Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #16245 from rpastrana/HPCC-27790-logicregressionAz…
…ureLA HPCC-27830 Azure LogAccess use Secrets Reviewed-By: Anthony Fishbeck anthony.fishbeck@lexisnexisrisk.com Reviewed-by: Gavin Halliday <ghalliday@hpccsystems.com> Merged-by: Gavin Halliday <ghalliday@hpccsystems.com>
- Loading branch information
Showing
12 changed files
with
173 additions
and
55 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
66 changes: 66 additions & 0 deletions
66
helm/examples/azure/log-analytics/create-azure-logaccess-secret.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
#!/bin/bash | ||
WORK_DIR=$(dirname $0) | ||
source ${WORK_DIR}/env-loganalytics | ||
|
||
k8scommand="kubectl" | ||
secretname="azure-logaccess" | ||
secretsdir="${WORK_DIR}/secrets-templates" | ||
|
||
usage() | ||
{ | ||
echo "Creates necessary k8s secret used by HPCC's logAccess to access Azure Log Analytics" | ||
echo "> create-azure-logaccess-secret.sh [Options]" | ||
echo "" | ||
echo "Options:" | ||
echo "-d Specifies directory containing required secret values in self named files." | ||
echo " Defaults to <workingdir>/<${secretssubdir}>" | ||
echo "-h Print Usage message" | ||
echo "" | ||
echo "Requires directory containing secret values in dedicated files." | ||
echo "Defaults to ${secretssubdir} if not specified via -d option." | ||
echo "" | ||
echo "Expected directory structure:" | ||
echo "${secretsdir}/" | ||
echo " aad-client-id - Should contain the ID of the AAD registered Application" | ||
echo " aad-tenant-id - Should contain the subscription tenant of theAAD registered Application" | ||
echo " aad-client-secret - Should contain access secret provided by AAD registered Application" | ||
echo " ala-workspace-id - Should contain target Azure Log Analytics workspace ID. (Optional if provided in LogAccess configuration)" | ||
} | ||
|
||
while [ "$#" -gt 0 ]; do | ||
arg=$1 | ||
case "${arg}" in | ||
-h) | ||
usage | ||
exit | ||
;; | ||
-d) shift | ||
secretsdir=$1 | ||
;; | ||
esac | ||
shift | ||
done | ||
|
||
echo "Creating '${secretname}' secret." | ||
|
||
command -v ${k8scommand} >/dev/null 2>&1 || { echo >&2 "Aborting - '${k8scommand}' not found!"; exit 1; } | ||
|
||
errormessage=$(${k8scommand} get secret ${secretname} 2>&1) | ||
if [[ $? -eq 0 ]] | ||
then | ||
echo "WARNING: Target secret '${secretname}' already exists! Delete it and re-run if secret update desired." | ||
echo "${errormessage}" | ||
exit 1 | ||
fi | ||
|
||
errormessage=$(${k8scommand} create secret generic ${secretname} --from-file=${secretsdir}) | ||
if [[ $? -ne 0 ]] | ||
then | ||
echo "Error creating: Target secret '${secretname}'!" | ||
echo >&2 | ||
usage | ||
exit 1 | ||
else | ||
echo "Target secret '${secretname}' successfully created!" | ||
${k8scommand} get secret ${secretname} | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
8 changes: 8 additions & 0 deletions
8
helm/examples/azure/log-analytics/loganalytics-logaccess-secrets.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
secrets: | ||
esp: | ||
azure-logaccess: "azure-logaccess" | ||
vaults: | ||
esp: | ||
- name: my-azure-logaccess-vault | ||
url: http://${env.VAULT_SERVICE_HOST}:${env.VAULT_SERVICE_PORT}/v1/secret/data/esp/${secret} | ||
kind: kv-v2 |
1 change: 1 addition & 0 deletions
1
helm/examples/azure/log-analytics/secrets-templates/aad-client-id
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{Azure Active Directory registered Application's ID goes here} |
1 change: 1 addition & 0 deletions
1
helm/examples/azure/log-analytics/secrets-templates/aad-client-secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{Azure Active Directory registered Application provided secret goes here} |
1 change: 1 addition & 0 deletions
1
helm/examples/azure/log-analytics/secrets-templates/aad-tenant-id
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{Azure Active Directory registered Application's Tenant (or directory) ID goes here} |
1 change: 1 addition & 0 deletions
1
helm/examples/azure/log-analytics/secrets-templates/ala-workspace-id
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{Azure Log Analytics workspace ID goes here} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters