Merge branch 'main' into MADROX-390

VERSION

@@ -1 +1 @@
-4.3.42
+4.3.52

components/automate-backend-deployment/README.md

@@ -4,4 +4,4 @@ This provides the `automate-backend-deployment` package.
 
 This package will build a package using terraform/a2ha-terraform, inspecs, test, certs and Makefile.
 
-This is the heart of the a2ha because this component will set up a workspace for a2ha and all the a2ha command will get available after installing this package.
+This is the heart of the a2ha because this component will set up a workspace for a2ha and all the a2ha command will get available after installing this package

components/automate-backend-deployment/habitat/plan.sh

@@ -27,7 +27,7 @@ pkg_deps=(
 )
 
 pkg_build_deps=(
-  core/gcc
+  core/gcc 
 )
 
 # workaround for https://github.com/habitat-sh/habitat/issues/6341

components/automate-cli/cmd/chef-automate/automateConfigUtils.go

@@ -1,9 +1,14 @@
 package main
 
 import (
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"io/ioutil"
 	"net"
 	"path/filepath"
 
+	"github.com/chef/automate/components/automate-cli/pkg/status"
 	ptoml "github.com/pelletier/go-toml"
 	"github.com/pkg/errors"
 )
@@ -40,3 +45,48 @@ func checkIPAddress(ip string) error {
 		return nil
 	}
 }
+
+func getExistingInfraConfig(configPath string) (*ExistingInfraConfigToml, error) {
+	templateBytes, err := ioutil.ReadFile(configPath) // nosemgrep
+	if err != nil {
+		return nil, status.Wrap(err, status.FileAccessError, "error in reading config toml file")
+	}
+	config := ExistingInfraConfigToml{}
+	err = ptoml.Unmarshal(templateBytes, &config)
+	if err != nil {
+		return nil, status.Wrap(err, status.ConfigError, "error in unmarshalling config toml file")
+	}
+	return &config, nil
+}
+
+func getAwsConfig(configPath string) (*AwsConfigToml, error) {
+	templateBytes, err := ioutil.ReadFile(configPath) // nosemgrep
+	if err != nil {
+		return nil, status.Wrap(err, status.FileAccessError, "error in reading config toml file")
+	}
+	config := AwsConfigToml{}
+	err = ptoml.Unmarshal(templateBytes, &config)
+	if err != nil {
+		return nil, status.Wrap(err, status.ConfigError, "error in unmarshalling config toml file")
+	}
+	return &config, nil
+}
+
+func checkSharedConfigFile() bool {
+	if checkIfFileExist(filepath.Join(initConfigHabA2HAPathFlag.a2haDirPath, "config.toml")) {
+		return true
+	}
+	return false
+}
+
+func getDistinguishedNameFromKey(publicKey string) (pkix.Name, error) {
+	block, _ := pem.Decode([]byte(publicKey))
+	if block == nil {
+		return pkix.Name{}, status.New(status.ConfigError, "failed to decode certificate PEM")
+	}
+	cert, err := x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return pkix.Name{}, status.Wrap(err, status.ConfigError, "failed to parse certificate PEM")
+	}
+	return cert.Subject, nil
+}

components/automate-cli/cmd/chef-automate/automateConstants.go

@@ -36,3 +36,28 @@ const AUTOMATE_HA_ES_CAR = "automate-ha-elasticsidecar"
 const ORIGIN_PATTERN = `[a-zA-z0-9]*`
 const PACKAGE_NAME_PATTERN = `-[a-zA-Z0-9]*-.*-\d+\.`
 const RELEASE_AND_VERSION_PATTERN = `.*-(\d+\.\d+\.*\d*)-(\d{14})-.*\.hart$`
+
+const (
+	FRONTEND_COMMANDS = `
+	sudo chef-automate config patch /tmp/%s;
+	export TIMESTAMP=$(date +'%s');
+	sudo mv /etc/chef-automate/config.toml /etc/chef-automate/config.toml.$TIMESTAMP;
+	sudo chef-automate config show > sudo /etc/chef-automate/config.toml`
+
+	BACKEND_COMMAND = `
+	export TIMESTAMP=$(date +"%s");
+	echo "yes" | sudo hab config apply automate-ha-%s.default  $(date '+%s') /tmp/%s;
+	`
+
+	GET_CONFIG = `
+	source <(sudo cat /hab/sup/default/SystemdEnvironmentFile.sh);
+	automate-backend-ctl show --svc=automate-ha-%s | tail -n +2
+	`
+
+	GET_FRONTEND_CONFIG = `sudo chef-automate config show`
+
+	GET_APPLIED_CONFIG = `
+	source <(sudo cat /hab/sup/default/SystemdEnvironmentFile.sh);
+	automate-backend-ctl applied --svc=automate-ha-%s
+	`
+)

components/automate-cli/cmd/chef-automate/automateHADeployExistingInfra.go

@@ -2,9 +2,6 @@ package main
 
 import (
 	"container/list"
-	"crypto/x509"
-	"crypto/x509/pkix"
-	"encoding/pem"
 	"fmt"
 	"io/ioutil"
 	"strings"
@@ -78,15 +75,15 @@ func (e *existingInfra) addDNTocertConfig() error {
 	if e.config.Opensearch.Config.EnableCustomCerts {
 		//If AdminCert is given then get the admin_dn from the cert
 		if len(strings.TrimSpace(e.config.Opensearch.Config.AdminCert)) > 0 {
-			admin_dn, err := e.getDistinguishedNameFromKey(e.config.Opensearch.Config.AdminCert)
+			admin_dn, err := getDistinguishedNameFromKey(e.config.Opensearch.Config.AdminCert)
 			if err != nil {
 				return err
 			}
 			e.config.Opensearch.Config.AdminDn = fmt.Sprintf("%v", admin_dn)
 		}
 		//If PublicKey is given then get the nodes_dn from the cert
 		if len(strings.TrimSpace(e.config.Opensearch.Config.PublicKey)) > 0 {
-			nodes_dn, err := e.getDistinguishedNameFromKey(e.config.Opensearch.Config.PublicKey)
+			nodes_dn, err := getDistinguishedNameFromKey(e.config.Opensearch.Config.PublicKey)
 			if err != nil {
 				return err
 			}
@@ -98,7 +95,7 @@ func (e *existingInfra) addDNTocertConfig() error {
 			//If PublicKey is given then get the nodes_dn from the cert
 			publicKey := e.config.Opensearch.Config.CertsByIP[i].PublicKey
 			if len(strings.TrimSpace(publicKey)) > 0 {
-				nodes_dn, err := e.getDistinguishedNameFromKey(publicKey)
+				nodes_dn, err := getDistinguishedNameFromKey(publicKey)
 				if err != nil {
 					return err
 				}
@@ -109,18 +106,6 @@ func (e *existingInfra) addDNTocertConfig() error {
 	return nil
 }
 
-func (e *existingInfra) getDistinguishedNameFromKey(publicKey string) (pkix.Name, error) {
-	block, _ := pem.Decode([]byte(publicKey))
-	if block == nil {
-		return pkix.Name{}, status.New(status.ConfigError, "failed to decode certificate PEM")
-	}
-	cert, err := x509.ParseCertificate(block.Bytes)
-	if err != nil {
-		return pkix.Name{}, status.Wrap(err, status.ConfigError, "failed to parse certificate PEM")
-	}
-	return cert.Subject, nil
-}
-
 func (e *existingInfra) getConfigPath() string {
 	return e.configPath
 }
@@ -247,24 +232,7 @@ func (e *existingInfra) validateExternalDbFields() *list.List {
 	return errorList
 }
 
-func extractIPsFromCertsByIP(certsByIp []struct {
-	IP         string `toml:"ip"`
-	PrivateKey string `toml:"private_key"`
-	PublicKey  string `toml:"public_key"`
-}) []string {
-	ips := []string{}
-	for _, el := range certsByIp {
-		ips = append(ips, el.IP)
-	}
-	return ips
-}
-
-func extractIPsFromCertsByIPOpensearch(certsByIp []struct {
-	IP         string `toml:"ip"`
-	PrivateKey string `toml:"private_key"`
-	PublicKey  string `toml:"public_key"`
-	NodesDn    string `toml:"nodes_dn"`
-}) []string {
+func extractIPsFromCertsByIP(certsByIp []CertByIP) []string {
 	ips := []string{}
 	for _, el := range certsByIp {
 		ips = append(ips, el.IP)
@@ -362,7 +330,7 @@ func (e *existingInfra) validateCerts() *list.List {
 				len(strings.TrimSpace(e.config.Opensearch.Config.AdminCert)) < 1 {
 				errorList.PushBack("Opensearch root_ca, admin_key or admin_cert is missing. Set custom_certs_enabled to false to continue without custom certificates.")
 			}
-			if !stringutils.SubSlice(e.config.ExistingInfra.Config.OpensearchPrivateIps, extractIPsFromCertsByIPOpensearch(e.config.Opensearch.Config.CertsByIP)) {
+			if !stringutils.SubSlice(e.config.ExistingInfra.Config.OpensearchPrivateIps, extractIPsFromCertsByIP(e.config.Opensearch.Config.CertsByIP)) {
 				errorList.PushBack("Missing certificates for some Opensearch private ips. Please make sure certificates for the following ips are provided in certs_by_ip: " + strings.Join(e.config.ExistingInfra.Config.OpensearchPrivateIps, ", "))
 			}
 			// check if all the certs are valid for given IPs