HPCC-27830 Code review changes

Signed-off-by: Rodrigo Pastrana <rodrigo.pastrana@lexisnexisrisk.com>
hpcc-systems · Jun 24, 2022 · 6e41de3 · 6e41de3
1 parent 8fa27dd
commit 6e41de3
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 12 deletions.
diff --git a/helm/examples/azure/log-analytics/README.md b/helm/examples/azure/log-analytics/README.md
@@ -8,16 +8,16 @@ HPCC has several components which fetch HPCC component logs via the HPCC LogAcce
 
 ## Quickstart
 ### 1 - Enabling Log Analytics
-Once these two steps are completed, HPCC component logs should be routed to Azure Log Analytics and should be accessible via the Portal
+Once these two steps are completed, HPCC component logs should be routed to Azure Log Analytics and accessible via the Portal
 #### a - Provide required information in env-loganalytics
 The user should populate the following values in order to create a new Azure Log Analytics workspace, associate it with a target AKS cluster, and enable to processing of logs
 
 - LOGANALYTICS_WORKSPACE_NAME (Desired name for the Azure LogAnalytics workspace to be associated with target AKS cluster)
  New workspace will be created if it does not exist
 - LOGANALYTICS_RESOURCE_GROUP (The Azure resource group associated with the target AKS cluster)
  New workspace will be associated with this resource group
-- AKS_CLUSTER_NAME () Name of the target AKS cluster to associate log analytics workspace)
--TAGS - The tags associated with the new workspace
+- AKS_CLUSTER_NAME (Name of the target AKS cluster to associate log analytics workspace)
+- TAGS - The tags associated with the new workspace
      For example: "admin=MyName email=my.email@mycompany.com environment=myenv justification=testing"
 - AZURE_SUBSCRIPTION (Optional - Ensures this subscription is set before creating the new workspace)
 
@@ -43,15 +43,16 @@ The following kv pairs are supported
 - aad-client-secret
 - ala-workspace-id
 
-Example secret creation command (assuming ./secrets contains a file named exactly as the above keys):
+Example secret creation command (assuming ./secrets-templates contains a file named exactly as the above keys):
 ```console
-  kubectl create secret generic azure-logaccess --from-file=HPCC-Platform/helm/examples/azure/log-analytics/secrets/
+  kubectl create secret generic azure-logaccess --from-file=HPCC-Platform/helm/examples/azure/log-analytics/secrets-templates/
 ```
 
 #### c - Configure HPCC logAccess
-The target HPCC deployment should be directed to target the above Azure Log Analytics workspace by providing appropriate logAccess values (such as ./loganalytics-hpcc-logaccess.yaml)
+The target HPCC deployment should be directed to target the above Azure Log Analytics workspace by providing appropriate logAccess values (such as ./loganalytics-hpcc-logaccess.yaml). The previously created azure-logaccess secret must be declared and associated with the esp category, this can be accomplished via secrets value yaml (such as ./loganalytics-logaccess-secrets.yaml)
 
 Example use:
 ```console
-  helm install myhpcc hpcc/hpcc -f HPCC-Platform/helm/examples/azure/log-analytics/loganalytics-hpcc-logaccess.yaml
-```
+  helm install myhpcc hpcc/hpcc -f HPCC-Platform/helm/examples/azure/log-analytics/loganalytics-hpcc-logaccess.yaml -f  HPCC-Platform/helm/examples/azure/log-analytics/loganalytics-logaccess-secrets.yaml
+```
+
diff --git a/helm/examples/azure/log-analytics/loganalytics-logaccess-secrets.yaml b/helm/examples/azure/log-analytics/loganalytics-logaccess-secrets.yaml
@@ -0,0 +1,8 @@
+secrets:
+  esp:
+    azure-logaccess: "azure-logaccess"
+vaults:
+  esp:
+  - name: azure-logaccess
+    url: http://${env.VAULT_SERVICE_HOST}:${env.VAULT_SERVICE_PORT}/v1/secret/data/esp/${secret}
+    kind: kv-v2
diff --git a/...azure/log-analytics/secrets/aad-client-id → ...analytics/secrets-templates/aad-client-id b/...azure/log-analytics/secrets/aad-client-id → ...analytics/secrets-templates/aad-client-id
diff --git a/...e/log-analytics/secrets/aad-client-secret → ...ytics/secrets-templates/aad-client-secret b/...e/log-analytics/secrets/aad-client-secret → ...ytics/secrets-templates/aad-client-secret
diff --git a/...azure/log-analytics/secrets/aad-tenant-id → ...analytics/secrets-templates/aad-tenant-id b/...azure/log-analytics/secrets/aad-tenant-id → ...analytics/secrets-templates/aad-tenant-id
diff --git a/...re/log-analytics/secrets/ala-workspace-id → ...lytics/secrets-templates/ala-workspace-id b/...re/log-analytics/secrets/ala-workspace-id → ...lytics/secrets-templates/ala-workspace-id
diff --git a/system/logaccess/Azure/LogAnalytics/CurlClient/AzureLogAnalyticsCurlClient.cpp b/system/logaccess/Azure/LogAnalytics/CurlClient/AzureLogAnalyticsCurlClient.cpp
@@ -265,7 +265,11 @@ AzureLogAnalyticsCurlClient::AzureLogAnalyticsCurlClient(IPropertyTree & logAcce
 {
     PROGLOG("%s: Resolving all required configuration values...", COMPONENT_NAME);
 
-    getSecretValue(m_aadTenantID.clear(), azureLogAccessSecretCategory, azureLogAccessSecretName, azureLogAccessSecretAADTenantID, true);
+    Owned<IPropertyTree> secretTree = getSecret(azureLogAccessSecretCategory, azureLogAccessSecretName);
+    if (!secretTree)
+        throw makeStringExceptionV(-1, "%s: Could not fetch %s information!", COMPONENT_NAME, azureLogAccessSecretName);
+
+    getSecretKeyValue(m_aadTenantID.clear(), secretTree, azureLogAccessSecretAADTenantID);
     if (m_aadTenantID.isEmpty())
     {
         WARNLOG("%s: Could not find '%s.%s' secret value!", COMPONENT_NAME, azureLogAccessSecretName, azureLogAccessSecretAADTenantID);
@@ -274,7 +278,7 @@ AzureLogAnalyticsCurlClient::AzureLogAnalyticsCurlClient(IPropertyTree & logAcce
             throw makeStringExceptionV(-1, "%s: Could not find AAD Tenant ID, provide it as part of '%s.%s' secret, or connection/@tenantID in AzureClient LogAccess configuration!", COMPONENT_NAME, azureLogAccessSecretName, azureLogAccessSecretAADTenantID);
     }
 
-    getSecretValue(m_aadClientID.clear(), azureLogAccessSecretCategory, azureLogAccessSecretName, azureLogAccessSecretAADClientID, true);
+    getSecretKeyValue(m_aadClientID.clear(), secretTree, azureLogAccessSecretAADClientID);
     if (m_aadClientID.isEmpty())
     {
         WARNLOG("%s: Could not find '%s.%s' secret value!", COMPONENT_NAME, azureLogAccessSecretName, azureLogAccessSecretAADClientID);
@@ -284,13 +288,13 @@ AzureLogAnalyticsCurlClient::AzureLogAnalyticsCurlClient(IPropertyTree & logAcce
           throw makeStringExceptionV(-1, "%s: Could not find AAD Client ID, provide it as part of %s.%s secret, or connection/@clientID in AzureClient LogAccess configuration!", COMPONENT_NAME, azureLogAccessSecretName, azureLogAccessSecretAADClientID);
     }
 
-    getSecretValue(m_aadClientSecret.clear(), azureLogAccessSecretCategory, azureLogAccessSecretName, azureLogAccessSecretAADClientSecret, true);
+    getSecretKeyValue(m_aadClientSecret.clear(),secretTree, azureLogAccessSecretAADClientSecret);
     if (m_aadClientSecret.isEmpty())
     {
         throw makeStringExceptionV(-1, "%s: Required secret '%s.%s' not found!", COMPONENT_NAME, azureLogAccessSecretName, azureLogAccessSecretAADClientSecret);
     }
 
-    getSecretValue(m_logAnalyticsWorkspaceID.clear(), azureLogAccessSecretCategory, azureLogAccessSecretName, azureLogAccessSecretWorkspaceID, true);
+    getSecretKeyValue(m_logAnalyticsWorkspaceID.clear(), secretTree, azureLogAccessSecretWorkspaceID);
     if (m_logAnalyticsWorkspaceID.isEmpty())
     {
         WARNLOG("%s: Could not find '%s.%s' secret value!", COMPONENT_NAME, azureLogAccessSecretName, azureLogAccessSecretWorkspaceID);