-
Notifications
You must be signed in to change notification settings - Fork 0
/
lib.sh
1448 lines (1237 loc) · 53.4 KB
/
lib.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
################################################
# encode_b64_file function
# @param 1:
# return the encoded (base64) input parameter
#
function encode_b64_file() {
local lf_in_file=$1
local lf_encoded=""
lf_encoded=$(cat $lf_in_file | base64 -w 0)
echo $lf_encoded
}
################################################
# simple logging with colors
# @param 1: level (info/error/warn/wait/check/ok/no)
function mylog() {
local lf_spaces=$(printf "%0.s " $(seq 1 $SC_SPACES_COUNTER))
# prefix
local p=
# do not output the trailing newline
local w=
# suffix
local s=
case $1 in
info) c=2;; #green
error) c=1 #red
p='ERROR: ';;
warn) c=3;; #yellow
debug) c=8 #grey
p='CMD: ';;
wait) c=4 #purple
p="$(date) ";;
check) c=6 #cyan
w=-n
s=...;;
ok) c=2 #green
p=OK;;
no) c=3 #yellow
p=NO;;
default) c=9 #default
p='';;
esac
shift
echo $w "$(tput setaf $c)$lf_spaces$p$@$s$(tput setaf 9)"
}
################################################
# assert that variable is defined
# @param 1 name of variable
# @param 2 error message, or name of method to call if begins with "fix"
function var_fail() {
if eval test -z '$'$1; then
mylog error "missing config variable: $1" 1>&2
case "$2" in
fix* | echo*) eval $2 ;;
"") ;;
*) mylog log "$2" 1>&2 ;;
esac
exit 1
fi
}
#########################################################################
# Print message with levels
# @param 1:
# @param 2:
function decho () {
local lf_in_messagelevel=$1
shift 1
if [ -n "$ADEBUG" ]; then
if [ $TRACELEVEL -ge $lf_in_messagelevel ]; then
mylog debug "$@"
fi
fi
}
#########################################################################
# check if openshift version available
# check_openshift_version v1 returns 0 if v1 does not exist 1 if v1 exist
# @param 1:
function check_openshift_version() {
local lf_in_version=$1
IFS='.' read -ra v_components <<<"$lf_in_version"
vmaj=${v_components[0]}
vmin=${v_components[1]}
res=$(ibmcloud ks versions -q --show-version Openshift --output json | jq --argjson vmaj "$vmaj" --argjson vmin "$vmin" '.openshift[] | select (.major == $vmaj and .minor == $vmin)')
echo $res
}
################################################
# Compare versions
# from chatgpt
# Compare two version strings as arguments and compares them component-wise.
# It uses the IFS (Internal Field Separator) to split the versions into components based on the dot ('.') separator.
# It then compares each component, determining whether the first version is older, newer, or equal to the second version.
# The script will output whether the first version is older, newer, or equal to the second version.
# cmp_versions v1 v2 returns 0 if v1=v2, 1 if v1 is older than v2, 2 if v1 is newer than v2
function cmp_versions() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :cmp_versions"
local lf_in_version1=$1
local lf_in_version2=$2
decho 3 "lf_in_version1=$lf_in_version1|lf_in_version2=$lf_in_version2"
IFS='.' read -ra v1_components <<<"$lf_in_version1"
IFS='.' read -ra v2_components <<<"$lf_in_version2"
local lf_len=${#v1_components[@]}
local lf_res=0
for ((i = 0; i < $lf_len; i++)); do
v1=${v1_components[i]:-0}
v2=${v2_components[i]:-0}
if [ "$v1" -lt "$v2" ]; then
#echo "$lf_in_version1 is older than $lf_in_version2"
lf_res=1
break
elif [ "$v1" -gt "$v2" ]; then
#echo "$lf_in_version1 is newer than $lf_in_version2"
lf_res=2
break
fi
done
#echo "$lf_in_version1 is equal to $lf_in_version2"
decho 3 "lf_res=$lf_res"
decho 3 "F:OUT:cmp_versions"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
return $lf_res
}
################################################
# Save a certificate in pem format from secret
# @param 1: namespace where the secret exist
# @param 2: name of the secret
# @param 3: Data in the secret that contains the certificate
# @param 4: Directory where to save the certificate
function save_certificate() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :save_certificate"
local lf_in_ns=$1
local lf_in_secret_name=$2
local lf_in_data_name=$3
local lf_in_destination_path=$4
local lf_data_normalised=$(sed 's/\./\\./g' <<< ${lf_in_data_name})
mylog info "Save certificate ${lf_in_secret_name} to ${lf_in_destination_path}${lf_in_secret_name}.${lf_in_data_name}.pem"
decho 6 "oc -n cp4i get secret ${lf_in_secret_name} -o jsonpath=\"{.data.$lf_data_normalised}\""
cert=$(oc -n cp4i get secret ${lf_in_secret_name} -o jsonpath="{.data.$lf_data_normalised}")
echo $cert | base64 --decode >"${lf_in_destination_path}${lf_in_secret_name}.${lf_in_data_name}.pem"
decho 3 "F:OUT:save_certificate"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
# Check that the CASE is already downloaded
# example pour filtrer avec conditions :
# avec jsonpath=$.[?(@.name=='ibm-licensing' && @.version=='4.2.1')]
# Pour tester une variable null : https://stackoverflow.com/questions/48261038/shell-script-how-to-check-if-variable-is-null-or-no
# @param 1:
# @param 2:
function is_case_downloaded() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :is_case_downloaded"
local lf_in_case=$1
local lf_in_version=$2
decho 3 "lf_in_case=$lf_in_case|lf_in_version=$lf_in_version"
local lf_result lf_latestversion lf_cmp lf_res
local lf_directory="${MY_IBMPAKDIR}${lf_in_case}/${lf_in_version}"
if [ ! -d "${lf_directory}" ]; then
lf_res=0
else
lf_result=$(oc ibm-pak list --downloaded -o json)
# One of the simplest ways to check if a string is empty or null is to use the -z and -n operators.
# The -z operator returns true if the string is null or empty, and false otherwise.
# The -n operator returns true if the string is not null or empty, and false otherwise.
if [ -z "$lf_result" ]; then
lf_res=0
else
# Pb avec le passage de variables à jsonpath ; décision retour vers jq
# lf_result=$(echo $lf_result | jsonpath '$.[?(@.name == "${lf_in_case}" && @.latestVersion == "${lf_in_version}")]')
# lf_result=$(echo $lf_result | jq -r --arg case "$lf_in_case" --arg version "$lf_in_version" '.[] | select (.name == $case and .latestVersion == $version)')
lf_result=$(echo $lf_result | jq -r --arg case "$lf_in_case" '[.[] | select (.name == $case )]')
if [ -z "$lf_result" ]; then
lf_res=0
else
lf_latestversion=$(echo $lf_result | jq -r max_by'(.latestVersion)|.latestVersion')
decho 3 "lf_latestversion=$lf_latestversion"
cmp_versions $lf_latestversion $lf_in_version
lf_cmp=$?
decho 3 "lf_cmp=$lf_cmp"
case $lf_cmp in
0) lf_res=1;;
2) mylog info "newer version of case $lf_in_case is available. Current version=$lf_in_version. Latest version=$lf_latestversion"
lf_res=1;;
esac
fi
fi
fi
decho 3 "F:OUT:is_case_downloaded"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
return $lf_res
}
############################################################
# Check that the CR is newer than the CR file
# Inputs :
# - Type of the custom resource
# - Custom resource
# - the file defining the custom resource
# - the namespace
# Returns 1 (if the cr is newer than the file) otherwise 0
# @param 1:
# @param 2:
# @param 3:
# @param 4:
function is_cr_newer() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :is_cr_newer"
local lf_in_type=$1
local lf_in_customresource=$2
local lf_in_file=$3
local lf_in_namespace=$4
local lf_customresource_timestamp
local lf_file_timestamp
local lf_path="{.metadata.creationTimestamp}"
local lf_res
#oc -n $lf_in_namespace get $lf_in_type $lf_in_customresource -o jsonpath='$lf_path'| date -d - +%s
lf_customresource_timestamp=$(oc -n $lf_in_namespace get $lf_in_type $lf_in_customresource -o json | jq -r '.metadata.creationTimestamp')
lf_customresource_timestamp=$(echo "$lf_customresource_timestamp" | date -d - +%s)
lf_file_timestamp=$(stat -c %Y $lf_in_file)
if [ $lf_customresource_timestamp -gt $lf_file_timestamp ]; then
lf_res=1
else
lf_res=0
fi
decho 3 "F:OUT:is_cr_newer"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
return $lf_res
}
################################################
# Check that all required executables are installed
# @param 1:
function check_command_exist() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 5 "F:IN :check_command_exist"
local command=$1
if ! command -v $command >/dev/null 2>&1; then
mylog error "Executable $command does not exist or is not executable, exiting."
exit 1
fi
decho 5 "F:OUT:check_command_exist"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
######################################################
# checks if the file exist, if no print a msg and exit
# @param 1:
function check_file_exist() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 5 "F:IN :check_file_exist"
local file=$1
if [ ! -e "$file" ]; then
mylog error "No such file: $file" 1>&2
exit 1
fi
decho 5 "F:OUT:check_file_exist"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
######################################################
# checks if the directory exist, if no print a msg and exit
# @param 1:
function check_directory_exist() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :check_directory_exist"
local directory=$1
if [ ! -d $directory ]; then
mylog error "No such directory: $directory" 1>&2
exit 1
fi
decho 3 "F:OUT:check_directory_exist"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
######################################################
# checks if the directory contains files, if no print a msg and exit
# @param 1:
function check_directory_contains_files() {
# SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
# decho 3 "F:IN :check_directory_contains_files"
local lf_in_directory=$1
local lf_files
shopt -s nullglob dotglob # To include hidden files
lf_files=$(find . -maxdepth 1 -type f | wc -l)
# decho 3 "F:OUT:check_directory_contains_files"
# SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
return $lf_files
}
######################################################
# checks if the directory exist, otherwise create it
# @param 1:
function check_directory_exist_create() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 4 "F:IN :check_directory_exist_create"
local directory=$1
if [ ! -d $directory ]; then
mkdir -p $directory
fi
decho 4 "F:OUT:check_directory_exist_create"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
#
# @param 1:
function read_config_file() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 5 "F:IN :read_config_file"
local lf_config_file
if test -n "$PC_CONFIG"; then
lf_config_file="$PC_CONFIG"
else
lf_config_file="$1"
fi
if test -z "$lf_config_file"; then
mylog error "Usage: $0 <config file>" 1>&2
mylog info "Example: $0 ${MAINSCRIPTDIR}cp4i.conf"
decho 5 "F:OUT:read_config_file"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
exit 1
fi
check_file_exist $lf_config_file
# load user specific variables, "set -a" so that variables are part of environment for envsubst
set -a
. "${lf_config_file}"
set +a
decho 5 "F:OUT:read_config_file"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
# Check that all required executables are installed
# No parameters.
function check_exec_prereqs() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :check_exec_prereqs"
check_command_exist awk
check_command_exist tr
check_command_exist curl
check_command_exist $MY_CONTAINER_ENGINE
check_command_exist ibmcloud
check_command_exist jq
check_command_exist keytool
check_command_exist oc
check_command_exist openssl
if $MY_MQ_CUSTOM; then
check_command_exist runmqakm
fi
if $MY_LDAP; then
check_command_exist ldapsearch
fi
decho 3 "F:OUT:check_exec_prereqs"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
# Wait n secs
# @param secs: number of seconds to wait for and displays it on the same line
# @param 1:
function waitn() {
local secs=$1
mylog info "Sleeping $secs"
while [ $secs -gt 0 ]; do
echo -ne "$secs\033[0K\r"
sleep 1
: $((secs--))
done
}
################################################
# Send email
# @param mail_def, exemple 159.8.70.38:2525
function send_email() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :send_email"
curl --url "smtp://$mail_def" \
--mail-from [email protected] \
--mail-rcpt [email protected] \
--upload-file ${MAINSCRIPTDIR}templates/emails/test-email.txt
decho 3 "F:OUT:send_email"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
# wait for command to return specified value
# @param 1: what description of waited state
# @param 2: value expected state value from check command
# @param 3: command executed command that returns some state
function wait_for_state() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :wait_for_state"
local lf_in_what=$1
local lf_in_value=$2
local lf_in_command=$3
local lf_start_time=$(date +%s)
local lf_current_time lf_elapsed_time lf_last_state lf_current_state lf_bullet
local lf_bullets=('|' '/' '-' '\\')
mylog check "Checking $lf_in_what"
#mylog check "Checking $lf_in_what status until reaches value $lf_in_value with command $lf_in_command"
lf_last_state=''
while true; do
lf_current_state=$(eval $lf_in_command)
if test "$lf_current_state" = "$lf_in_value"; then
mylog ok ", $lf_current_state"
break
fi
if test "$lf_last_state" != "$lf_current_state"; then
mylog wait "$lf_current_state"
lf_last_state=$lf_current_state
fi
for lf_bullet in "${lf_bullets[@]}"; do
# Use echo with -ne to print without newline and with escape sequences
lf_current_time=$(date +%s)
# Calculate the elapsed time
lf_elapsed_time=$((lf_current_time - lf_start_time))
# Display the elapsed time on the same line
echo -ne "\rElapsed time: ${lf_elapsed_time} seconds$lf_bullet"
#echo -ne "\r$lf_bullet Timer: $seconds seconds | Waiting...\033[0K\r"
# Sleep for a short interval to control the speed of the animation
sleep 0.1
done
done
decho 3 "F:OUT:wait_for_state"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
# Check if the resource of type octype with name name exists in the namespace ns.
# If it does not exist use the yaml file, with the appropriate variable.
# @param 1: octype: kubernetes resource class, example: "subscription"
# @param 2: name: name of the resource, example: "ibm-integration-platform-navigator"
# @param 3: yaml: the file with the definition of the resource, example: "${subscriptionsdir}Navigator-Sub.yaml"
# @param 4: ns: name space where the reousrce is created, example: $MY_OPERATORS_NAMESPACE
function check_create_oc_yaml() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :check_create_oc_yaml"
local lf_in_octype="$1"
local lf_in_cr_name="$2"
local lf_in_yaml_file="$3"
local lf_in_ns="$4"
export MY_OPERATORGROUP="$2"
export MY_NAMESPACE="$4"
local lf_newer
check_file_exist $lf_in_yaml_file
mylog check "Checking ${lf_in_octype} ${lf_in_cr_name} in ${lf_in_ns} project"
decho 3 "oc -n ${lf_in_ns} get ${lf_in_octype} ${lf_in_cr_name}"
if oc -n ${lf_in_ns} get ${lf_in_octype} ${lf_in_cr_name} >/dev/null 2>&1; then
is_cr_newer $lf_in_octype $lf_in_cr_name $lf_in_yaml_file $lf_in_ns
lf_newer=$?
if [ $lf_newer -eq 1 ]; then
mylog info "OK: Custom Resource $lf_in_cr_name is newer than file $lf_in_yaml_file"
else
envsubst <"${lf_in_yaml_file}" | oc -n ${lf_in_ns} apply -f - || exit 1
fi
else
envsubst <"${lf_in_yaml_file}" | oc -n ${lf_in_ns} apply -f - || exit 1
fi
decho 3 "F:OUT:check_create_oc_yaml"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
#
# @param 1: namespace
function provision_persistence_openldap() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :provision_persistence_openldap"
local lf_in_namespace="$1"
# handle persitence for Openldap
# only check one, assume that if one is created the other one is also created (short cut to optimize time)
mylog check "Checking persistent volume claim for LDAP in ${lf_in_namespace}"
if oc -n ${lf_in_namespace} get "PersistentVolumeClaim" "pvc-ldap-main" >/dev/null 2>&1; then mylog ok; else
envsubst <"${MY_YAMLDIR}ldap/ldap-pvc.main.yaml" >"${MY_WORKINGDIR}ldap-pvc.main.yaml"
envsubst <"${MY_YAMLDIR}ldap/ldap-pvc.config.yaml" >"${MY_WORKINGDIR}ldap-pvc.config.yaml"
oc -n ${lf_in_namespace} create -f ${MY_WORKINGDIR}ldap-pvc.main.yaml
oc -n ${lf_in_namespace} create -f ${MY_WORKINGDIR}ldap-pvc.config.yaml
wait_for_state "pvc pvc-ldap-config status.phase is Bound" "Bound" "oc -n ${lf_in_namespace} get pvc pvc-ldap-config -o jsonpath='{.status.phase}'"
wait_for_state "pvc pvc-ldap-main status.phase is Bound" "Bound" "oc -n ${lf_in_namespace} get pvc pvc-ldap-main -o jsonpath='{.status.phase}'"
fi
decho 3 "F:OUT:provision_persistence_openldap"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
# @param octype: kubernetes resource class, example: "deployment"
# @param ocname: name of the resource, example: "openldap"
# See https://github.com/osixia/docker-openldap for more details especialy all the configurations possible
function deploy_openldap() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :deploy_openldap"
local lf_in_octype="$1"
local lf_in_name="$2"
local lf_in_namespace="$3"
# check if deploment already performed
mylog check "Checking ${lf_in_octype} ${lf_in_name} in ${lf_in_namespace}"
if oc -n ${lf_in_namespace} get ${lf_in_octype} ${lf_in_name} >/dev/null 2>&1; then
mylog ok
else
mylog check "Checking service ${lf_in_name} in ${lf_in_namespace}"
if oc -n ${lf_in_namespace} get service ${lf_in_name} >/dev/null 2>&1; then
mylog ok
else
mylog info "Creating LDAP server"
oc adm policy add-scc-to-group anyuid system:serviceaccounts:${lf_in_namespace}
# deploy openldap and take in account the PVCs just created
# check that deployment of openldap was not done
# https://www.ibm.com/docs/en/sva/10.0.6?topic=support-docker-image-openldap
#echo $MY_ENTITLEMENT_KEY | docker login icr.io --username isva --password-stdin
#oc -n ${lf_in_namespace} new-app ibmcom/verify-access-openldap:latest
#oc -n ${lf_in_namespace} new-app isva/verify-access-openldap
oc -n ${lf_in_namespace} new-app osixia/${lf_in_name}
oc -n ${lf_in_namespace} get deployment.apps/openldap -o json | jq '. | del(."status")' >${MY_WORKINGDIR}openldap.json
envsubst <"${MY_YAMLDIR}ldap/ldap-config.json" >"${MY_WORKINGDIR}ldap-config.json"
oc -n ${lf_in_namespace} patch deployment.apps/openldap --patch-file ${MY_WORKINGDIR}ldap-config.json
fi
fi
decho 3 "F:OUT:deploy_openldap"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
# @param 1: octype: kubernetes resource class, example: "deployment"
# @param 2: ocname: name of the resource, example: "mailhog"
# @param 3:
# See https://github.com/osixia/docker-openldap for more details especialy all the configurations possible
# To add a user/password protection to the web UI: https://stackoverflow.com/questions/60162842/how-can-i-add-basic-authentication-to-the-mailhog-service-in-ddev-local
function deploy_mailhog() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :deploy_mailhog"
local lf_in_octype="$1"
local lf_in_name="$2"
local lf_in_namespace="$3"
# check if deploment already performed
mylog check "Checking ${lf_in_octype} ${lf_in_name} in ${lf_in_namespace}"
if oc -n ${lf_in_namespace} get ${lf_in_octype} ${lf_in_name} >/dev/null 2>&1; then
mylog ok
else
mylog check "Checking service ${lf_in_name} in ${lf_in_namespace}"
if oc -n ${lf_in_namespace} get service ${lf_in_name} >/dev/null 2>&1; then
mylog ok
else
mylog info "Creating mailhog server"
oc -n ${lf_in_namespace} new-app ${lf_in_name}/${lf_in_name}
fi
fi
decho 3 "F:OUT:deploy_mailhog"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
# Check if the service is already exposed
# @param 1:
# @param 2:
# @param 3:
function is_service_exposed() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :is_service_exposed"
local lf_in_namespace="$1"
local lf_in_service_name="$2"
local lf_in_port="$3"
local lf_port_name lf_res
lf_port_name=$(oc -n "${lf_in_namespace}" get service "${lf_in_service_name}" -o json | jq --argjson port "$lf_in_port" '.spec.ports[] | select(.nodePort == $port) |.name')
decho 3 "lf_port_name=$lf_port_name"
if [ -z "$lf_port_name" ]; then
lf_res=1
else
lf_res=0
fi
decho 3 "F:OUT:is_service_exposed"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
return $lf_res
}
#===========================================
# Add entry in LDAP if it doesn't exist
# @param 1:
# @param 2:
# @param 3:
# @param 4:
# @param 5:
# @param 6:
function add_entry_if_not_exists() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :add_entry_if_not_exists"
local lf_in_ldap_server="$1"
local lf_in_admin_dn="$2"
local lf_in_admin_password="$3"
local lf_in_entry_dn="$4"
local lf_in_entry_content="$5"
local lf_in_tmp_ldif_file="$6"
# Check if entry exists
local lf_in_search_result
lf_in_search_result=$(ldapsearch -x -H $lf_in_ldap_server -D "$lf_in_admin_dn" -w $lf_in_admin_password -b "$lf_in_entry_dn" -s base "(objectClass=*)")
# Check if the entry already exists
if [ -n "$lf_in_search_result" ]; then
if echo "$lf_in_search_result" | grep -q "dn: $lf_in_entry_dn"; then
mylog info "Entry $lf_in_entry_dn already exists. Skipping."
else
decho 3 "Entry $lf_in_entry_dn does not exist. Adding entry."
mylog info "$lf_in_entry_content" > $lf_in_tmp_ldif_file
ldapadd -x -H $lf_in_ldap_server -D "$lf_in_admin_dn" -w $lf_in_admin_password -f $lf_in_tmp_ldif_file
fi
fi
decho 3 "F:OUT:add_entry_if_not_exists"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
#========================================================
# add ldif file entries if each doesn't exist
# @param 1:
# @param 2:
# @param 3:
# @param 4:
function add_ldif_file () {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :add_ldif_file"
local lf_in_ldif_file="$1"
local lf_in_ldap_server="$2"
local lf_in_admin_dn="$3"
local lf_in_admin_password="$4"
local lf_tmp_ldif="${MY_WORKINGDIR}temp_entry.ldif"
local lf_line lf_entry_dn lf_entry_content
# Read the LDIF file and process each entry
while IFS= read -r lf_line; do
# Collect lines of a single LDIF entry
if [[ -z "$lf_line" ]]; then
# Empty line indicates end of an entry
if [[ -n "$lf_entry_dn" && -n "$lf_entry_content" ]]; then
add_entry_if_not_exists "$lf_in_ldap_server" "$lf_in_admin_dn" "$lf_in_admin_password" "$lf_entry_dn" "$lf_entry_content" "$lf_tmp_ldif"
lf_entry_dn=""
lf_entry_content=""
fi
else
# Accumulate the DN and content of the entry
if [[ "$lf_line" =~ ^dn:\ (.*) ]]; then
lf_entry_dn="${BASH_REMATCH[1]}"
fi
lf_entry_content+="$lf_line"$'\n'
fi
done < $lf_in_ldif_file
# Process the last entry if the file doesn't end with a new line
if [[ -n "$lf_entry_dn" && -n "$lf_entry_content" ]]; then
add_entry_if_not_exists "$lf_in_ldap_server" "$lf_in_admin_dn" "$lf_in_admin_password" "$lf_entry_dn" "$lf_entry_content" "$lf_tmp_ldif"
fi
# Clean up temporary file
#rm -f $lf_tmp_ldif
decho 3 "F:OUT:add_ldif_file"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
# @param 1: name: name of the resource, example: "openldap"
# @param 2: namespace: the namespace to use
function expose_service_openldap() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :expose_service_openldap"
local lf_in_name="$1"
local lf_in_namespace="$2"
local lf_hostname
decho 3 "lf_in_name=$lf_in_name|lf_in_namespace=$lf_in_namespace"
# expose service externaly and get host and port
oc -n ${lf_in_namespace} get service ${lf_in_name} -o json | jq '.spec.ports |= map(if .name == "389-tcp" then . + { "nodePort": 30389 } else . end)' | jq '.spec.ports |= map(if .name == "636-tcp" then . + { "nodePort": 30686 } else . end)' >${MY_WORKINGDIR}openldap-service.json
# Saad there was a bug the openldap-service.json did not exist when those two calls were made in the deploy_openldap function, I moved them here
# I do not think all this code is needed, what did you want to do?
oc -n ${lf_in_namespace} patch service ${lf_in_name} -p='{"spec": {"type": "NodePort"}}'
oc -n ${lf_in_namespace} patch service/${lf_in_name} --patch-file ${MY_WORKINGDIR}openldap-service.json
lf_port0=$(oc -n ${lf_in_namespace} get service ${lf_in_name} -o jsonpath='{.spec.ports[0].nodePort}')
lf_port1=$(oc -n ${lf_in_namespace} get service ${lf_in_name} -o jsonpath='{.spec.ports[1].nodePort}')
mylog info "Service ${lf_in_name} using port ${lf_port0} is not exposed."
oc -n ${lf_in_namespace} expose service ${lf_in_name} --name=openldap-external --port=${lf_port0}
mylog info "Service ${lf_in_name} using port ${lf_port1} is not exposed."
oc -n ${lf_in_namespace} expose service ${lf_in_name} --name=openldap-external --port=${lf_port1}
#is_service_exposed "${lf_in_namespace}" "${lf_in_name}" "${lf_port0}"
#if [ $? -eq 0 ]; then
# mylog info "Service ${lf_in_name} using port ${lf_port0} is already exposed."
#else
# mylog info "Service ${lf_in_name} using port ${lf_port0} is not exposed."
# oc -n ${lf_in_namespace} expose service ${lf_in_name} --name=openldap-external --port=${lf_port0}
#fi
#is_service_exposed "${lf_in_namespace}" "${lf_in_name}" "${lf_port1}"
#if [ $? -eq 0 ]; then
# mylog info "Service ${lf_in_name} using port ${lf_port1} is already exposed."
#else
# mylog info "Service ${lf_in_name} using port ${lf_port1} is not exposed."
# oc -n ${lf_in_namespace} expose service ${lf_in_name} --name=openldap-external --port=${lf_port1}
#fi
lf_hostname=$(oc -n ${lf_in_namespace} get route openldap-external -o jsonpath='{.spec.host}')
# load users and groups into LDAP
envsubst <"${MY_YAMLDIR}ldap/ldap-users.ldif" >"${MY_WORKINGDIR}ldap-users.ldif"
mylog info "Adding LDAP entries with following command: "
mylog info "$MY_LDAP_COMMAND -H ldap://${lf_hostname}:${lf_port0} -x -D \"$ldap_admin_dn\" -w \"$ldap_admin_password\" -f ${MY_WORKINGDIR}ldap-users.ldif"
add_ldif_file ${MY_WORKINGDIR}ldap-users.ldif "ldap://${lf_hostname}:${lf_port0}" "${ldap_admin_dn}" "${ldap_admin_password}"
#$MY_LDAP_COMMAND -H ldap://${lf_hostname}:${lf_port0} -D "${ldap_admin_dn}" -w "${ldap_admin_password}" -c -f ${MY_WORKINGDIR}ldap-users.ldif
mylog info "You can search entries with the following command: "
# ldapmodify -H ldap://$lf_hostname:$lf_port0 -D "$ldap_admin_dn" -w admin -f ${MY_LDAPDIR}Import.ldiff
mylog info "ldapsearch -H ldap://${lf_hostname}:${lf_port0} -x -D \"$ldap_admin_dn\" -w \"$ldap_admin_password\" -b \"$ldap_base_dn\" -s sub -a always -z 1000 \"(objectClass=*)\""
decho 3 "F:OUT:expose_service_openldap"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
# @param 1: name: name of the resource, example: "mailhog"
# @param 2: namespace: the namespace to use
function expose_service_mailhog() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :expose_service_mailhog"
local lf_in_name="$1"
local lf_in_namespace="$2"
local lf_port="$3"
# expose service externaly and get host and port
# Check if the service is already exposed
if oc -n ${lf_in_namespace} get route ${lf_in_name} >/dev/null 2>&1; then
mylog info "Service ${lf_in_name} is already exposed."
else
mylog info "Service ${lf_in_name} is not exposed."
oc -n ${lf_in_namespace} expose svc/${lf_in_name} --port=${lf_port} --name=${lf_in_name}
fi
lf_hostname=$(oc -n ${lf_in_namespace} get route ${lf_in_name} -o jsonpath='{.spec.host}')
decho 3 "MailHog accessible at ${lf_hostname}"
decho 3 "F:OUT:expose_service_mailhog"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
# Create namespace
# @param 1: ns namespace to be created
function create_namespace() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :create_namespace"
sc_in_ns=$1
var_fail sc_in_ns "Please define project name in config"
mylog check "Checking project $sc_in_ns"
if oc get project $sc_in_ns >/dev/null 2>&1; then mylog ok; else
mylog info "Creating project $sc_in_ns"
if ! oc new-project $sc_in_ns; then
decho 3 "F:OUT:create_namespace"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
exit 1
fi
fi
decho 3 "F:OUT:create_namespace"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
# Check if the resource exists.
# @param 1: octype: kubernetes resource class, example: "subscription"
# @param 2: name: name of the resource, example: "ibm-integration-platform-navigator"
# @param 3: ns: namespace/project to perform the search
# TODO The var variable is initialised for another function, this is not good
function check_resource_availability() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :check_resource_availability"
local lf_in_type="$1"
local lf_in_name="$2"
local lf_in_namespace="$3"
decho 3 "oc -n $lf_in_namespace get $lf_in_type $lf_in_name --ignore-not-found=true -o jsonpath='{.metadata.name}'"
var=$(oc -n $lf_in_namespace get $lf_in_type $lf_in_name --ignore-not-found=true -o jsonpath='{.metadata.name}')
while test -z $var; do
var=$(oc -n $lf_in_namespace get $lf_in_type $lf_in_name --ignore-not-found=true -o jsonpath='{.metadata.name}')
done
#SB]20231013 simulate a return value by echoing it
#echo $var
# SB]20240519 due to many problems with the return value, I will use an export variable to return the value
export MY_RESOURCE=$var
decho 3 "F:OUT:check_resource_availability"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
##SB]20230201 use ibm-pak oc plugin
# https://ibm.github.io/cloud-pak/
# @param 1:
# @param 2:
# @param 3: This is the version of the channel. It is an optional parameter, if ommited it is retrieved, else used values from invocation
function check_add_cs_ibm_pak() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :check_add_cs_ibm_pak"
SECONDS=0
local lf_in_case_name="$1"
local lf_in_arch="$2"
local lf_in_case_version="$3"
local lf_case_version lf_file lf_downloaded
#SB]20240612 prise en compte de l'existence ou non de la variable portant la version
if [ -z "$lf_in_case_version" ]; then
local lf_case_version=$(oc ibm-pak list -o json | jq -r --arg case "$lf_in_case_name" '.[] | select (.name == $case ) | .latestVersion')
else
lf_case_version=$lf_in_case_version
fi
#export MY_OPERATOR_CHL=$lf_case_version
is_case_downloaded ${lf_in_case_name} ${lf_case_version} #1>&2 > /dev/null
lf_downloaded=$?
decho 4 "lf_downloaded=$lf_downloaded"
if [ $lf_downloaded -eq 1 ]; then
mylog info "case ${lf_in_case_name} ${lf_case_version} already downloaded"
else
oc ibm-pak get ${lf_in_case_name} --version ${lf_case_version}
oc ibm-pak generate mirror-manifests ${lf_in_case_name} icr.io --version ${lf_case_version}
fi
lf_file=~/.ibm-pak/data/mirror/${lf_in_case_name}/${lf_case_version}/catalog-sources.yaml
if [ -e "$lf_file" ]; then
oc apply -f $lf_file
fi
lf_file=~/.ibm-pak/data/mirror/${lf_in_case_name}/${lf_case_version}/catalog-sources-linux-${lf_in_arch}.yaml
if [ -e "$lf_file" ]; then
oc apply -f $lf_file
fi
mylog info "Adding case $lf_in_case_name took $SECONDS seconds to execute." 1>&2
decho 3 "F:OUT:check_add_cs_ibm_pak"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
##SB]20231201 create operator subscription
# @param 1: operator name
# @param 2: namespace where the subscription is created (openshift-operators or others)
# @param 3: Operator channel
# @param 4: Control of the upgrade in the subscription, automatic or manual
# @param 5: name of the source catalog
# @param 6: Wait for the of subscription to be ready
# @param 7: csv Operator channel
function create_operator_subscription() {
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER + $SC_SPACES_INCR))
decho 3 "F:IN :create_operator_subscription"
# export are important because they are used to replace the variable in the subscription.yaml (envsubst command)
export MY_OPERATOR_NAME=$1
export MY_OPERATOR_NAMESPACE=$2
export MY_OPERATOR_CHL=$3
export MY_STRATEGY=$4
export MY_CATALOG_SOURCE_NAME=$5
local lf_in_wait=$6
local lf_in_csv_name=$7
local lf_file lf_path lf_resource lf_state lf_type
check_directory_exist ${MY_OPERATORSDIR}
SECONDS=0
lf_file="${MY_OPERATORSDIR}subscription.yaml"
#lf_file="${MY_OPERATORSDIR}subscription-tekton.yaml"
#lf_file="${MY_OPERATORSDIR}subscription_startingcsv.yaml"
lf_type="Subscription"
check_create_oc_yaml "${lf_type}" "${MY_OPERATOR_NAME}" "${lf_file}" "${MY_OPERATOR_NAMESPACE}"
lf_type="clusterserviceversion"
lf_path="{.status.phase}"
lf_state="Succeeded"
decho 3 "oc -n $MY_OPERATOR_NAMESPACE get $lf_type -o json | jq -r --arg my_resource \"$lf_in_csv_name\" '.items[].metadata | select (.name | contains ($my_resource)).name'"
seconds=0
while [ -z "$lf_resource" ]; do
echo -ne "Timer: $seconds seconds | Creating csv...\033[0K\r"
sleep 1
lf_resource=$(oc -n $MY_OPERATOR_NAMESPACE get $lf_type -o json | jq -r --arg my_resource "$lf_in_csv_name" '.items[].metadata | select (.name | contains ($my_resource)).name')
seconds=$((seconds + 1))
done
#lf_resource=$(oc -n $MY_OPERATOR_NAMESPACE get $lf_type -o json | jq -r --arg my_resource "$lf_in_csv_name" '.items[].metadata | select (.name | contains ($my_resource)).name')
decho 3 "lf_resource=$lf_resource|lf_in_csv_name=$lf_in_csv_name"
if [ $lf_in_wait ]; then
wait_for_state "$lf_type $lf_resource $lf_path is $lf_state" "$lf_state" "oc -n $MY_OPERATOR_NAMESPACE get $lf_type $lf_resource -o jsonpath='$lf_path'"
fi
mylog info "Creation of $MY_OPERATOR_NAME operator took $SECONDS seconds to execute." 1>&2
unset MY_OPERATOR_CHL
decho 3 "F:OUT:create_operator_subscription"
SC_SPACES_COUNTER=$((SC_SPACES_COUNTER - $SC_SPACES_INCR))
}
################################################
##SB]20231204 create operand instance
# @param 1:
# @param 2:
# @param 3:
# @param 4:
# @param 5:
# @param 6:
# @param 7: boolean to indicate if we are waiting for the operand to be running (defined by the combination of path and state, example respectively .status.phase and Ready)