Allow passing secrets prefix as an argument
Add a second argument to the credentials utility script
so that is possible to generate credentials with different
prefixes.
Change-Id: I4a06e72dbc7c2aab64139dc2219b80a7d987db90
diff --git a/gerrit/add_secrets_aws_secrets_manager.sh b/gerrit/add_secrets_aws_secrets_manager.sh
index 9efed9d..b6e93d3 100755
--- a/gerrit/add_secrets_aws_secrets_manager.sh
+++ b/gerrit/add_secrets_aws_secrets_manager.sh
@@ -9,7 +9,7 @@
# Avoid to open output in less for each AWS command
export AWS_PAGER=;
-KEY_PREFIX=gerrit_secret
+KEY_PREFIX=${2:-gerrit_secret}
echo "Adding SSH Keys..."
diff --git a/gerrit/setup_gerrit.py b/gerrit/setup_gerrit.py
index 5281320..c48d02f 100755
--- a/gerrit/setup_gerrit.py
+++ b/gerrit/setup_gerrit.py
@@ -77,7 +77,7 @@
"ssh_host_rsa_key.pub"
]
-GERRIT_KEY_PREFIX = "gerrit_secret_"
+GERRIT_KEY_PREFIX = os.getenv("GERRIT_KEY_PREFIX", "gerrit_secret")
GERRIT_CONFIG_DIRECTORY = "/var/gerrit/etc/"
print("Installing SSH Keys from Secret Manager in directory: " +
@@ -85,7 +85,7 @@
for secretId in secretIds:
print("* Installing SSH Key: " + secretId)
with open(GERRIT_CONFIG_DIRECTORY + secretId, 'w', encoding='utf-8') as f:
- f.write(get_secret(GERRIT_KEY_PREFIX + secretId))
+ f.write(get_secret(GERRIT_KEY_PREFIX + "_" + secretId))
if setupReplication:
GERRIT_SSH_DIRECTORY = "/var/gerrit/.ssh"
@@ -112,9 +112,9 @@
encoding='utf-8') as f:
f.write(template.render(
REGISTER_EMAIL_PRIVATE_KEY=get_secret(
- GERRIT_KEY_PREFIX + "registerEmailPrivateKey"),
- LDAP_PASSWORD=get_secret(GERRIT_KEY_PREFIX + "ldapPassword"),
- SMTP_PASSWORD=get_secret(GERRIT_KEY_PREFIX + "smtpPassword"))
+ GERRIT_KEY_PREFIX + "_registerEmailPrivateKey"),
+ LDAP_PASSWORD=get_secret(GERRIT_KEY_PREFIX + "_ldapPassword"),
+ SMTP_PASSWORD=get_secret(GERRIT_KEY_PREFIX + "_smtpPassword"))
)
BASE_CONFIG_DIR = "/tmp"
@@ -126,7 +126,7 @@
config_for_template = {}
try:
# If we don't need the monitoring stack we can avoid to set this token
- prometheus_bearer_token = get_secret(GERRIT_KEY_PREFIX + "prometheus_bearer_token")
+ prometheus_bearer_token = get_secret(GERRIT_KEY_PREFIX + "_prometheus_bearer_token")
config_for_template['PROMETHEUS_BEARER_TOKEN'] = prometheus_bearer_token
except ClientError as e:
if e.response['Error']['Code'] == 'ResourceNotFoundException':
diff --git a/master-slave/Makefile b/master-slave/Makefile
index aa87fc3..ee5ec6f 100644
--- a/master-slave/Makefile
+++ b/master-slave/Makefile
@@ -38,7 +38,8 @@
ParameterKey=Subdomain,ParameterValue=$(MASTER_SUBDOMAIN) \
ParameterKey=DockerRegistryUrl,ParameterValue=$(DOCKER_REGISTRY_URI) \
ParameterKey=CertificateArn,ParameterValue=$(SSL_CERTIFICATE_ARN) \
- ParameterKey=SlaveServiceStackName,ParameterValue=$(SERVICE_SLAVE_STACK_NAME)
+ ParameterKey=SlaveServiceStackName,ParameterValue=$(SERVICE_SLAVE_STACK_NAME) \
+ ParameterKey=GerritKeyPrefix,ParameterValue=$(GERRIT_KEY_PREFIX)
service-slave:
$(AWS_FC_COMMAND) create-stack \
@@ -51,7 +52,8 @@
ParameterKey=HostedZoneName,ParameterValue=$(HOSTED_ZONE_NAME) \
ParameterKey=Subdomain,ParameterValue=$(SLAVE_SUBDOMAIN) \
ParameterKey=DockerRegistryUrl,ParameterValue=$(DOCKER_REGISTRY_URI) \
- ParameterKey=CertificateArn,ParameterValue=$(SSL_CERTIFICATE_ARN)
+ ParameterKey=CertificateArn,ParameterValue=$(SSL_CERTIFICATE_ARN) \
+ ParameterKey=GerritKeyPrefix,ParameterValue=$(GERRIT_KEY_PREFIX)
dns-routing:
$(AWS_FC_COMMAND) create-stack \
diff --git a/master-slave/cf-service-master.yml b/master-slave/cf-service-master.yml
index 43af4e8..68f1bf8 100644
--- a/master-slave/cf-service-master.yml
+++ b/master-slave/cf-service-master.yml
@@ -52,6 +52,9 @@
Description: The subdomain of the Gerrit cluster
Type: String
Default: gerrit-master-demo
+ GerritKeyPrefix:
+ Description: Gerrit credentials keys prefix
+ Type: String
GerritGitVolume:
Description: Gerrit git volume name
Type: String
@@ -117,6 +120,8 @@
Value: !Ref AWS::Region
- Name: SETUP_REPLICATION
Value: true
+ - Name: GERRIT_KEY_PREFIX
+ Value: !Ref GerritKeyPrefix
MountPoints:
- SourceVolume: !Ref GerritGitVolume
ContainerPath: /var/gerrit/git
diff --git a/single-master/Makefile b/single-master/Makefile
index 53237da..4db2552 100644
--- a/single-master/Makefile
+++ b/single-master/Makefile
@@ -33,7 +33,8 @@
ParameterKey=HostedZoneName,ParameterValue=$(HOSTED_ZONE_NAME) \
ParameterKey=Subdomain,ParameterValue=$(SUBDOMAIN) \
ParameterKey=DockerRegistryUrl,ParameterValue=$(DOCKER_REGISTRY_URI) \
- ParameterKey=CertificateArn,ParameterValue=$(SSL_CERTIFICATE_ARN)
+ ParameterKey=CertificateArn,ParameterValue=$(SSL_CERTIFICATE_ARN) \
+ ParameterKey=GerritKeyPrefix,ParameterValue=$(GERRIT_KEY_PREFIX)
dns-routing:
$(AWS_FC_COMMAND) create-stack \
diff --git a/single-master/README.md b/single-master/README.md
index f330239..0077248 100644
--- a/single-master/README.md
+++ b/single-master/README.md
@@ -126,7 +126,9 @@
You can now run the [script](../gerrit/add_secrets_aws_secrets_manager.sh) to
upload them to AWS Secret Manager:
-`add_secrets_aws_secrets_manager.sh /path/to/your/keys/directory`
+`add_secrets_aws_secrets_manager.sh /path/to/your/keys/directory secret_prefix`
+
+When `secret_prefix` is omitted, it is set to `gerrit_secret` by default.
### Publish custom Gerrit Docker image
diff --git a/single-master/cf-service.yml b/single-master/cf-service.yml
index 00bbd83..80a06dc 100644
--- a/single-master/cf-service.yml
+++ b/single-master/cf-service.yml
@@ -45,6 +45,9 @@
Description: The subdomain of the Gerrit cluster
Type: String
Default: gerrit-master-demo
+ GerritKeyPrefix:
+ Description: Gerrit credentials keys prefix
+ Type: String
GerritGitVolume:
Description: Gerrit git volume name
Type: String
@@ -108,6 +111,8 @@
Value: !Sub 'proxy-https://*:${HTTPPort}/'
- Name: AWS_REGION
Value: !Ref AWS::Region
+ - Name: GERRIT_KEY_PREFIX
+ Value: !Ref GerritKeyPrefix
MountPoints:
- SourceVolume: !Ref GerritGitVolume
ContainerPath: /var/gerrit/git