From f00f0655dd0811e7f3ee04db3387c23df2927202 Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 22 Jul 2024 16:50:24 -0700 Subject: [PATCH 1/3] Update md --- docs/deploy-development-rp.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/deploy-development-rp.md b/docs/deploy-development-rp.md index edad0dcdd..e6b6a8699 100644 --- a/docs/deploy-development-rp.md +++ b/docs/deploy-development-rp.md @@ -51,6 +51,9 @@ SECRET_SA_ACCOUNT_NAME=rharosecretsdev make secrets ``` +1. Run [msi.sh](../hack/devtools/msi.sh) to create a service principal and self-signed certificate to +mock a cluster MSI. Save the output values for `Client ID`, `Base64 Encoded Certificate`, and `Tenant`. + 1. Copy, edit (if necessary) and source your environment file. The required environment variable configuration is documented immediately below: @@ -64,6 +67,9 @@ `eastus`). * `RP_MODE`: Set to `development` to use a development RP running at https://localhost:8443/. + * `MOCK_MSI_CLIENT_ID`: Client ID for service principal that mocks cluster MSI (see previous step). + * `MOCK_MSI_CERT`: Base64 encoded certificate for service principal that mocks cluster MSI (see previous step). + * `MOCK_MSI_TENANT_ID`: Tenant ID for service principal that mocks cluster MSI (see previous step). 1. Create your own RP database: From b364f27ae1c30ce990ee0506fdf3573ece58b43d Mon Sep 17 00:00:00 2001 From: Nicolas Ontiveros Date: Mon, 22 Jul 2024 17:04:00 -0700 Subject: [PATCH 2/3] Update local_dev_env.sh --- hack/devtools/local_dev_env.sh | 56 +++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/hack/devtools/local_dev_env.sh b/hack/devtools/local_dev_env.sh index 2d3335c43..ebfa84520 100755 --- a/hack/devtools/local_dev_env.sh +++ b/hack/devtools/local_dev_env.sh @@ -39,7 +39,58 @@ ask_to_create_default_env_config() { fi } +# We use a service principal and certificate as the mock MSI object +create_mock_msi() { + appName="mock-msi-$(openssl rand -base64 9 | tr -dc 'a-zA-Z0-9' | head -c 6)" + az ad sp create-for-rbac --name $appName --create-cert --output json +} + +get_mock_msi_clientID() { + echo "$1" | jq -r .appId +} + +get_mock_msi_tenantID() { + echo "$1" | jq -r .tenant +} + +get_mock_msi_cert() { + certFilePath=$(echo "$1" | jq -r '.fileWithCertAndPrivateKey') + base64EncodedCert=$(base64 -w 0 $certFilePath) + rm $certFilePath + echo $base64EncodedCert +} + create_env_file() { + local answer + read -p "Do you want to create an env file for Managed/Workload identity development? " answer + if [[ "$answer" == "y" || "$answer" == "Y" ]]; then + create_miwi_env_file + else + create_regular_env_file + fi +} + +create_miwi_env_file() { + echo "INFO: Creating default env config file for managed/workload identity development..." + + mockMSI=$(create_mock_msi) + mockClientID=$(get_mock_msi_clientID "$mockMSI") + mockTenantID=$(get_mock_msi_tenantID "$mockMSI") + mockCert=$(get_mock_msi_cert "$mockMSI") + + cat >env <env < Date: Mon, 22 Jul 2024 17:08:31 -0700 Subject: [PATCH 3/3] Add msi.sh --- hack/devtools/msi.sh | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100755 hack/devtools/msi.sh diff --git a/hack/devtools/msi.sh b/hack/devtools/msi.sh new file mode 100755 index 000000000..debc7a049 --- /dev/null +++ b/hack/devtools/msi.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# This script creates a mock MSI object to use for local development +# We use a service principal and certificate as the mock object + +scriptPath=$(realpath "$0") +scriptDir=$(dirname "$scriptPath") + +source "$scriptDir/local_dev_env.sh" + +sp=$(create_mock_msi) +if [[ -z "$sp" ]]; then + echo "Failed to create mock MSI object" + exit 1 +fi +clientID=$(get_mock_msi_clientID "$sp") +tenantID=$(get_mock_msi_tenantID "$sp") +base64EncodedCert=$(get_mock_msi_cert "$sp") + +# Print the extracted values +echo "Client ID: $clientID" +echo "Tenant ID: $tenantID" +echo "Base64 Encoded Certificate: $base64EncodedCert" \ No newline at end of file