-
Notifications
You must be signed in to change notification settings - Fork 582
/
writePipelineEnv.go
134 lines (115 loc) · 3.29 KB
/
writePipelineEnv.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
package cmd
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/sha256"
b64 "encoding/base64"
"encoding/json"
"fmt"
"github.com/SAP/jenkins-library/pkg/config"
"io"
"os"
"path/filepath"
"github.com/SAP/jenkins-library/pkg/log"
"github.com/SAP/jenkins-library/pkg/piperenv"
"github.com/spf13/cobra"
)
// WritePipelineEnv Serializes the commonPipelineEnvironment JSON to disk
func WritePipelineEnv() *cobra.Command {
var stepConfig artifactPrepareVersionOptions
var encryptedCPE bool
metadata := artifactPrepareVersionMetadata()
writePipelineEnv := &cobra.Command{
Use: "writePipelineEnv",
Short: "Serializes the commonPipelineEnvironment JSON to disk",
PreRun: func(cmd *cobra.Command, args []string) {
path, _ := os.Getwd()
fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
log.RegisterHook(fatalHook)
err := PrepareConfig(cmd, &metadata, "", &stepConfig, config.OpenPiperFile)
if err != nil {
log.SetErrorCategory(log.ErrorConfiguration)
return
}
log.RegisterSecret(stepConfig.Password)
log.RegisterSecret(stepConfig.Username)
},
Run: func(cmd *cobra.Command, args []string) {
err := runWritePipelineEnv(stepConfig.Password, encryptedCPE)
if err != nil {
log.Entry().Fatalf("error when writing common Pipeline environment: %v", err)
}
},
}
writePipelineEnv.Flags().BoolVar(&encryptedCPE, "encryptedCPE", false, "Bool to use encryption in CPE")
return writePipelineEnv
}
func runWritePipelineEnv(stepConfigPassword string, encryptedCPE bool) error {
var err error
pipelineEnv, ok := os.LookupEnv("PIPER_pipelineEnv")
inBytes := []byte(pipelineEnv)
if !ok {
var err error
inBytes, err = io.ReadAll(os.Stdin)
if err != nil {
return err
}
}
if len(inBytes) == 0 {
return nil
}
// try to decrypt
if encryptedCPE {
log.Entry().Debug("trying to decrypt CPE")
if stepConfigPassword == "" {
return fmt.Errorf("empty stepConfigPassword")
}
inBytes, err = decrypt([]byte(stepConfigPassword), inBytes)
if err != nil {
log.Entry().Fatal(err)
}
}
commonPipelineEnv := piperenv.CPEMap{}
decoder := json.NewDecoder(bytes.NewReader(inBytes))
decoder.UseNumber()
err = decoder.Decode(&commonPipelineEnv)
if err != nil {
return err
}
rootPath := filepath.Join(GeneralConfig.EnvRootPath, "commonPipelineEnvironment")
err = commonPipelineEnv.WriteToDisk(rootPath)
if err != nil {
return err
}
writtenBytes, err := json.MarshalIndent(commonPipelineEnv, "", "\t")
if err != nil {
return err
}
_, err = os.Stdout.Write(writtenBytes)
if err != nil {
return err
}
return nil
}
func decrypt(secret, base64CipherText []byte) ([]byte, error) {
// decode from base64
cipherText, err := b64.StdEncoding.DecodeString(string(base64CipherText))
if err != nil {
return nil, fmt.Errorf("failed to decode from base64: %v", err)
}
// use SHA256 as key
key := sha256.Sum256(secret)
block, err := aes.NewCipher(key[:])
if err != nil {
return nil, fmt.Errorf("failed to create new cipher: %v", err)
}
if len(cipherText) < aes.BlockSize {
return nil, fmt.Errorf("invalid ciphertext block size")
}
iv := cipherText[:aes.BlockSize]
cipherText = cipherText[aes.BlockSize:]
stream := cipher.NewCFBDecrypter(block, iv)
stream.XORKeyStream(cipherText, cipherText)
return cipherText, nil
}