From d424a993e016dc1692cdbbe87ea159d8a13aec3d Mon Sep 17 00:00:00 2001
From: Mathieu Leguay <mathieu.leguay@teamdlab.com>
Date: Tue, 21 Apr 2020 11:16:25 +0200
Subject: [PATCH] [DLAB-4126] Upgrade deployment (PKI & Ansible scripts)

- Upgrade functions.sh:
Addition of genericity on the functions allowing to handle a vault file
- Add ERASE as input parameters on PKI's scripts in order to preverse existing items when we execute scripts (add module, clients ...)
- Upgrade generate_stores.sh in order to populate dynamically the linked vault file
- Upgrade packaging in order to add the archive of deployment
- Upgrade scripts according to the PKI in order to clean/fix deployment for keystores/trustores and linked configuration
---
 deployment/pki/scripts/generate_certs.sh      |  5 +-
 deployment/pki/scripts/lib/functions.sh       |  1 +
 .../roles/vitamui/files/customer-init.yml     | 53 -------------------
 deployment/roles/vitamui/tasks/main.yml       | 18 +++++--
 4 files changed, 17 insertions(+), 60 deletions(-)
 delete mode 100644 deployment/roles/vitamui/files/customer-init.yml

diff --git a/deployment/pki/scripts/generate_certs.sh b/deployment/pki/scripts/generate_certs.sh
index ed422bb4..a5981901 100755
--- a/deployment/pki/scripts/generate_certs.sh
+++ b/deployment/pki/scripts/generate_certs.sh
@@ -278,10 +278,7 @@ initVault   certs   ${ERASE}
 if [ "${ERASE}" == "true" ]; then
     if [ -d ${REPERTOIRE_CERTIFICAT} ]; then
         # We remove all generated certs
-        find ${REPERTOIRE_CERTIFICAT} -type f -name *.crt -exec rm -f {} \;
-        find ${REPERTOIRE_CERTIFICAT} -type f -name *.key -exec rm -f {} \;
-        find ${REPERTOIRE_CERTIFICAT} -type f -name *.pem -exec rm -f {} \;
-        find ${REPERTOIRE_CERTIFICAT} -type d -empty -delete
+        find "${REPERTOIRE_CERTIFICAT}/" -mindepth 1 -maxdepth 1 -type d -exec rm -Rf {} \;
     fi
 fi
 if [ ! -d ${REPERTOIRE_CERTIFICAT} ]; then
diff --git a/deployment/pki/scripts/lib/functions.sh b/deployment/pki/scripts/lib/functions.sh
index 9469d288..9eb4f0de 100755
--- a/deployment/pki/scripts/lib/functions.sh
+++ b/deployment/pki/scripts/lib/functions.sh
@@ -251,6 +251,7 @@ function setComponentPassphrase {
     local RETURN_CODE=0
     local VAULT_FILE=$(getVaultFile "$TYPE")
     local VAULT_PASS=$(getVaultPass "$TYPE")
+    local KEY_PREFIX=$(getKeyPrefix "$TYPE")
 
     if [ ! -f "${VAULT_FILE}" ]; then
         pki_logger "ERROR" "The vault file is not found. Please, initialize it before call me ! Vault file: ${VAULT_FILE}"
diff --git a/deployment/roles/vitamui/files/customer-init.yml b/deployment/roles/vitamui/files/customer-init.yml
deleted file mode 100644
index e549a6d7..00000000
--- a/deployment/roles/vitamui/files/customer-init.yml
+++ /dev/null
@@ -1,53 +0,0 @@
-# This configuration file indicates profiles , profiles groups and users automatically create when a new customer or customer tenant is created.
-# Put as many as you want following the template given
-customer-init:
-  # Default profiles for each customer created
-  profiles:
-  #- name: profileName
-  #  description: desc
-  #  level: 1
-  #  app-name: app
-  #  roles:
-  #    - role_1
-  #    - role_2
-  #    - role_3
-  #  ...
-  # Default profiles groups for each customer created
-  profiles-groups:
-  #- name: group1
-  #   description: desc
-  #   level: 2
-  #   profiles:
-  #     - profileName
-  #  ...
-  # Default users for each customer created
-  users:
-  #- last-name: lastName
-  #   first-name: firstName
-  #   profiles-group-name: group1
-  #   level: 1
-  #   email-prefix: a@mail.com
-
-  # Default profiles for each tenant created
-  tenant-profiles:
-  #- name: profileName
-  #  description: desc
-  #  level: 1
-  #  app-name: app
-  #  roles:
-  #   - role_1
-  #   - role_2
-  #   - role_3
-  #  ...
-
-  # Other Default profiles for admin group
-  admin-profiles:
-  #- name: profileName
-  #  description: desc
-  #  level: 1
-  #  app-name: app
-  #  roles:
-  #   - role_1
-  #   - role_2
-  #   - role_3
-  #  ...
\ No newline at end of file
diff --git a/deployment/roles/vitamui/tasks/main.yml b/deployment/roles/vitamui/tasks/main.yml
index aad7ad14..e6cb01bc 100644
--- a/deployment/roles/vitamui/tasks/main.yml
+++ b/deployment/roles/vitamui/tasks/main.yml
@@ -141,9 +141,21 @@
   notify:
     - restart service
 
-- name: "Execute sub-tasks for the component type: {{ vitamui_struct.vitamui_component_type }}" 
-  include_tasks: "{{ vitamui_struct.vitamui_component_type }}.yml"
-  when: "{{ lookup('pipe', 'test -f {{ role_path }}/tasks/{{ vitamui_struct.vitamui_component_type }}.yml || echo nofile') == \"\" }}"
+- name: "Copy vitam certificates"
+  copy:
+    src: "{{ item }}"
+    dest: "{{ vitamui_folder_conf }}/{{ item | basename }}"
+    owner: "{{ vitamui_defaults.users.vitamui }}"
+    group: "{{ vitamui_defaults.users.group }}"
+    mode: "{{ vitamui_defaults.folder.folder_permission }}"
+  with_fileglob:
+    - "{{ inventory_dir }}/keystores/client-vitam/*.*"
+  when:
+    - vitam_cert is defined
+  tags:
+    - update_vitam_configuration
+  notify:
+    - restart service
 
 - name: "Execute sub-tasks for the component: {{ vitamui_struct.vitamui_component }}" 
   include_tasks: "{{ vitamui_struct.vitamui_component }}.yml"
-- 
GitLab