurred. See full error details above." + fi + log "ERROR" "Azure CLI error: $extracted_message" exit 1 fi - rm -f /tmp/az_error.log log "INFO" "MSI has the required permissions on Key Vault $key_vault_name." } From 7dafd6fc3495f400049c5d8fa69452c4fbff4900 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Wed, 2 Apr 2025 12:13:02 -0400 Subject: [PATCH 23/64] testing --- scripts/sap_automation_qa.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index a5236c7c..2b89894b 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -129,8 +129,12 @@ check_msi_permissions() { # Attempt to access Key Vault to verify permissions log "INFO" "Verifying permissions on Key Vault: $key_vault_name..." + set +e # Temporarily disable exit on error error_message=$(az keyvault secret list --vault-name "$key_vault_name" --maxresults 1 2>&1) - if [[ $? -ne 0 ]]; then + az_exit_code=$? # Capture the exit code of the az command + set -e # Re-enable exit on error + + if [[ $az_exit_code -ne 0 ]]; then extracted_message=$(echo "$error_message" | grep -oP '(?<=Message: ).*' | head -n 1) if [[ -z "$extracted_message" ]]; then extracted_message="An unknown error occurred. See full error details above." From f4043b76d14fca4f0d161da9e58509054520a8af Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Wed, 2 Apr 2025 12:25:49 -0400 Subject: [PATCH 24/64] testing --- scripts/sap_automation_qa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 2b89894b..c16dac78 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -130,7 +130,7 @@ check_msi_permissions() { # Attempt to access Key Vault to verify permissions log "INFO" "Verifying permissions on Key Vault: $key_vault_name..." set +e # Temporarily disable exit on error - error_message=$(az keyvault secret list --vault-name "$key_vault_name" --maxresults 1 2>&1) + error_message=$(az keyvault secret list --vault-name "$key_vault_name" 2>&1) az_exit_code=$? # Capture the exit code of the az command set -e # Re-enable exit on error From 61b45281b197fc5ec7c9233b06d4e4f67fda0940 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Wed, 2 Apr 2025 12:51:55 -0400 Subject: [PATCH 25/64] testing --- scripts/sap_automation_qa.sh | 63 ++++++++++++++++++++++++++++++------ 1 file changed, 53 insertions(+), 10 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index c16dac78..4a9a7629 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -18,7 +18,12 @@ RED='\033[0;31m' GREEN='\033[0;32m' NC='\033[0m' -# Function to print logs with color based on severity +""" +Print logs with color based on severity. + +:param severity: The severity level of the log (e.g., "INFO", "ERROR"). +:param message: The message to log. +""" log() { local severity=$1 local message=$2 @@ -37,12 +42,21 @@ log "INFO" "ANSIBLE_MODULE_UTILS: $ANSIBLE_MODULE_UTILS" # Define the path to the vars.yaml file VARS_FILE="${cmd_dir}/../vars.yaml" -# Function to check if a command exists +""" +Check if a command exists. + +:param command: The command to check. +:return: None. Exits with a non-zero status if the command does not exist. +""" command_exists() { command -v "$1" &> /dev/null } -# Function to validate input parameters from vars.yaml +""" +Validate input parameters from vars.yaml. + +:return: None. Exits with a non-zero status if validation fails. +""" validate_params() { local missing_params=() local params=("TEST_TYPE" "SYSTEM_CONFIG_NAME" "sap_functional_test_type" "AUTHENTICATION_TYPE") @@ -71,7 +85,13 @@ validate_params() { fi } -# Function to check if a file exists +""" +Check if a file exists. + +:param file_path: The path to the file to check. +:param error_message: The error message to display if the file does not exist. +:return: None. Exits with a non-zero status if the file does not exist. +""" check_file_exists() { local file_path=$1 local error_message=$2 @@ -82,7 +102,12 @@ check_file_exists() { fi } -# Function to determine the playbook name based on the sap_functional_test_type +""" +Determine the playbook name based on the sap_functional_test_type. + +:param test_type: The type of SAP functional test. +:return: The name of the playbook. +""" get_playbook_name() { local test_type=$1 @@ -100,7 +125,12 @@ get_playbook_name() { esac } -# Updated check_msi_permissions function to authenticate and error out if permissions are incorrect +""" +Check MSI permissions for accessing a Key Vault. + +:param key_vault_id: The ID of the Key Vault. +:return: None. Exits with a non-zero status if permissions are insufficient. +""" check_msi_permissions() { local key_vault_id=$1 local required_permission="Get" @@ -146,7 +176,17 @@ check_msi_permissions() { log "INFO" "MSI has the required permissions on Key Vault $key_vault_name." } -# Function to run the ansible playbook +""" +Run the ansible playbook. + +:param playbook_name: The name of the playbook to run. +:param system_hosts: The path to the inventory file. +:param system_params: The path to the SAP parameters file. +:param auth_type: The authentication type (e.g., "SSHKEY", "VMPASSWORD"). +:param system_config_folder: The path to the system configuration folder. +:param secret_name: The name of the secret in the Key Vault. +:return: None. Exits with the return code of the ansible-playbook command. +""" run_ansible_playbook() { local playbook_name=$1 local system_hosts=$2 @@ -228,7 +268,11 @@ run_ansible_playbook() { exit $return_code } -# Main script execution +""" +Main script execution. + +:return: None. Exits with a non-zero status if any step fails. +""" main() { log "INFO" "Activate the virtual environment..." set -e @@ -251,7 +295,7 @@ main() { check_file_exists "$SYSTEM_PARAMS" \ "sap-parameters.yaml not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." - # log "INFO" "Checking if the SSH key or password file exists..." +# log "INFO" "Checking if the SSH key or password file exists..." # if [[ "$AUTHENTICATION_TYPE" == "SSHKEY" ]]; then # check_file_exists "${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" \ # "ssh_key.ppk not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." @@ -274,7 +318,6 @@ main() { playbook_name=$(get_playbook_name "$sap_functional_test_type") log "INFO" "Using playbook: $playbook_name." - run_ansible_playbook "$playbook_name" "$SYSTEM_HOSTS" "$SYSTEM_PARAMS" "$AUTHENTICATION_TYPE" "$SYSTEM_CONFIG_FOLDER" "$secret_name" # Clean up any remaining temporary files From 6b96c4ee3b1d9fb8de3204d3c5f32689fd563802 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Wed, 2 Apr 2025 13:39:44 -0400 Subject: [PATCH 26/64] testing --- scripts/sap_automation_qa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 4a9a7629..0122f261 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -211,7 +211,7 @@ run_ansible_playbook() { check_msi_permissions "$key_vault_id" if [[ -n "$key_vault_name" && -n "$secret_name" ]]; then log "INFO" "Using Key Vault for SSH key retrieval." - secret_value=$(az keyvault secret show --vault-name "$key_vault_name" --name "$secret_name" --query "value" -o tsv) + secret_value=$(az keyvault secret show --vault-name "$key_vault_name" --name "$secret_name" --query "value" -o tsv --output none) if [[ -z "$secret_value" ]]; then log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault '$key_vault_name'." exit 1 From dae054a65e7b705bb6e8bdb53a66c201ed072724 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Wed, 2 Apr 2025 13:40:30 -0400 Subject: [PATCH 27/64] testing --- scripts/sap_automation_qa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 0122f261..21c7d7e8 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -211,7 +211,7 @@ run_ansible_playbook() { check_msi_permissions "$key_vault_id" if [[ -n "$key_vault_name" && -n "$secret_name" ]]; then log "INFO" "Using Key Vault for SSH key retrieval." - secret_value=$(az keyvault secret show --vault-name "$key_vault_name" --name "$secret_name" --query "value" -o tsv --output none) + secret_value=$(az keyvault secret show --vault-name "$key_vault_name" --name "$secret_name" --query "value" --output none) if [[ -z "$secret_value" ]]; then log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault '$key_vault_name'." exit 1 From 641f5677708543d3b6c3a68ffd0a3e2c2cb673d2 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Wed, 2 Apr 2025 14:07:04 -0400 Subject: [PATCH 28/64] testing --- scripts/sap_automation_qa.sh | 55 +++++++++++++++++++++++++++--------- 1 file changed, 41 insertions(+), 14 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 21c7d7e8..a7d63566 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -18,6 +18,11 @@ RED='\033[0;31m' GREEN='\033[0;32m' NC='\033[0m' +""" +Global variable to store the path of the temporary file. +""" +temp_file="" + """ Print logs with color based on severity. @@ -102,6 +107,23 @@ check_file_exists() { fi } +""" +Extract the error message from a command's output. + +:param error_output: The output containing the error message. +:return: The extracted error message or a default message if none is found. +""" +extract_error_message() { + local error_output=$1 + local extracted_message + + extracted_message=$(echo "$error_output" | grep -oP '(?<=Message: ).*' | head -n 1) + if [[ -z "$extracted_message" ]]; then + extracted_message="An unknown error occurred. See full error details above." + fi + echo "$extracted_message" +} + """ Determine the playbook name based on the sap_functional_test_type. @@ -165,15 +187,28 @@ check_msi_permissions() { set -e # Re-enable exit on error if [[ $az_exit_code -ne 0 ]]; then - extracted_message=$(echo "$error_message" | grep -oP '(?<=Message: ).*' | head -n 1) - if [[ -z "$extracted_message" ]]; then - extracted_message="An unknown error occurred. See full error details above." - fi + extracted_message=$(extract_error_message "$error_message") log "ERROR" "Azure CLI error: $extracted_message" exit 1 fi + + # Attempt to retrieve the secret value and handle errors + log "INFO" "Retrieving secret '$secret_name' from Key Vault '$key_vault_name'..." + set +e # Temporarily disable exit on error + secret_value=$(az keyvault secret show --vault-name "$key_vault_name" --name "$secret_name" --query "value" -o tsv 2>&1) + az_exit_code=$? # Capture the exit code of the az command + set -e # Re-enable exit on error + + if [[ $az_exit_code -ne 0 ]]; then + extracted_message=$(extract_error_message "$secret_value") + log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault '$key_vault_name': $extracted_message" + exit 1 + fi - log "INFO" "MSI has the required permissions on Key Vault $key_vault_name." + log "INFO" "Successfully retrieved secret from Key Vault." + temp_file=$(mktemp --suffix=.ppk) + echo "$secret_value" > "$temp_file" + log "INFO" "Temporary SSH key file created: $temp_file" } """ @@ -194,7 +229,6 @@ run_ansible_playbook() { local auth_type=$4 local system_config_folder=$5 local secret_name=$6 - local temp_file if [[ "$auth_type" == "SSHKEY" ]]; then log "INFO" "Authentication type is SSHKEY." @@ -211,14 +245,7 @@ run_ansible_playbook() { check_msi_permissions "$key_vault_id" if [[ -n "$key_vault_name" && -n "$secret_name" ]]; then log "INFO" "Using Key Vault for SSH key retrieval." - secret_value=$(az keyvault secret show --vault-name "$key_vault_name" --name "$secret_name" --query "value" --output none) - if [[ -z "$secret_value" ]]; then - log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault '$key_vault_name'." - exit 1 - fi - temp_file=$(mktemp --suffix=.ppk) - echo "$secret_value" > "$temp_file" - log "INFO" "Temporary SSH key file created: $temp_file" + log "INFO" "Temporary SSH key file: $temp_file" command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $temp_file \ -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" else From 9deec6b219007484e7215a89e74bf94088f97799 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Wed, 2 Apr 2025 14:11:40 -0400 Subject: [PATCH 29/64] testing --- scripts/sap_automation_qa.sh | 42 +++++++++++------------------------- 1 file changed, 13 insertions(+), 29 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index a7d63566..d82e85dc 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -110,13 +110,18 @@ check_file_exists() { """ Extract the error message from a command's output. -:param error_output: The output containing the error message. +:param command: The command to execute. :return: The extracted error message or a default message if none is found. """ extract_error_message() { - local error_output=$1 + local command=$1 + local error_output local extracted_message + set +e # Temporarily disable exit on error + error_output=$($command 2>&1) + set -e # Re-enable exit on error + extracted_message=$(echo "$error_output" | grep -oP '(?<=Message: ).*' | head -n 1) if [[ -z "$extracted_message" ]]; then extracted_message="An unknown error occurred. See full error details above." @@ -181,27 +186,17 @@ check_msi_permissions() { # Attempt to access Key Vault to verify permissions log "INFO" "Verifying permissions on Key Vault: $key_vault_name..." - set +e # Temporarily disable exit on error - error_message=$(az keyvault secret list --vault-name "$key_vault_name" 2>&1) - az_exit_code=$? # Capture the exit code of the az command - set -e # Re-enable exit on error - - if [[ $az_exit_code -ne 0 ]]; then - extracted_message=$(extract_error_message "$error_message") - log "ERROR" "Azure CLI error: $extracted_message" + error_message=$(extract_error_message "az keyvault secret list --vault-name \"$key_vault_name\"") + if [[ $? -ne 0 ]]; then + log "ERROR" "Azure CLI error: $error_message" exit 1 fi # Attempt to retrieve the secret value and handle errors log "INFO" "Retrieving secret '$secret_name' from Key Vault '$key_vault_name'..." - set +e # Temporarily disable exit on error - secret_value=$(az keyvault secret show --vault-name "$key_vault_name" --name "$secret_name" --query "value" -o tsv 2>&1) - az_exit_code=$? # Capture the exit code of the az command - set -e # Re-enable exit on error - - if [[ $az_exit_code -ne 0 ]]; then - extracted_message=$(extract_error_message "$secret_value") - log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault '$key_vault_name': $extracted_message" + secret_value=$(extract_error_message "az keyvault secret show --vault-name \"$key_vault_name\" --name \"$secret_name\" --query \"value\" -o tsv") + if [[ $? -ne 0 ]]; then + log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault '$key_vault_name': $secret_value" exit 1 fi @@ -322,17 +317,6 @@ main() { check_file_exists "$SYSTEM_PARAMS" \ "sap-parameters.yaml not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." -# log "INFO" "Checking if the SSH key or password file exists..." - # if [[ "$AUTHENTICATION_TYPE" == "SSHKEY" ]]; then - # check_file_exists "${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" \ - # "ssh_key.ppk not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." - # elif [[ "$AUTHENTICATION_TYPE" == "VMPASSWORD" ]]; then - # check_file_exists "${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" \ - # "password file not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." - # elif [[ "$AUTHENTICATION_TYPE" == "KEYVAULT" ]]; then - # log "INFO" "Key Vault authentication selected. Ensure Key Vault parameters are set." - # fi - # Extract secret_name from sap-parameters.yaml secret_name=$(grep "^secret_name:" "$SYSTEM_PARAMS" | awk '{split($0,a,": "); print a[2]}' | xargs) From 6a2cbd3e2fd5ab07ef5ad5dd2fd7f52323eb90ed Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Wed, 2 Apr 2025 14:12:31 -0400 Subject: [PATCH 30/64] testing --- scripts/sap_automation_qa.sh | 42 +++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index d82e85dc..a7d63566 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -110,18 +110,13 @@ check_file_exists() { """ Extract the error message from a command's output. -:param command: The command to execute. +:param error_output: The output containing the error message. :return: The extracted error message or a default message if none is found. """ extract_error_message() { - local command=$1 - local error_output + local error_output=$1 local extracted_message - set +e # Temporarily disable exit on error - error_output=$($command 2>&1) - set -e # Re-enable exit on error - extracted_message=$(echo "$error_output" | grep -oP '(?<=Message: ).*' | head -n 1) if [[ -z "$extracted_message" ]]; then extracted_message="An unknown error occurred. See full error details above." @@ -186,17 +181,27 @@ check_msi_permissions() { # Attempt to access Key Vault to verify permissions log "INFO" "Verifying permissions on Key Vault: $key_vault_name..." - error_message=$(extract_error_message "az keyvault secret list --vault-name \"$key_vault_name\"") - if [[ $? -ne 0 ]]; then - log "ERROR" "Azure CLI error: $error_message" + set +e # Temporarily disable exit on error + error_message=$(az keyvault secret list --vault-name "$key_vault_name" 2>&1) + az_exit_code=$? # Capture the exit code of the az command + set -e # Re-enable exit on error + + if [[ $az_exit_code -ne 0 ]]; then + extracted_message=$(extract_error_message "$error_message") + log "ERROR" "Azure CLI error: $extracted_message" exit 1 fi # Attempt to retrieve the secret value and handle errors log "INFO" "Retrieving secret '$secret_name' from Key Vault '$key_vault_name'..." - secret_value=$(extract_error_message "az keyvault secret show --vault-name \"$key_vault_name\" --name \"$secret_name\" --query \"value\" -o tsv") - if [[ $? -ne 0 ]]; then - log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault '$key_vault_name': $secret_value" + set +e # Temporarily disable exit on error + secret_value=$(az keyvault secret show --vault-name "$key_vault_name" --name "$secret_name" --query "value" -o tsv 2>&1) + az_exit_code=$? # Capture the exit code of the az command + set -e # Re-enable exit on error + + if [[ $az_exit_code -ne 0 ]]; then + extracted_message=$(extract_error_message "$secret_value") + log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault '$key_vault_name': $extracted_message" exit 1 fi @@ -317,6 +322,17 @@ main() { check_file_exists "$SYSTEM_PARAMS" \ "sap-parameters.yaml not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." +# log "INFO" "Checking if the SSH key or password file exists..." + # if [[ "$AUTHENTICATION_TYPE" == "SSHKEY" ]]; then + # check_file_exists "${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" \ + # "ssh_key.ppk not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." + # elif [[ "$AUTHENTICATION_TYPE" == "VMPASSWORD" ]]; then + # check_file_exists "${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" \ + # "password file not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." + # elif [[ "$AUTHENTICATION_TYPE" == "KEYVAULT" ]]; then + # log "INFO" "Key Vault authentication selected. Ensure Key Vault parameters are set." + # fi + # Extract secret_name from sap-parameters.yaml secret_name=$(grep "^secret_name:" "$SYSTEM_PARAMS" | awk '{split($0,a,": "); print a[2]}' | xargs) From f988652efb9214623cd3e7d41da4da55751a452f Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Wed, 2 Apr 2025 15:19:28 -0400 Subject: [PATCH 31/64] fixed all changes --- .../DEV-WEEU-SAP01-X00/sap-parameters.yaml | 4 +- scripts/sap_automation_qa.sh | 78 ++++++++++++------- 2 files changed, 50 insertions(+), 32 deletions(-) diff --git a/WORKSPACES/SYSTEM/DEV-WEEU-SAP01-X00/sap-parameters.yaml b/WORKSPACES/SYSTEM/DEV-WEEU-SAP01-X00/sap-parameters.yaml index 2043be4e..b9e8adcb 100644 --- a/WORKSPACES/SYSTEM/DEV-WEEU-SAP01-X00/sap-parameters.yaml +++ b/WORKSPACES/SYSTEM/DEV-WEEU-SAP01-X00/sap-parameters.yaml @@ -30,5 +30,5 @@ NFS_provider: AFS ############################################################################# # Key Vault # ############################################################################# -key_vault_id: test -secret_name: test \ No newline at end of file +key_vault_id: /subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults/ +secret_name: \ No newline at end of file diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index a7d63566..f4fb93f9 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -148,12 +148,12 @@ get_playbook_name() { } """ -Check MSI permissions for accessing a Key Vault. +Retrieve a secret from Azure Key Vault. :param key_vault_id: The ID of the Key Vault. -:return: None. Exits with a non-zero status if permissions are insufficient. +:return: None. Exits with a non-zero status if retrieval fails. """ -check_msi_permissions() { +retrieve_secret_from_key_vault() { local key_vault_id=$1 local required_permission="Get" @@ -207,6 +207,10 @@ check_msi_permissions() { log "INFO" "Successfully retrieved secret from Key Vault." temp_file=$(mktemp --suffix=.ppk) + + # Check if the temporary file already exists + check_file_exists "$temp_file" "Temporary file already exists: $temp_file" + echo "$secret_value" > "$temp_file" log "INFO" "Temporary SSH key file created: $temp_file" } @@ -235,45 +239,59 @@ run_ansible_playbook() { # Extract key_vault_id from sap-parameters.yaml key_vault_id=$(grep "^key_vault_id:" "$system_params" | awk '{split($0,a,": "); print a[2]}' | xargs) + if [[ -z "$key_vault_id" ]]; then - log "ERROR" "Error: key_vault_id is not defined in $system_params." - exit 1 - fi - log "INFO" "Extracted key_vault_id: $key_vault_id" - - # Extract Key Vault details and check MSI permissions - check_msi_permissions "$key_vault_id" - if [[ -n "$key_vault_name" && -n "$secret_name" ]]; then - log "INFO" "Using Key Vault for SSH key retrieval." - log "INFO" "Temporary SSH key file: $temp_file" - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $temp_file \ - -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" - else local ssh_key="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" - log "INFO" "Using local SSH key: $ssh_key." - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \ - -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" + if [[ -f "$ssh_key" ]]; then + log "INFO" "key_vault_id is not provided, but local SSH key is present: $ssh_key." + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \ + -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" + else + log "ERROR" "Error: key_vault_id is not defined in $system_params, and no local SSH key is present." + exit 1 + fi + else + log "INFO" "Extracted key_vault_id: $key_vault_id" + + # Extract Key Vault details and retrieve secret + retrieve_secret_from_key_vault "$key_vault_id" + if [[ -z "$secret_value" ]]; then + local ssh_key="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" + if [[ -f "$ssh_key" ]]; then + log "INFO" "Secret value is not retrieved, but local SSH key is present: $ssh_key." + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \ + -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" + else + log "ERROR" "Error: Secret value is not retrieved, and no local SSH key is present." + exit 1 + fi + else + log "INFO" "Using Key Vault for SSH key retrieval." + log "INFO" "Temporary SSH key file: $temp_file" + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $temp_file \ + -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" + fi fi elif [[ "$auth_type" == "VMPASSWORD" ]]; then - if [[ -n "$key_vault_name" && -n "$secret_name" ]]; then - log "INFO" "Using Key Vault for password retrieval." - secret_value=$(az keyvault secret show --vault-name "$key_vault_name" --name "$secret_name" --query "value" -o tsv) - if [[ -z "$secret_value" ]]; then - log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault '$key_vault_name'." + if [[ -z "$secret_value" ]]; then + local password_file="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" + if [[ -f "$password_file" ]]; then + log "INFO" "Secret value is not retrieved, but local password file is present: $password_file." + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ + --extra-vars \"ansible_ssh_pass=$(cat $password_file)\" --extra-vars @$VARS_FILE -e @$system_params \ + -e '_workspace_directory=$system_config_folder'" + else + log "ERROR" "Error: Secret value is not retrieved, and no local password file is present." exit 1 fi + else + log "INFO" "Using Key Vault for password retrieval." temp_file=$(mktemp --suffix=.password) echo "$secret_value" > "$temp_file" log "INFO" "Temporary password file created: $temp_file" command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ --extra-vars \"ansible_ssh_pass=$(cat $temp_file)\" --extra-vars @$VARS_FILE -e @$system_params \ -e '_workspace_directory=$system_config_folder'" - else - local password_file="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" - log "INFO" "Using local password file: $password_file." - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ - --extra-vars \"ansible_ssh_pass=$(cat $password_file)\" --extra-vars @$VARS_FILE -e @$system_params \ - -e '_workspace_directory=$system_config_folder'" fi else log "ERROR" "Unknown authentication type: $auth_type" From 6002730999a584ec0c549ff7ec9ecf0860734f3b Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 13:18:19 -0400 Subject: [PATCH 32/64] fixing when SSH-KEY is given secret name shouldnt be defined --- scripts/sap_automation_qa.sh | 44 ++++++++++-------------------------- 1 file changed, 12 insertions(+), 32 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index f4fb93f9..21890dc5 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -240,37 +240,28 @@ run_ansible_playbook() { # Extract key_vault_id from sap-parameters.yaml key_vault_id=$(grep "^key_vault_id:" "$system_params" | awk '{split($0,a,": "); print a[2]}' | xargs) - if [[ -z "$key_vault_id" ]]; then - local ssh_key="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" - if [[ -f "$ssh_key" ]]; then - log "INFO" "key_vault_id is not provided, but local SSH key is present: $ssh_key." - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \ - -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" - else - log "ERROR" "Error: key_vault_id is not defined in $system_params, and no local SSH key is present." - exit 1 - fi - else + local ssh_key="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" + if [[ -f "$ssh_key" ]]; then + log "INFO" "Local SSH key is present: $ssh_key. Skipping secret_name requirement." + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \ + -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" + elif [[ -n "$key_vault_id" ]]; then log "INFO" "Extracted key_vault_id: $key_vault_id" # Extract Key Vault details and retrieve secret retrieve_secret_from_key_vault "$key_vault_id" if [[ -z "$secret_value" ]]; then - local ssh_key="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" - if [[ -f "$ssh_key" ]]; then - log "INFO" "Secret value is not retrieved, but local SSH key is present: $ssh_key." - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \ - -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" - else - log "ERROR" "Error: Secret value is not retrieved, and no local SSH key is present." - exit 1 - fi + log "ERROR" "Error: Secret value is not retrieved, and no local SSH key is present." + exit 1 else log "INFO" "Using Key Vault for SSH key retrieval." log "INFO" "Temporary SSH key file: $temp_file" command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $temp_file \ -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" fi + else + log "ERROR" "Error: key_vault_id is not defined in $system_params, and no local SSH key is present." + exit 1 fi elif [[ "$auth_type" == "VMPASSWORD" ]]; then if [[ -z "$secret_value" ]]; then @@ -340,21 +331,10 @@ main() { check_file_exists "$SYSTEM_PARAMS" \ "sap-parameters.yaml not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." -# log "INFO" "Checking if the SSH key or password file exists..." - # if [[ "$AUTHENTICATION_TYPE" == "SSHKEY" ]]; then - # check_file_exists "${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" \ - # "ssh_key.ppk not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." - # elif [[ "$AUTHENTICATION_TYPE" == "VMPASSWORD" ]]; then - # check_file_exists "${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" \ - # "password file not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." - # elif [[ "$AUTHENTICATION_TYPE" == "KEYVAULT" ]]; then - # log "INFO" "Key Vault authentication selected. Ensure Key Vault parameters are set." - # fi - # Extract secret_name from sap-parameters.yaml secret_name=$(grep "^secret_name:" "$SYSTEM_PARAMS" | awk '{split($0,a,": "); print a[2]}' | xargs) - if [[ -z "$secret_name" ]]; then + if [[ -z "$secret_name" && "$AUTHENTICATION_TYPE" != "SSHKEY" ]]; then log "ERROR" "Error: secret_name is not defined in $SYSTEM_PARAMS." exit 1 fi From 018f8ff2273e34459dec6dcaf9d207787196397e Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 14:18:55 -0400 Subject: [PATCH 33/64] testing --- scripts/sap_automation_qa.sh | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 21890dc5..a4578741 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -264,20 +264,16 @@ run_ansible_playbook() { exit 1 fi elif [[ "$auth_type" == "VMPASSWORD" ]]; then - if [[ -z "$secret_value" ]]; then - local password_file="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" - if [[ -f "$password_file" ]]; then - log "INFO" "Secret value is not retrieved, but local password file is present: $password_file." - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ - --extra-vars \"ansible_ssh_pass=$(cat $password_file)\" --extra-vars @$VARS_FILE -e @$system_params \ - -e '_workspace_directory=$system_config_folder'" - else - log "ERROR" "Error: Secret value is not retrieved, and no local password file is present." - exit 1 - fi + local password_file="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" + if [[ -f "$password_file" ]]; then + log "INFO" "Local password file is present: $password_file." + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ + --extra-vars \"ansible_ssh_pass=$(cat $password_file)\" --extra-vars @$VARS_FILE -e @$system_params \ + -e '_workspace_directory=$system_config_folder'" else - log "INFO" "Using Key Vault for password retrieval." + log "INFO" "Local password file not found. Retrieving password from Key Vault." temp_file=$(mktemp --suffix=.password) + retrieve_secret_from_key_vault "$key_vault_id" echo "$secret_value" > "$temp_file" log "INFO" "Temporary password file created: $temp_file" command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ From 3bb1a0c3613f62b753d1470a212faaecb6c2f3fb Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 14:25:23 -0400 Subject: [PATCH 34/64] testing --- scripts/sap_automation_qa.sh | 38 ++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index a4578741..4a412731 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -237,31 +237,33 @@ run_ansible_playbook() { if [[ "$auth_type" == "SSHKEY" ]]; then log "INFO" "Authentication type is SSHKEY." - # Extract key_vault_id from sap-parameters.yaml - key_vault_id=$(grep "^key_vault_id:" "$system_params" | awk '{split($0,a,": "); print a[2]}' | xargs) - local ssh_key="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" if [[ -f "$ssh_key" ]]; then log "INFO" "Local SSH key is present: $ssh_key. Skipping secret_name requirement." command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \ -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" - elif [[ -n "$key_vault_id" ]]; then + else + log "INFO" "Local SSH key not found. Retrieving SSH key from Key Vault." + + # Extract key_vault_id only if needed + key_vault_id=$(grep "^key_vault_id:" "$system_params" | awk '{split($0,a,": "); print a[2]}' | xargs) log "INFO" "Extracted key_vault_id: $key_vault_id" - # Extract Key Vault details and retrieve secret + if [[ -z "$key_vault_id" ]]; then + log "ERROR" "Error: key_vault_id is not defined in $system_params, and no local SSH key is present." + exit 1 + fi + retrieve_secret_from_key_vault "$key_vault_id" if [[ -z "$secret_value" ]]; then log "ERROR" "Error: Secret value is not retrieved, and no local SSH key is present." exit 1 - else - log "INFO" "Using Key Vault for SSH key retrieval." - log "INFO" "Temporary SSH key file: $temp_file" - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $temp_file \ - -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" fi - else - log "ERROR" "Error: key_vault_id is not defined in $system_params, and no local SSH key is present." - exit 1 + temp_file=$(mktemp --suffix=.ppk) + echo "$secret_value" > "$temp_file" + log "INFO" "Temporary SSH key file created: $temp_file" + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $temp_file \ + -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" fi elif [[ "$auth_type" == "VMPASSWORD" ]]; then local password_file="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" @@ -272,6 +274,16 @@ run_ansible_playbook() { -e '_workspace_directory=$system_config_folder'" else log "INFO" "Local password file not found. Retrieving password from Key Vault." + + # Extract key_vault_id only if needed + key_vault_id=$(grep "^key_vault_id:" "$system_params" | awk '{split($0,a,": "); print a[2]}' | xargs) + log "INFO" "Extracted key_vault_id: $key_vault_id" + + if [[ -z "$key_vault_id" ]]; then + log "ERROR" "Error: key_vault_id is not defined in $system_params, and no local password file is present." + exit 1 + fi + temp_file=$(mktemp --suffix=.password) retrieve_secret_from_key_vault "$key_vault_id" echo "$secret_value" > "$temp_file" From cd82685cf2a5a5869e74f2c07b43008a76429aa5 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 14:27:05 -0400 Subject: [PATCH 35/64] testing --- scripts/sap_automation_qa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 4a412731..3f3137bf 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -287,7 +287,7 @@ run_ansible_playbook() { temp_file=$(mktemp --suffix=.password) retrieve_secret_from_key_vault "$key_vault_id" echo "$secret_value" > "$temp_file" - log "INFO" "Temporary password file created: $temp_file" + log "INFO" "Temporary password file created." command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ --extra-vars \"ansible_ssh_pass=$(cat $temp_file)\" --extra-vars @$VARS_FILE -e @$system_params \ -e '_workspace_directory=$system_config_folder'" From dbad57e02096d5184b62de4c299f8fab71ef8662 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 14:32:04 -0400 Subject: [PATCH 36/64] testing --- scripts/sap_automation_qa.sh | 65 +++++++++++++++++++++++------------- 1 file changed, 42 insertions(+), 23 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 3f3137bf..e8025283 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -151,10 +151,12 @@ get_playbook_name() { Retrieve a secret from Azure Key Vault. :param key_vault_id: The ID of the Key Vault. +:param secret_name: The name of the secret in the Key Vault. :return: None. Exits with a non-zero status if retrieval fails. """ retrieve_secret_from_key_vault() { local key_vault_id=$1 + local secret_name=$2 local required_permission="Get" # Extract resource group name and key vault name from key_vault_id @@ -162,13 +164,14 @@ retrieve_secret_from_key_vault() { key_vault_name=$(echo "$key_vault_id" | awk -F'/' '{for(i=1;i<=NF;i++){if($i=="vaults"){print $(i+1)}}}') subscription_id=$(echo "$key_vault_id" | awk -F'/' '{for(i=1;i<=NF;i++){if($i=="subscriptions"){print $(i+1)}}}') - if [[ -z "$resource_group_name" || -z "$key_vault_name" ]]; then - log "ERROR" "Failed to extract resource group name or key vault name from key_vault_id: $key_vault_id" + if [[ -z "$resource_group_name" || -z "$key_vault_name" || -z "$secret_name" ]]; then + log "ERROR" "Failed to extract required details from key_vault_id or secret_name is missing." exit 1 fi log "INFO" "Extracted resource group name: $resource_group_name" log "INFO" "Extracted key vault name: $key_vault_name" + log "INFO" "Using secret name: $secret_name" # Authenticate using MSI log "INFO" "Authenticating using MSI..." @@ -179,19 +182,6 @@ retrieve_secret_from_key_vault() { exit 1 fi - # Attempt to access Key Vault to verify permissions - log "INFO" "Verifying permissions on Key Vault: $key_vault_name..." - set +e # Temporarily disable exit on error - error_message=$(az keyvault secret list --vault-name "$key_vault_name" 2>&1) - az_exit_code=$? # Capture the exit code of the az command - set -e # Re-enable exit on error - - if [[ $az_exit_code -ne 0 ]]; then - extracted_message=$(extract_error_message "$error_message") - log "ERROR" "Azure CLI error: $extracted_message" - exit 1 - fi - # Attempt to retrieve the secret value and handle errors log "INFO" "Retrieving secret '$secret_name' from Key Vault '$key_vault_name'..." set +e # Temporarily disable exit on error @@ -199,7 +189,7 @@ retrieve_secret_from_key_vault() { az_exit_code=$? # Capture the exit code of the az command set -e # Re-enable exit on error - if [[ $az_exit_code -ne 0 ]]; then + if [[ $az_exit_code -ne 0 || -z "$secret_value" ]]; then extracted_message=$(extract_error_message "$secret_value") log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault '$key_vault_name': $extracted_message" exit 1 @@ -209,9 +199,16 @@ retrieve_secret_from_key_vault() { temp_file=$(mktemp --suffix=.ppk) # Check if the temporary file already exists - check_file_exists "$temp_file" "Temporary file already exists: $temp_file" + if [[ -f "$temp_file" ]]; then + log "ERROR" "Temporary file already exists: $temp_file" + exit 1 + fi echo "$secret_value" > "$temp_file" + if [[ ! -s "$temp_file" ]]; then + log "ERROR" "Failed to store the retrieved secret in the temporary file." + exit 1 + fi log "INFO" "Temporary SSH key file created: $temp_file" } @@ -249,18 +246,26 @@ run_ansible_playbook() { key_vault_id=$(grep "^key_vault_id:" "$system_params" | awk '{split($0,a,": "); print a[2]}' | xargs) log "INFO" "Extracted key_vault_id: $key_vault_id" - if [[ -z "$key_vault_id" ]]; then - log "ERROR" "Error: key_vault_id is not defined in $system_params, and no local SSH key is present." + if [[ -z "$key_vault_id" || -z "$secret_name" ]]; then + log "ERROR" "Error: key_vault_id or secret_name is not defined in $system_params, and no local SSH key is present." exit 1 fi - retrieve_secret_from_key_vault "$key_vault_id" + retrieve_secret_from_key_vault "$key_vault_id" "$secret_name" if [[ -z "$secret_value" ]]; then log "ERROR" "Error: Secret value is not retrieved, and no local SSH key is present." exit 1 fi temp_file=$(mktemp --suffix=.ppk) + if [[ -f "$temp_file" ]]; then + log "ERROR" "Temporary file already exists: $temp_file" + exit 1 + fi echo "$secret_value" > "$temp_file" + if [[ ! -s "$temp_file" ]]; then + log "ERROR" "Failed to store the retrieved secret in the temporary file." + exit 1 + fi log "INFO" "Temporary SSH key file created: $temp_file" command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $temp_file \ -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" @@ -279,14 +284,22 @@ run_ansible_playbook() { key_vault_id=$(grep "^key_vault_id:" "$system_params" | awk '{split($0,a,": "); print a[2]}' | xargs) log "INFO" "Extracted key_vault_id: $key_vault_id" - if [[ -z "$key_vault_id" ]]; then - log "ERROR" "Error: key_vault_id is not defined in $system_params, and no local password file is present." + if [[ -z "$key_vault_id" || -z "$secret_name" ]]; then + log "ERROR" "Error: key_vault_id or secret_name is not defined in $system_params, and no local password file is present." exit 1 fi + retrieve_secret_from_key_vault "$key_vault_id" "$secret_name" temp_file=$(mktemp --suffix=.password) - retrieve_secret_from_key_vault "$key_vault_id" + if [[ -f "$temp_file" ]]; then + log "ERROR" "Temporary file already exists: $temp_file" + exit 1 + fi echo "$secret_value" > "$temp_file" + if [[ ! -s "$temp_file" ]]; then + log "ERROR" "Failed to store the retrieved secret in the temporary file." + exit 1 + fi log "INFO" "Temporary password file created." command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ --extra-vars \"ansible_ssh_pass=$(cat $temp_file)\" --extra-vars @$VARS_FILE -e @$system_params \ @@ -348,6 +361,12 @@ main() { fi log "INFO" "Extracted secret_name: $secret_name" + key_vault_id=$(grep "^key_vault_id:" "$SYSTEM_PARAMS" | awk '{split($0,a,": "); print a[2]}' | xargs) + if [[ -z "$key_vault_id" ]]; then + log "ERROR" "Error: key_vault_id is not defined in $SYSTEM_PARAMS." + exit 1 + fi + playbook_name=$(get_playbook_name "$sap_functional_test_type") log "INFO" "Using playbook: $playbook_name." From a209f0a1f2b27e6d52a8442fee0950d82393b634 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 14:49:53 -0400 Subject: [PATCH 37/64] testing --- scripts/sap_automation_qa.sh | 110 ++++++++++++++--------------------- 1 file changed, 43 insertions(+), 67 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index e8025283..0738bd13 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -159,18 +159,12 @@ retrieve_secret_from_key_vault() { local secret_name=$2 local required_permission="Get" - # Extract resource group name and key vault name from key_vault_id - resource_group_name=$(echo "$key_vault_id" | awk -F'/' '{for(i=1;i<=NF;i++){if($i=="resourceGroups"){print $(i+1)}}}') - key_vault_name=$(echo "$key_vault_id" | awk -F'/' '{for(i=1;i<=NF;i++){if($i=="vaults"){print $(i+1)}}}') - subscription_id=$(echo "$key_vault_id" | awk -F'/' '{for(i=1;i<=NF;i++){if($i=="subscriptions"){print $(i+1)}}}') - - if [[ -z "$resource_group_name" || -z "$key_vault_name" || -z "$secret_name" ]]; then - log "ERROR" "Failed to extract required details from key_vault_id or secret_name is missing." + if [[ -z "$key_vault_id" || -z "$secret_name" ]]; then + log "ERROR" "Key Vault ID or secret name is missing." exit 1 fi - log "INFO" "Extracted resource group name: $resource_group_name" - log "INFO" "Extracted key vault name: $key_vault_name" + log "INFO" "Using Key Vault ID: $key_vault_id" log "INFO" "Using secret name: $secret_name" # Authenticate using MSI @@ -183,15 +177,15 @@ retrieve_secret_from_key_vault() { fi # Attempt to retrieve the secret value and handle errors - log "INFO" "Retrieving secret '$secret_name' from Key Vault '$key_vault_name'..." + log "INFO" "Retrieving secret '$secret_name' from Key Vault using resource ID..." set +e # Temporarily disable exit on error - secret_value=$(az keyvault secret show --vault-name "$key_vault_name" --name "$secret_name" --query "value" -o tsv 2>&1) + secret_value=$(az keyvault secret show --id "$key_vault_id --query "value" -o tsv 2>&1) az_exit_code=$? # Capture the exit code of the az command set -e # Re-enable exit on error if [[ $az_exit_code -ne 0 || -z "$secret_value" ]]; then extracted_message=$(extract_error_message "$secret_value") - log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault '$key_vault_name': $extracted_message" + log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault: $extracted_message" exit 1 fi @@ -234,77 +228,59 @@ run_ansible_playbook() { if [[ "$auth_type" == "SSHKEY" ]]; then log "INFO" "Authentication type is SSHKEY." - local ssh_key="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" - if [[ -f "$ssh_key" ]]; then - log "INFO" "Local SSH key is present: $ssh_key. Skipping secret_name requirement." - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \ - -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" - else - log "INFO" "Local SSH key not found. Retrieving SSH key from Key Vault." - - # Extract key_vault_id only if needed - key_vault_id=$(grep "^key_vault_id:" "$system_params" | awk '{split($0,a,": "); print a[2]}' | xargs) - log "INFO" "Extracted key_vault_id: $key_vault_id" - - if [[ -z "$key_vault_id" || -z "$secret_name" ]]; then - log "ERROR" "Error: key_vault_id or secret_name is not defined in $system_params, and no local SSH key is present." - exit 1 - fi - + if [[ -n "$key_vault_id" && -n "$secret_name" ]]; then + log "INFO" "Key Vault ID and Secret Name are set. Retrieving SSH key from Key Vault." retrieve_secret_from_key_vault "$key_vault_id" "$secret_name" - if [[ -z "$secret_value" ]]; then - log "ERROR" "Error: Secret value is not retrieved, and no local SSH key is present." - exit 1 - fi - temp_file=$(mktemp --suffix=.ppk) + if [[ -f "$temp_file" ]]; then - log "ERROR" "Temporary file already exists: $temp_file" + log "INFO" "Temporary SSH key file exists. Running Ansible playbook." + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $temp_file \ + -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" + else + log "ERROR" "Temporary SSH key file missing." exit 1 fi - echo "$secret_value" > "$temp_file" - if [[ ! -s "$temp_file" ]]; then - log "ERROR" "Failed to store the retrieved secret in the temporary file." + else + local ssh_key="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" + if [[ -f "$ssh_key" ]]; then + log "INFO" "Local SSH key is present. Running Ansible playbook." + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \ + -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" + else + log "ERROR" "No valid SSH key found." exit 1 fi - log "INFO" "Temporary SSH key file created: $temp_file" - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $temp_file \ - -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" fi - elif [[ "$auth_type" == "VMPASSWORD" ]]; then - local password_file="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" - if [[ -f "$password_file" ]]; then - log "INFO" "Local password file is present: $password_file." - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ - --extra-vars \"ansible_ssh_pass=$(cat $password_file)\" --extra-vars @$VARS_FILE -e @$system_params \ - -e '_workspace_directory=$system_config_folder'" - else - log "INFO" "Local password file not found. Retrieving password from Key Vault." - # Extract key_vault_id only if needed - key_vault_id=$(grep "^key_vault_id:" "$system_params" | awk '{split($0,a,": "); print a[2]}' | xargs) - log "INFO" "Extracted key_vault_id: $key_vault_id" - - if [[ -z "$key_vault_id" || -z "$secret_name" ]]; then - log "ERROR" "Error: key_vault_id or secret_name is not defined in $system_params, and no local password file is present." - exit 1 - fi + elif [[ "$auth_type" == "VMPASSWORD" ]]; then + log "INFO" "Authentication type is VMPASSWORD." + if [[ -n "$key_vault_id" && -n "$secret_name" ]]; then + log "INFO" "Key Vault ID and Secret Name are set. Retrieving VM password from Key Vault." retrieve_secret_from_key_vault "$key_vault_id" "$secret_name" - temp_file=$(mktemp --suffix=.password) + if [[ -f "$temp_file" ]]; then - log "ERROR" "Temporary file already exists: $temp_file" + log "INFO" "Temporary VM password file exists. Running Ansible playbook." + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ + --extra-vars \"ansible_ssh_pass=$(cat $temp_file)\" --extra-vars @$VARS_FILE -e @$system_params \ + -e '_workspace_directory=$system_config_folder'" + else + log "ERROR" "Temporary VM password file missing." exit 1 fi - echo "$secret_value" > "$temp_file" - if [[ ! -s "$temp_file" ]]; then - log "ERROR" "Failed to store the retrieved secret in the temporary file." + else + local password_file="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" + if [[ -f "$password_file" ]]; then + log "INFO" "Local VM password file is present. Running Ansible playbook." + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ + --extra-vars \"ansible_ssh_pass=$(cat $password_file)\" --extra-vars @$VARS_FILE -e @$system_params \ + -e '_workspace_directory=$system_config_folder'" + else + log "ERROR" "No valid VM password found." exit 1 fi - log "INFO" "Temporary password file created." - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ - --extra-vars \"ansible_ssh_pass=$(cat $temp_file)\" --extra-vars @$VARS_FILE -e @$system_params \ - -e '_workspace_directory=$system_config_folder'" fi + else log "ERROR" "Unknown authentication type: $auth_type" exit 1 From 1c7e4ec3b21a30c7d0c553baffc03a4ac01c37e8 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 14:53:11 -0400 Subject: [PATCH 38/64] Testing --- scripts/sap_automation_qa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 0738bd13..fbc9628c 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -179,7 +179,7 @@ retrieve_secret_from_key_vault() { # Attempt to retrieve the secret value and handle errors log "INFO" "Retrieving secret '$secret_name' from Key Vault using resource ID..." set +e # Temporarily disable exit on error - secret_value=$(az keyvault secret show --id "$key_vault_id --query "value" -o tsv 2>&1) + secret_value=$(az keyvault secret show --id "$key_vault_id" --query "value" -o tsv 2>&1) # Fixed missing quote az_exit_code=$? # Capture the exit code of the az command set -e # Re-enable exit on error From 35f83f30e28a8155b5835b68679328c49736bd92 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 14:55:25 -0400 Subject: [PATCH 39/64] fixed comments --- scripts/sap_automation_qa.sh | 95 +++++++++++++----------------------- 1 file changed, 33 insertions(+), 62 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index fbc9628c..8aeb4f97 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -18,17 +18,12 @@ RED='\033[0;31m' GREEN='\033[0;32m' NC='\033[0m' -""" -Global variable to store the path of the temporary file. -""" +# Global variable to store the path of the temporary file. temp_file="" -""" -Print logs with color based on severity. - -:param severity: The severity level of the log (e.g., "INFO", "ERROR"). -:param message: The message to log. -""" +# Print logs with color based on severity. +# :param severity: The severity level of the log (e.g., "INFO", "ERROR"). +# :param message: The message to log. log() { local severity=$1 local message=$2 @@ -47,21 +42,15 @@ log "INFO" "ANSIBLE_MODULE_UTILS: $ANSIBLE_MODULE_UTILS" # Define the path to the vars.yaml file VARS_FILE="${cmd_dir}/../vars.yaml" -""" -Check if a command exists. - -:param command: The command to check. -:return: None. Exits with a non-zero status if the command does not exist. -""" +# Check if a command exists. +# :param command: The command to check. +# :return: None. Exits with a non-zero status if the command does not exist. command_exists() { command -v "$1" &> /dev/null } -""" -Validate input parameters from vars.yaml. - -:return: None. Exits with a non-zero status if validation fails. -""" +# Validate input parameters from vars.yaml. +# :return: None. Exits with a non-zero status if validation fails. validate_params() { local missing_params=() local params=("TEST_TYPE" "SYSTEM_CONFIG_NAME" "sap_functional_test_type" "AUTHENTICATION_TYPE") @@ -90,13 +79,10 @@ validate_params() { fi } -""" -Check if a file exists. - -:param file_path: The path to the file to check. -:param error_message: The error message to display if the file does not exist. -:return: None. Exits with a non-zero status if the file does not exist. -""" +# Check if a file exists. +# :param file_path: The path to the file to check. +# :param error_message: The error message to display if the file does not exist. +# :return: None. Exits with a non-zero status if the file does not exist. check_file_exists() { local file_path=$1 local error_message=$2 @@ -107,12 +93,9 @@ check_file_exists() { fi } -""" -Extract the error message from a command's output. - -:param error_output: The output containing the error message. -:return: The extracted error message or a default message if none is found. -""" +# Extract the error message from a command's output. +# :param error_output: The output containing the error message. +# :return: The extracted error message or a default message if none is found. extract_error_message() { local error_output=$1 local extracted_message @@ -124,12 +107,9 @@ extract_error_message() { echo "$extracted_message" } -""" -Determine the playbook name based on the sap_functional_test_type. - -:param test_type: The type of SAP functional test. -:return: The name of the playbook. -""" +# Determine the playbook name based on the sap_functional_test_type. +# :param test_type: The type of SAP functional test. +# :return: The name of the playbook. get_playbook_name() { local test_type=$1 @@ -147,13 +127,10 @@ get_playbook_name() { esac } -""" -Retrieve a secret from Azure Key Vault. - -:param key_vault_id: The ID of the Key Vault. -:param secret_name: The name of the secret in the Key Vault. -:return: None. Exits with a non-zero status if retrieval fails. -""" +# Retrieve a secret from Azure Key Vault. +# :param key_vault_id: The ID of the Key Vault. +# :param secret_name: The name of the secret in the Key Vault. +# :return: None. Exits with a non-zero status if retrieval fails. retrieve_secret_from_key_vault() { local key_vault_id=$1 local secret_name=$2 @@ -206,17 +183,14 @@ retrieve_secret_from_key_vault() { log "INFO" "Temporary SSH key file created: $temp_file" } -""" -Run the ansible playbook. - -:param playbook_name: The name of the playbook to run. -:param system_hosts: The path to the inventory file. -:param system_params: The path to the SAP parameters file. -:param auth_type: The authentication type (e.g., "SSHKEY", "VMPASSWORD"). -:param system_config_folder: The path to the system configuration folder. -:param secret_name: The name of the secret in the Key Vault. -:return: None. Exits with the return code of the ansible-playbook command. -""" +# Run the ansible playbook. +# :param playbook_name: The name of the playbook to run. +# :param system_hosts: The path to the inventory file. +# :param system_params: The path to the SAP parameters file. +# :param auth_type: The authentication type (e.g., "SSHKEY", "VMPASSWORD"). +# :param system_config_folder: The path to the system configuration folder. +# :param secret_name: The name of the secret in the Key Vault. +# :return: None. Exits with the return code of the ansible-playbook command. run_ansible_playbook() { local playbook_name=$1 local system_hosts=$2 @@ -301,11 +275,8 @@ run_ansible_playbook() { exit $return_code } -""" -Main script execution. - -:return: None. Exits with a non-zero status if any step fails. -""" +# Main script execution. +# :return: None. Exits with a non-zero status if any step fails. main() { log "INFO" "Activate the virtual environment..." set -e From 977e48907922e275539f1c21f7a20ea7fa685e6b Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 14:56:06 -0400 Subject: [PATCH 40/64] fixed comments --- scripts/sap_automation_qa.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 8aeb4f97..6cf389f4 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -147,7 +147,6 @@ retrieve_secret_from_key_vault() { # Authenticate using MSI log "INFO" "Authenticating using MSI..." az login --identity - az account set --subscription "$subscription_id" if [[ $? -ne 0 ]]; then log "ERROR" "Failed to authenticate using MSI." exit 1 From 7850a7b13a450305caaa0e515bab7ec8dfa17282 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 15:01:39 -0400 Subject: [PATCH 41/64] testing --- scripts/sap_automation_qa.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 6cf389f4..3fb406ba 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -136,6 +136,8 @@ retrieve_secret_from_key_vault() { local secret_name=$2 local required_permission="Get" + subscription_id=$(echo "$key_vault_id" | awk -F'/' '{for(i=1;i<=NF;i++){if($i=="subscriptions"){print $(i+1)}}}') + if [[ -z "$key_vault_id" || -z "$secret_name" ]]; then log "ERROR" "Key Vault ID or secret name is missing." exit 1 @@ -147,6 +149,7 @@ retrieve_secret_from_key_vault() { # Authenticate using MSI log "INFO" "Authenticating using MSI..." az login --identity + az account set --subscription "$subscription_id" if [[ $? -ne 0 ]]; then log "ERROR" "Failed to authenticate using MSI." exit 1 From 3c98c770090799c193a3c8c1d83305afcf42dfca Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 15:31:18 -0400 Subject: [PATCH 42/64] testing --- .../DEV-WEEU-SAP01-X00/sap-parameters.yaml | 2 +- scripts/sap_automation_qa.sh | 44 +++++++++---------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/WORKSPACES/SYSTEM/DEV-WEEU-SAP01-X00/sap-parameters.yaml b/WORKSPACES/SYSTEM/DEV-WEEU-SAP01-X00/sap-parameters.yaml index b9e8adcb..9cf96977 100644 --- a/WORKSPACES/SYSTEM/DEV-WEEU-SAP01-X00/sap-parameters.yaml +++ b/WORKSPACES/SYSTEM/DEV-WEEU-SAP01-X00/sap-parameters.yaml @@ -31,4 +31,4 @@ NFS_provider: AFS # Key Vault # ############################################################################# key_vault_id: /subscriptions//resourceGroups//providers/Microsoft.KeyVault/vaults/ -secret_name: \ No newline at end of file +secret_id: https://.vault.azure.net/secrets// \ No newline at end of file diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 3fb406ba..3bcaddf2 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -129,22 +129,22 @@ get_playbook_name() { # Retrieve a secret from Azure Key Vault. # :param key_vault_id: The ID of the Key Vault. -# :param secret_name: The name of the secret in the Key Vault. +# :param secret_id: The ID of the secret in the Key Vault. # :return: None. Exits with a non-zero status if retrieval fails. retrieve_secret_from_key_vault() { local key_vault_id=$1 - local secret_name=$2 + local secret_id=$2 local required_permission="Get" subscription_id=$(echo "$key_vault_id" | awk -F'/' '{for(i=1;i<=NF;i++){if($i=="subscriptions"){print $(i+1)}}}') - if [[ -z "$key_vault_id" || -z "$secret_name" ]]; then - log "ERROR" "Key Vault ID or secret name is missing." + if [[ -z "$key_vault_id" || -z "$secret_id" ]]; then + log "ERROR" "Key Vault ID or secret ID is missing." exit 1 fi log "INFO" "Using Key Vault ID: $key_vault_id" - log "INFO" "Using secret name: $secret_name" + log "INFO" "Using secret ID: $secret_id" # Authenticate using MSI log "INFO" "Authenticating using MSI..." @@ -156,15 +156,15 @@ retrieve_secret_from_key_vault() { fi # Attempt to retrieve the secret value and handle errors - log "INFO" "Retrieving secret '$secret_name' from Key Vault using resource ID..." + log "INFO" "Retrieving secret from Key Vault using resource ID..." set +e # Temporarily disable exit on error - secret_value=$(az keyvault secret show --id "$key_vault_id" --query "value" -o tsv 2>&1) # Fixed missing quote + secret_value=$(az keyvault secret show --id "$secret_id" --query "value" -o tsv 2>&1) az_exit_code=$? # Capture the exit code of the az command set -e # Re-enable exit on error if [[ $az_exit_code -ne 0 || -z "$secret_value" ]]; then extracted_message=$(extract_error_message "$secret_value") - log "ERROR" "Failed to retrieve secret '$secret_name' from Key Vault: $extracted_message" + log "ERROR" "Failed to retrieve secret from Key Vault: $extracted_message" exit 1 fi @@ -191,7 +191,7 @@ retrieve_secret_from_key_vault() { # :param system_params: The path to the SAP parameters file. # :param auth_type: The authentication type (e.g., "SSHKEY", "VMPASSWORD"). # :param system_config_folder: The path to the system configuration folder. -# :param secret_name: The name of the secret in the Key Vault. +# :param secret_id: The ID of the secret in the Key Vault. # :return: None. Exits with the return code of the ansible-playbook command. run_ansible_playbook() { local playbook_name=$1 @@ -199,14 +199,14 @@ run_ansible_playbook() { local system_params=$3 local auth_type=$4 local system_config_folder=$5 - local secret_name=$6 + local secret_id=$6 if [[ "$auth_type" == "SSHKEY" ]]; then log "INFO" "Authentication type is SSHKEY." - if [[ -n "$key_vault_id" && -n "$secret_name" ]]; then - log "INFO" "Key Vault ID and Secret Name are set. Retrieving SSH key from Key Vault." - retrieve_secret_from_key_vault "$key_vault_id" "$secret_name" + if [[ -n "$key_vault_id" && -n "$secret_id" ]]; then + log "INFO" "Key Vault ID and Secret ID are set. Retrieving SSH key from Key Vault." + retrieve_secret_from_key_vault "$key_vault_id" "$secret_id" if [[ -f "$temp_file" ]]; then log "INFO" "Temporary SSH key file exists. Running Ansible playbook." @@ -231,9 +231,9 @@ run_ansible_playbook() { elif [[ "$auth_type" == "VMPASSWORD" ]]; then log "INFO" "Authentication type is VMPASSWORD." - if [[ -n "$key_vault_id" && -n "$secret_name" ]]; then - log "INFO" "Key Vault ID and Secret Name are set. Retrieving VM password from Key Vault." - retrieve_secret_from_key_vault "$key_vault_id" "$secret_name" + if [[ -n "$key_vault_id" && -n "$secret_id" ]]; then + log "INFO" "Key Vault ID and Secret ID are set. Retrieving VM password from Key Vault." + retrieve_secret_from_key_vault "$key_vault_id" "$secret_id" if [[ -f "$temp_file" ]]; then log "INFO" "Temporary VM password file exists. Running Ansible playbook." @@ -301,14 +301,14 @@ main() { check_file_exists "$SYSTEM_PARAMS" \ "sap-parameters.yaml not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." - # Extract secret_name from sap-parameters.yaml - secret_name=$(grep "^secret_name:" "$SYSTEM_PARAMS" | awk '{split($0,a,": "); print a[2]}' | xargs) + # Extract secret_id from sap-parameters.yaml + secret_id=$(grep "^secret_id:" "$SYSTEM_PARAMS" | awk '{split($0,a,": "); print a[2]}' | xargs) - if [[ -z "$secret_name" && "$AUTHENTICATION_TYPE" != "SSHKEY" ]]; then - log "ERROR" "Error: secret_name is not defined in $SYSTEM_PARAMS." + if [[ -z "$secret_id" && "$AUTHENTICATION_TYPE" != "SSHKEY" ]]; then + log "ERROR" "Error: secret_id is not defined in $SYSTEM_PARAMS." exit 1 fi - log "INFO" "Extracted secret_name: $secret_name" + log "INFO" "Extracted secret_id: $secret_id" key_vault_id=$(grep "^key_vault_id:" "$SYSTEM_PARAMS" | awk '{split($0,a,": "); print a[2]}' | xargs) if [[ -z "$key_vault_id" ]]; then @@ -319,7 +319,7 @@ main() { playbook_name=$(get_playbook_name "$sap_functional_test_type") log "INFO" "Using playbook: $playbook_name." - run_ansible_playbook "$playbook_name" "$SYSTEM_HOSTS" "$SYSTEM_PARAMS" "$AUTHENTICATION_TYPE" "$SYSTEM_CONFIG_FOLDER" "$secret_name" + run_ansible_playbook "$playbook_name" "$SYSTEM_HOSTS" "$SYSTEM_PARAMS" "$AUTHENTICATION_TYPE" "$SYSTEM_CONFIG_FOLDER" "$secret_id" # Clean up any remaining temporary files if [[ -n "$temp_file" && -f "$temp_file" ]]; then From 1ee31a1066a2e6599a55881e640a893a69a25216 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 15:41:30 -0400 Subject: [PATCH 43/64] testing --- scripts/sap_automation_qa.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 3bcaddf2..282c6eed 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -169,7 +169,9 @@ retrieve_secret_from_key_vault() { fi log "INFO" "Successfully retrieved secret from Key Vault." - temp_file=$(mktemp --suffix=.ppk) + + # Define a unique temporary file path + temp_file=$(mktemp --dry-run --suffix=.ppk) # Check if the temporary file already exists if [[ -f "$temp_file" ]]; then @@ -177,6 +179,7 @@ retrieve_secret_from_key_vault() { exit 1 fi + # Create the temporary file and write the secret value to it echo "$secret_value" > "$temp_file" if [[ ! -s "$temp_file" ]]; then log "ERROR" "Failed to store the retrieved secret in the temporary file." From 1f332fe9007615a86562e562203b4d91e7306eb6 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 15:44:44 -0400 Subject: [PATCH 44/64] testing --- scripts/sap_automation_qa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 282c6eed..4a31a38a 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -267,7 +267,7 @@ run_ansible_playbook() { log "INFO" "Running ansible playbook..." log "INFO" "Executing: $command" - eval $command + #eval $command return_code=$? log "INFO" "Ansible playbook execution completed with return code: $return_code" From 1569d02b31956d6c0dae92da9b20adac5e325e04 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 15:49:14 -0400 Subject: [PATCH 45/64] added /dev/null --- scripts/sap_automation_qa.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 4a31a38a..40a3e5f3 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -148,8 +148,8 @@ retrieve_secret_from_key_vault() { # Authenticate using MSI log "INFO" "Authenticating using MSI..." - az login --identity - az account set --subscription "$subscription_id" + az login --identity > /dev/null 2>&1 + az account set --subscription "$subscription_id" > /dev/null 2>&1 if [[ $? -ne 0 ]]; then log "ERROR" "Failed to authenticate using MSI." exit 1 @@ -158,7 +158,7 @@ retrieve_secret_from_key_vault() { # Attempt to retrieve the secret value and handle errors log "INFO" "Retrieving secret from Key Vault using resource ID..." set +e # Temporarily disable exit on error - secret_value=$(az keyvault secret show --id "$secret_id" --query "value" -o tsv 2>&1) + secret_value=$(az keyvault secret show --id "$secret_id" --query "value" -o tsv > /dev/null 2>&1) az_exit_code=$? # Capture the exit code of the az command set -e # Re-enable exit on error @@ -267,7 +267,7 @@ run_ansible_playbook() { log "INFO" "Running ansible playbook..." log "INFO" "Executing: $command" - #eval $command + eval $command return_code=$? log "INFO" "Ansible playbook execution completed with return code: $return_code" From 5e3f611443f719348864924b4dd8de4e52fdba20 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 15:50:57 -0400 Subject: [PATCH 46/64] added /dev/null --- scripts/sap_automation_qa.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 40a3e5f3..18da6d7d 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -148,8 +148,8 @@ retrieve_secret_from_key_vault() { # Authenticate using MSI log "INFO" "Authenticating using MSI..." - az login --identity > /dev/null 2>&1 - az account set --subscription "$subscription_id" > /dev/null 2>&1 + az login --identity + az account set --subscription "$subscription_id" if [[ $? -ne 0 ]]; then log "ERROR" "Failed to authenticate using MSI." exit 1 @@ -158,7 +158,7 @@ retrieve_secret_from_key_vault() { # Attempt to retrieve the secret value and handle errors log "INFO" "Retrieving secret from Key Vault using resource ID..." set +e # Temporarily disable exit on error - secret_value=$(az keyvault secret show --id "$secret_id" --query "value" -o tsv > /dev/null 2>&1) + secret_value=$(az keyvault secret show --id "$secret_id" --query "value" > /dev/null 2>&1) az_exit_code=$? # Capture the exit code of the az command set -e # Re-enable exit on error From 38205f030977a9ae7112f4a3d231db5d5decdccb Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 15:52:04 -0400 Subject: [PATCH 47/64] added /dev/null --- scripts/sap_automation_qa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 18da6d7d..4e1325e4 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -158,7 +158,7 @@ retrieve_secret_from_key_vault() { # Attempt to retrieve the secret value and handle errors log "INFO" "Retrieving secret from Key Vault using resource ID..." set +e # Temporarily disable exit on error - secret_value=$(az keyvault secret show --id "$secret_id" --query "value" > /dev/null 2>&1) + secret_value=$(az keyvault secret show --id "$secret_id" --query "value" 2>&1) az_exit_code=$? # Capture the exit code of the az command set -e # Re-enable exit on error From 6653302e2347797096aaf4a6b2d84fe7e251f465 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 15:52:55 -0400 Subject: [PATCH 48/64] added /dev/null --- scripts/sap_automation_qa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 4e1325e4..282c6eed 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -158,7 +158,7 @@ retrieve_secret_from_key_vault() { # Attempt to retrieve the secret value and handle errors log "INFO" "Retrieving secret from Key Vault using resource ID..." set +e # Temporarily disable exit on error - secret_value=$(az keyvault secret show --id "$secret_id" --query "value" 2>&1) + secret_value=$(az keyvault secret show --id "$secret_id" --query "value" -o tsv 2>&1) az_exit_code=$? # Capture the exit code of the az command set -e # Re-enable exit on error From 52fe2d6efeb2a007245bb68c9f0b36716515175e Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 15:54:22 -0400 Subject: [PATCH 49/64] added /dev/null --- scripts/sap_automation_qa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 282c6eed..18da6d7d 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -158,7 +158,7 @@ retrieve_secret_from_key_vault() { # Attempt to retrieve the secret value and handle errors log "INFO" "Retrieving secret from Key Vault using resource ID..." set +e # Temporarily disable exit on error - secret_value=$(az keyvault secret show --id "$secret_id" --query "value" -o tsv 2>&1) + secret_value=$(az keyvault secret show --id "$secret_id" --query "value" > /dev/null 2>&1) az_exit_code=$? # Capture the exit code of the az command set -e # Re-enable exit on error From 01ae1f69663c168ffd60ba9e16961e2b4f8cf291 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 15:57:13 -0400 Subject: [PATCH 50/64] reworked the logic --- scripts/sap_automation_qa.sh | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 18da6d7d..bd8e570c 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -157,14 +157,10 @@ retrieve_secret_from_key_vault() { # Attempt to retrieve the secret value and handle errors log "INFO" "Retrieving secret from Key Vault using resource ID..." - set +e # Temporarily disable exit on error secret_value=$(az keyvault secret show --id "$secret_id" --query "value" > /dev/null 2>&1) - az_exit_code=$? # Capture the exit code of the az command - set -e # Re-enable exit on error - if [[ $az_exit_code -ne 0 || -z "$secret_value" ]]; then - extracted_message=$(extract_error_message "$secret_value") - log "ERROR" "Failed to retrieve secret from Key Vault: $extracted_message" + if [[ -z "$secret_value" ]]; then + log "ERROR" "Failed to retrieve secret from Key Vault: secret_value is empty." exit 1 fi From c9c6fb31ea2911c73fb3f80f7b7012aeb67d90b9 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 15:58:37 -0400 Subject: [PATCH 51/64] reworked the logic --- scripts/sap_automation_qa.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index bd8e570c..a002582f 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -157,10 +157,14 @@ retrieve_secret_from_key_vault() { # Attempt to retrieve the secret value and handle errors log "INFO" "Retrieving secret from Key Vault using resource ID..." - secret_value=$(az keyvault secret show --id "$secret_id" --query "value" > /dev/null 2>&1) - - if [[ -z "$secret_value" ]]; then - log "ERROR" "Failed to retrieve secret from Key Vault: secret_value is empty." + set +e # Temporarily disable exit on error + secret_value=$(az keyvault secret show --id "$secret_id" --query "value" >/dev/null 2>&1) + az_exit_code=$? # Capture the exit code of the az command + set -e # Re-enable exit on error + + if [[ $az_exit_code -ne 0 || -z "$secret_value" ]]; then + extracted_message=$(extract_error_message "$secret_value") + log "ERROR" "Failed to retrieve secret from Key Vault: $extracted_message" exit 1 fi From a4fc8e634d33baf96bce3fa3066cb1f481e6bc2d Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 15:59:01 -0400 Subject: [PATCH 52/64] reworked the logic --- scripts/sap_automation_qa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index a002582f..f33f8506 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -158,7 +158,7 @@ retrieve_secret_from_key_vault() { # Attempt to retrieve the secret value and handle errors log "INFO" "Retrieving secret from Key Vault using resource ID..." set +e # Temporarily disable exit on error - secret_value=$(az keyvault secret show --id "$secret_id" --query "value" >/dev/null 2>&1) + secret_value=$(az keyvault secret show --id "$secret_id" --query "value" -o tsv >/dev/null 2>&1) az_exit_code=$? # Capture the exit code of the az command set -e # Re-enable exit on error From 3dd79abf232d64d2c4f3e270c99df93158fb691a Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 15:59:36 -0400 Subject: [PATCH 53/64] reworked the logic --- scripts/sap_automation_qa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index f33f8506..282c6eed 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -158,7 +158,7 @@ retrieve_secret_from_key_vault() { # Attempt to retrieve the secret value and handle errors log "INFO" "Retrieving secret from Key Vault using resource ID..." set +e # Temporarily disable exit on error - secret_value=$(az keyvault secret show --id "$secret_id" --query "value" -o tsv >/dev/null 2>&1) + secret_value=$(az keyvault secret show --id "$secret_id" --query "value" -o tsv 2>&1) az_exit_code=$? # Capture the exit code of the az command set -e # Re-enable exit on error From 912502310256592bc1d11c0bfa83eb0b84381351 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 16:45:05 -0400 Subject: [PATCH 54/64] final_testing --- scripts/sap_automation_qa.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 282c6eed..394fdb21 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -134,7 +134,6 @@ get_playbook_name() { retrieve_secret_from_key_vault() { local key_vault_id=$1 local secret_id=$2 - local required_permission="Get" subscription_id=$(echo "$key_vault_id" | awk -F'/' '{for(i=1;i<=NF;i++){if($i=="subscriptions"){print $(i+1)}}}') From 4e373f8766a2e5d2f6e34825a5137cf62304b91f Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 17:00:26 -0400 Subject: [PATCH 55/64] changed logic for extraction --- scripts/sap_automation_qa.sh | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 394fdb21..ca79d63c 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -193,7 +193,6 @@ retrieve_secret_from_key_vault() { # :param system_params: The path to the SAP parameters file. # :param auth_type: The authentication type (e.g., "SSHKEY", "VMPASSWORD"). # :param system_config_folder: The path to the system configuration folder. -# :param secret_id: The ID of the secret in the Key Vault. # :return: None. Exits with the return code of the ansible-playbook command. run_ansible_playbook() { local playbook_name=$1 @@ -201,7 +200,18 @@ run_ansible_playbook() { local system_params=$3 local auth_type=$4 local system_config_folder=$5 - local secret_id=$6 + + # Set local secret_id and key_vault_id if defined + local secret_id=$(grep "^secret_id:" "$system_params" | awk '{split($0,a,": "); print a[2]}' | xargs || true) + local key_vault_id=$(grep "^key_vault_id:" "$system_params" | awk '{split($0,a,": "); print a[2]}' | xargs || true) + + if [[ -n "$secret_id" ]]; then + log "INFO" "Extracted secret_id: $secret_id" + fi + + if [[ -n "$key_vault_id" ]]; then + log "INFO" "Extracted key_vault_id: $key_vault_id" + fi if [[ "$auth_type" == "SSHKEY" ]]; then log "INFO" "Authentication type is SSHKEY." @@ -303,25 +313,10 @@ main() { check_file_exists "$SYSTEM_PARAMS" \ "sap-parameters.yaml not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." - # Extract secret_id from sap-parameters.yaml - secret_id=$(grep "^secret_id:" "$SYSTEM_PARAMS" | awk '{split($0,a,": "); print a[2]}' | xargs) - - if [[ -z "$secret_id" && "$AUTHENTICATION_TYPE" != "SSHKEY" ]]; then - log "ERROR" "Error: secret_id is not defined in $SYSTEM_PARAMS." - exit 1 - fi - log "INFO" "Extracted secret_id: $secret_id" - - key_vault_id=$(grep "^key_vault_id:" "$SYSTEM_PARAMS" | awk '{split($0,a,": "); print a[2]}' | xargs) - if [[ -z "$key_vault_id" ]]; then - log "ERROR" "Error: key_vault_id is not defined in $SYSTEM_PARAMS." - exit 1 - fi - playbook_name=$(get_playbook_name "$sap_functional_test_type") log "INFO" "Using playbook: $playbook_name." - run_ansible_playbook "$playbook_name" "$SYSTEM_HOSTS" "$SYSTEM_PARAMS" "$AUTHENTICATION_TYPE" "$SYSTEM_CONFIG_FOLDER" "$secret_id" + run_ansible_playbook "$playbook_name" "$SYSTEM_HOSTS" "$SYSTEM_PARAMS" "$AUTHENTICATION_TYPE" "$SYSTEM_CONFIG_FOLDER" # Clean up any remaining temporary files if [[ -n "$temp_file" && -f "$temp_file" ]]; then From 4ceaa9293cfa416fa675524e988d9211ca6bc4bd Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 17:08:45 -0400 Subject: [PATCH 56/64] changed logic for extraction --- scripts/sap_automation_qa.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index ca79d63c..6456a64e 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -180,11 +180,12 @@ retrieve_secret_from_key_vault() { # Create the temporary file and write the secret value to it echo "$secret_value" > "$temp_file" + chmod 600 "$temp_file" # Set the correct permissions for the private key file if [[ ! -s "$temp_file" ]]; then log "ERROR" "Failed to store the retrieved secret in the temporary file." exit 1 fi - log "INFO" "Temporary SSH key file created: $temp_file" + log "INFO" "Temporary SSH key file created with secure permissions: $temp_file" } # Run the ansible playbook. From 0999ea0c0ca11f61333e2c129fd2e52d11091130 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 18:22:24 -0400 Subject: [PATCH 57/64] called check file function --- scripts/sap_automation_qa.sh | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 6456a64e..4d1acbf3 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -173,10 +173,8 @@ retrieve_secret_from_key_vault() { temp_file=$(mktemp --dry-run --suffix=.ppk) # Check if the temporary file already exists - if [[ -f "$temp_file" ]]; then - log "ERROR" "Temporary file already exists: $temp_file" - exit 1 - fi + check_file_exists "$temp_file" \ + "Temporary file already exists. Please check the Key Vault secret ID." # Create the temporary file and write the secret value to it echo "$secret_value" > "$temp_file" @@ -221,19 +219,18 @@ run_ansible_playbook() { log "INFO" "Key Vault ID and Secret ID are set. Retrieving SSH key from Key Vault." retrieve_secret_from_key_vault "$key_vault_id" "$secret_id" - if [[ -f "$temp_file" ]]; then - log "INFO" "Temporary SSH key file exists. Running Ansible playbook." - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $temp_file \ + check_file_exists "$temp_file" \ + "Temporary SSH key file not found. Please check the Key Vault secret ID." + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $temp_file \ -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" else log "ERROR" "Temporary SSH key file missing." exit 1 fi else - local ssh_key="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" - if [[ -f "$ssh_key" ]]; then - log "INFO" "Local SSH key is present. Running Ansible playbook." - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \ + check_file_exists "${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" \ + "ssh_key.ppk not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \ -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" else log "ERROR" "No valid SSH key found." @@ -248,9 +245,9 @@ run_ansible_playbook() { log "INFO" "Key Vault ID and Secret ID are set. Retrieving VM password from Key Vault." retrieve_secret_from_key_vault "$key_vault_id" "$secret_id" - if [[ -f "$temp_file" ]]; then - log "INFO" "Temporary VM password file exists. Running Ansible playbook." - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ + check_file_exists "$temp_file" \ + "Temporary SSH key file not found. Please check the Key Vault secret ID." + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ --extra-vars \"ansible_ssh_pass=$(cat $temp_file)\" --extra-vars @$VARS_FILE -e @$system_params \ -e '_workspace_directory=$system_config_folder'" else @@ -259,9 +256,9 @@ run_ansible_playbook() { fi else local password_file="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" - if [[ -f "$password_file" ]]; then - log "INFO" "Local VM password file is present. Running Ansible playbook." - command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ + check_file_exists "$password_file" \ + "password file not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." + command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ --extra-vars \"ansible_ssh_pass=$(cat $password_file)\" --extra-vars @$VARS_FILE -e @$system_params \ -e '_workspace_directory=$system_config_folder'" else From d0ac2d0a5d70391eaa7a65fd56bf7170cf208dac Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 18:23:34 -0400 Subject: [PATCH 58/64] moved cleanup function --- scripts/sap_automation_qa.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 4d1acbf3..d9baf39b 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -284,6 +284,12 @@ run_ansible_playbook() { log "INFO" "Temporary file deleted: $temp_file" fi + # Clean up any remaining temporary files + if [[ -n "$temp_file" && -f "$temp_file" ]]; then + rm -f "$temp_file" + log "INFO" "Temporary file deleted: $temp_file" + fi + exit $return_code } @@ -316,11 +322,6 @@ main() { run_ansible_playbook "$playbook_name" "$SYSTEM_HOSTS" "$SYSTEM_PARAMS" "$AUTHENTICATION_TYPE" "$SYSTEM_CONFIG_FOLDER" - # Clean up any remaining temporary files - if [[ -n "$temp_file" && -f "$temp_file" ]]; then - rm -f "$temp_file" - log "INFO" "Temporary file deleted: $temp_file" - fi } # Execute the main function From 1d8f2b603e40c47574d753fef8d7ac58f7782169 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 18:24:28 -0400 Subject: [PATCH 59/64] removed duplicate code --- scripts/sap_automation_qa.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index d9baf39b..4a9b7f64 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -284,12 +284,6 @@ run_ansible_playbook() { log "INFO" "Temporary file deleted: $temp_file" fi - # Clean up any remaining temporary files - if [[ -n "$temp_file" && -f "$temp_file" ]]; then - rm -f "$temp_file" - log "INFO" "Temporary file deleted: $temp_file" - fi - exit $return_code } From dfcd38042dbc7afc1b9fb704762b3e054cceaf70 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 18:28:28 -0400 Subject: [PATCH 60/64] removed else block --- scripts/sap_automation_qa.sh | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 4a9b7f64..761be913 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -223,19 +223,11 @@ run_ansible_playbook() { "Temporary SSH key file not found. Please check the Key Vault secret ID." command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $temp_file \ -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" - else - log "ERROR" "Temporary SSH key file missing." - exit 1 - fi else check_file_exists "${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" \ "ssh_key.ppk not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \ -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" - else - log "ERROR" "No valid SSH key found." - exit 1 - fi fi elif [[ "$auth_type" == "VMPASSWORD" ]]; then @@ -250,10 +242,6 @@ run_ansible_playbook() { command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ --extra-vars \"ansible_ssh_pass=$(cat $temp_file)\" --extra-vars @$VARS_FILE -e @$system_params \ -e '_workspace_directory=$system_config_folder'" - else - log "ERROR" "Temporary VM password file missing." - exit 1 - fi else local password_file="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/password" check_file_exists "$password_file" \ @@ -261,10 +249,6 @@ run_ansible_playbook() { command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts \ --extra-vars \"ansible_ssh_pass=$(cat $password_file)\" --extra-vars @$VARS_FILE -e @$system_params \ -e '_workspace_directory=$system_config_folder'" - else - log "ERROR" "No valid VM password found." - exit 1 - fi fi else From 62cc6d96756cf0347d660933f7a168b6578f8862 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 18:40:25 -0400 Subject: [PATCH 61/64] testing temp file --- scripts/sap_automation_qa.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 761be913..55c06185 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -86,7 +86,7 @@ validate_params() { check_file_exists() { local file_path=$1 local error_message=$2 - + log "INFO" "Checking if file exists: $file_path" if [[ ! -f "$file_path" ]]; then log "ERROR" "Error: $error_message" exit 1 @@ -171,10 +171,10 @@ retrieve_secret_from_key_vault() { # Define a unique temporary file path temp_file=$(mktemp --dry-run --suffix=.ppk) - - # Check if the temporary file already exists - check_file_exists "$temp_file" \ - "Temporary file already exists. Please check the Key Vault secret ID." + if [[ -f "$temp_file" ]]; then + log "ERROR" "Temporary file already exists: $temp_file" + exit 1 + fi # Create the temporary file and write the secret value to it echo "$secret_value" > "$temp_file" From f682228920e500771c9de7a82acead48584209e0 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 18:55:01 -0400 Subject: [PATCH 62/64] adding ssh_key variables --- scripts/sap_automation_qa.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 55c06185..0e803545 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -226,6 +226,7 @@ run_ansible_playbook() { else check_file_exists "${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" \ "ssh_key.ppk not found in WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME directory." + ssh_key="${cmd_dir}/../WORKSPACES/SYSTEM/$SYSTEM_CONFIG_NAME/ssh_key.ppk" command="ansible-playbook ${cmd_dir}/../src/$playbook_name.yml -i $system_hosts --private-key $ssh_key \ -e @$VARS_FILE -e @$system_params -e '_workspace_directory=$system_config_folder'" fi From c2da030e8405016879f6465bd7f1ba09c18c3d09 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 19:19:13 -0400 Subject: [PATCH 63/64] fixed temp file creation --- scripts/sap_automation_qa.sh | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 0e803545..09be7e1d 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -130,10 +130,12 @@ get_playbook_name() { # Retrieve a secret from Azure Key Vault. # :param key_vault_id: The ID of the Key Vault. # :param secret_id: The ID of the secret in the Key Vault. +# :param auth_type: The authentication type (e.g., "SSHKEY", "VMPASSWORD"). # :return: None. Exits with a non-zero status if retrieval fails. retrieve_secret_from_key_vault() { local key_vault_id=$1 local secret_id=$2 + local auth_type=$3 # Add auth_type as a parameter subscription_id=$(echo "$key_vault_id" | awk -F'/' '{for(i=1;i<=NF;i++){if($i=="subscriptions"){print $(i+1)}}}') @@ -169,21 +171,29 @@ retrieve_secret_from_key_vault() { log "INFO" "Successfully retrieved secret from Key Vault." - # Define a unique temporary file path - temp_file=$(mktemp --dry-run --suffix=.ppk) + # Define a unique temporary file path based on auth_type + if [[ "$auth_type" == "SSHKEY" ]]; then + temp_file=$(mktemp --dry-run --suffix=.ppk) + elif [[ "$auth_type" == "VMPASSWORD" ]]; then + temp_file=$(mktemp --dry-run) + else + log "ERROR" "Unknown authentication type: $auth_type" + exit 1 + fi + if [[ -f "$temp_file" ]]; then log "ERROR" "Temporary file already exists: $temp_file" exit 1 fi # Create the temporary file and write the secret value to it - echo "$secret_value" > "$temp_file" - chmod 600 "$temp_file" # Set the correct permissions for the private key file + echo "$secret_value" > "$temp_file" > /dev/null + chmod 600 "$temp_file" # Set the correct permissions for the file if [[ ! -s "$temp_file" ]]; then log "ERROR" "Failed to store the retrieved secret in the temporary file." exit 1 fi - log "INFO" "Temporary SSH key file created with secure permissions: $temp_file" + log "INFO" "Temporary file created with secure permissions: $temp_file" } # Run the ansible playbook. @@ -217,7 +227,7 @@ run_ansible_playbook() { if [[ -n "$key_vault_id" && -n "$secret_id" ]]; then log "INFO" "Key Vault ID and Secret ID are set. Retrieving SSH key from Key Vault." - retrieve_secret_from_key_vault "$key_vault_id" "$secret_id" + retrieve_secret_from_key_vault "$key_vault_id" "$secret_id" "SSHKEY" check_file_exists "$temp_file" \ "Temporary SSH key file not found. Please check the Key Vault secret ID." @@ -236,7 +246,7 @@ run_ansible_playbook() { if [[ -n "$key_vault_id" && -n "$secret_id" ]]; then log "INFO" "Key Vault ID and Secret ID are set. Retrieving VM password from Key Vault." - retrieve_secret_from_key_vault "$key_vault_id" "$secret_id" + retrieve_secret_from_key_vault "$key_vault_id" "$secret_id" "VMPASSWORD" check_file_exists "$temp_file" \ "Temporary SSH key file not found. Please check the Key Vault secret ID." From dd34ca3f360b106ee8d045279fe10f23c88bab30 Mon Sep 17 00:00:00 2001 From: Dhruv Aggarwal Date: Thu, 3 Apr 2025 19:20:42 -0400 Subject: [PATCH 64/64] fixed temp file creation --- scripts/sap_automation_qa.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/sap_automation_qa.sh b/scripts/sap_automation_qa.sh index 09be7e1d..2119e08e 100755 --- a/scripts/sap_automation_qa.sh +++ b/scripts/sap_automation_qa.sh @@ -187,7 +187,7 @@ retrieve_secret_from_key_vault() { fi # Create the temporary file and write the secret value to it - echo "$secret_value" > "$temp_file" > /dev/null + echo "$secret_value" > "$temp_file" chmod 600 "$temp_file" # Set the correct permissions for the file if [[ ! -s "$temp_file" ]]; then log "ERROR" "Failed to store the retrieved secret in the temporary file."