diff --git a/eng/common/scripts/common.ps1 b/eng/common/scripts/common.ps1 index 4e0b0847cdbf..4f31c92c3d20 100644 --- a/eng/common/scripts/common.ps1 +++ b/eng/common/scripts/common.ps1 @@ -44,3 +44,4 @@ $GetDocsMsMetadataForPackageFn = "Get-${Language}-DocsMsMetadataForPackage" $GetDocsMsDevLanguageSpecificPackageInfoFn = "Get-${Language}-DocsMsDevLanguageSpecificPackageInfo" $GetGithubIoDocIndexFn = "Get-${Language}-GithubIoDocIndex" $FindArtifactForApiReviewFn = "Find-${Language}-Artifacts-For-Apireview" +$TestProxyTrustCertFn = "Import-Dev-Cert-${Language}" diff --git a/eng/common/scripts/trust-proxy-certificate.ps1 b/eng/common/scripts/trust-proxy-certificate.ps1 new file mode 100644 index 000000000000..144d304cfd18 --- /dev/null +++ b/eng/common/scripts/trust-proxy-certificate.ps1 @@ -0,0 +1,6 @@ +. $PSScriptRoot/common.ps1 + +if ($TestProxyTrustCertFn -and (Test-Path "Function:$TestProxyTrustCertFn")) +{ + &$TestProxyTrustCertFn +} \ No newline at end of file diff --git a/eng/common/testproxy/apply-dev-cert.sh b/eng/common/testproxy/apply-dev-cert.sh new file mode 100644 index 000000000000..5b4523e8c3c6 --- /dev/null +++ b/eng/common/testproxy/apply-dev-cert.sh @@ -0,0 +1,31 @@ +#!/bin/bash +TMP_PATH=$CERT_FOLDER +PFXFILE=$CERT_FOLDER/dotnet-devcert.pfx +CRTFILE=$CERT_FOLDER/dotnet-devcert.crt + +NSSDB_PATHS=( + "$HOME/.pki/nssdb" + "$HOME/snap/chromium/current/.pki/nssdb" + "$HOME/snap/postman/current/.pki/nssdb" +) + +function configure_nssdb() { + echo "Configuring nssdb for $1" + certutil -d sql:$1 -D -n dotnet-devcert + certutil -d sql:$1 -A -t "CP,," -n dotnet-devcert -i $CRTFILE +} + +for NSSDB in ${NSSDB_PATHS[@]}; do + if [ -d "$NSSDB" ]; then + configure_nssdb $NSSDB + fi +done + +if [ $(id -u) -ne 0 ]; then + SUDO='sudo' +fi + +$SUDO cp $CRTFILE "/usr/local/share/ca-certificates" +$SUDO update-ca-certificates + +dotnet dev-certs https --clean --import $PFXFILE -p "password" diff --git a/eng/common/testproxy/docker-start-proxy.ps1 b/eng/common/testproxy/docker-start-proxy.ps1 new file mode 100644 index 000000000000..4e5da37278a2 --- /dev/null +++ b/eng/common/testproxy/docker-start-proxy.ps1 @@ -0,0 +1,83 @@ + #!/usr/bin/env pwsh -c + +<# +.DESCRIPTION +Start the docker proxy container. If it is already running, quietly exit. Any other error should fail. +.PARAMETER Mode +"start" or "stop" to start up or stop the test-proxy instance. +.PARAMETER TargetFolder +The folder in which context the test proxy will be started. Defaults to current working directory. +#> +[CmdletBinding(SupportsShouldProcess = $true)] +param( + [ValidateSet("start", "stop")] + [String] + $Mode, + [String] + $TargetFolder = "." +) + +try { + docker --version | Out-Null +} +catch { + Write-Error "A invocation of docker --version failed. This indicates that docker is not properly installed or running." + Write-Error "Please check your docker invocation and try running the script again." +} + +$SELECTED_IMAGE_TAG = "1037115" +$CONTAINER_NAME = "ambitious_azsdk_test_proxy" +$LINUX_IMAGE_SOURCE = "azsdkengsys.azurecr.io/engsys/testproxy-lin:${SELECTED_IMAGE_TAG}" +$WINDOWS_IMAGE_SOURCE = "azsdkengsys.azurecr.io/engsys/testproxy-win:${SELECTED_IMAGE_TAG}" +$root = (Resolve-Path $TargetFolder).Path.Replace("`\", "/") + +function Get-Proxy-Container(){ + return (docker container ls -a --format "{{ json . }}" --filter "name=$CONTAINER_NAME" ` + | ConvertFrom-Json ` + | Select-Object -First 1) +} + + +$SelectedImage = $LINUX_IMAGE_SOURCE +$Initial = "" + +# most of the time, running this script on a windows machine will work just fine, as docker defaults to linux containers +# however, in CI, windows images default to _windows_ containers. We cannot swap them. We can tell if we're in a CI build by +# checking for the environment variable TF_BUILD. +if ($IsWindows -and $env:TF_BUILD){ + $SelectedImage = $WINDOWS_IMAGE_SOURCE + $Initial = "C:" +} + +if ($Mode -eq "start"){ + $proxyContainer = Get-Proxy-Container + + # if we already have one, we just need to check the state + if($proxyContainer){ + if ($proxyContainer.State -eq "running") + { + Write-Host "Discovered an already running instance of the test-proxy!. Exiting" + exit(0) + } + } + # else we need to create it + else { + Write-Host "Attempting creation of Docker host $CONTAINER_NAME" + Write-Host "docker container create -v `"${root}:${Initial}/etc/testproxy`" -p 5001:5001 -p 5000:5000 --name $CONTAINER_NAME $SelectedImage" + docker container create -v "${root}:${Initial}/etc/testproxy" -p 5001:5001 -p 5000:5000 --name $CONTAINER_NAME $SelectedImage + } + + Write-Host "Attempting start of Docker host $CONTAINER_NAME" + docker container start $CONTAINER_NAME +} + +if ($Mode -eq "stop"){ + $proxyContainer = Get-Proxy-Container + + if($proxyContainer){ + if($proxyContainer.State -eq "running"){ + Write-Host "Found a running instance of $CONTAINER_NAME, shutting it down." + docker container stop $CONTAINER_NAME + } + } +} \ No newline at end of file diff --git a/eng/common/testproxy/dotnet-devcert.crt b/eng/common/testproxy/dotnet-devcert.crt new file mode 100644 index 000000000000..e8575ea44564 --- /dev/null +++ b/eng/common/testproxy/dotnet-devcert.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSDCCAjCgAwIBAgIUPMKpJ/j10eQrcQBNnkImIaOYHakwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTIxMDgwNTAwMzU1NloXDTIyMDgw +NTAwMzU1NlowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAxe/ZseXgOTVoF7uTjX5Leknk95jIoyGc+VlxA8BhzGOr +r4u6VNQZRCMq+svHY36tW4+u/xHNe2kvbwy2mnS8cFFLfst+94qBZVJDBxSGZ9I/ +wekErNsjFsik4UrMvcC+ZlGPh7hb3f7tSx29tn1DIkAUXVnbZ6TT5s+mYRQpZ6fW +6kR3RNfc0A1IUM7Zs9yfNEr0O2H41P2HcLKoOPtvd7GvTQm9Ofh3srKvII+sZn/J +WH7r76oRQMX904mOMdryQwZLObsqX4dXIEbafKVSecB3PBVIhv8gVtJhcZbQP1pI +mMiWd6PHv46ZhGf7+cKnYUSa8Ia2t/wetK1wd00dFwIDAQABo4GRMIGOMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGmMBYGA1UdJQEB/wQMMAoGCCsGAQUF +BwMBMBcGA1UdEQEB/wQNMAuCCWxvY2FsaG9zdDA6BgorBgEEAYI3VAEBBCwMKkFT +UC5ORVQgQ29yZSBIVFRQUyBkZXZlbG9wbWVudCBjZXJ0aWZpY2F0ZTANBgkqhkiG +9w0BAQsFAAOCAQEAIj2VlBVcXGSly6KCBg6lgwFi+henWfSox77iuGAaAxDjN3jd +9lZahW4MPNLHKSrPRb4YNSLZ2jh7zdcttQrqd4qH65o1q56q5JrCmli99iIzY9Y8 +RdYyxK4Zzr31wjpsyFiWQfqJTuSFUUg9uDDj0negwEZLIGlt7nr12wflt2+QOJtD +byMeSZLbB5dPzn341DK0qfJEJMMgL0XsPEVZ3TQ6Alc9zq5wI608C/mXnz3xJE05 +UTYD8pRJJ/DyG0empvOVE8Sg93msHPquAbgqO9aqCpykgg/a8CFvI4wRdfvGEFlv +8XJKL8Y/PFsmFeO3axq3zUYKFVdc9Un4dFIaag== +-----END CERTIFICATE----- diff --git a/eng/common/testproxy/dotnet-devcert.pfx b/eng/common/testproxy/dotnet-devcert.pfx new file mode 100644 index 000000000000..28058ae4ce30 Binary files /dev/null and b/eng/common/testproxy/dotnet-devcert.pfx differ diff --git a/eng/common/testproxy/localhost.conf b/eng/common/testproxy/localhost.conf new file mode 100644 index 000000000000..2e03415293cc --- /dev/null +++ b/eng/common/testproxy/localhost.conf @@ -0,0 +1,23 @@ +[req] +prompt = no +default_bits = 2048 +distinguished_name = subject +req_extensions = req_ext +x509_extensions = x509_ext + +[ subject ] +commonName = localhost + +[req_ext] +basicConstraints = critical, CA:true +subjectAltName = @alt_names + +[x509_ext] +basicConstraints = critical, CA:true +keyUsage = critical, keyCertSign, cRLSign, digitalSignature,keyEncipherment +extendedKeyUsage = critical, serverAuth +subjectAltName = critical, @alt_names +1.3.6.1.4.1.311.84.1.1 = ASN1:UTF8String:ASP.NET Core HTTPS development certificate # Needed to get it imported by dotnet dev-certs + +[alt_names] +DNS.1 = localhost diff --git a/eng/common/testproxy/test-proxy-docker.yml b/eng/common/testproxy/test-proxy-docker.yml new file mode 100644 index 000000000000..97617b6fd08a --- /dev/null +++ b/eng/common/testproxy/test-proxy-docker.yml @@ -0,0 +1,15 @@ +parameters: + rootFolder: '$(Build.SourcesDirectory)' + +steps: + - pwsh: | + $(Build.SourcesDirectory)/eng/common/scripts/trust-proxy-certificate.ps1 + displayName: 'Language Specific Certificate Trust' + + - pwsh: | + $(Build.SourcesDirectory)/eng/common/testproxy/docker-start-proxy.ps1 -Mode start -TargetFolder "${{ parameters.rootFolder }}" + displayName: 'Run the docker container' + + - pwsh: | + docker container ls -a + displayName: Check running container \ No newline at end of file diff --git a/eng/common/testproxy/test-proxy-tool.yml b/eng/common/testproxy/test-proxy-tool.yml new file mode 100644 index 000000000000..9f24b0f0d527 --- /dev/null +++ b/eng/common/testproxy/test-proxy-tool.yml @@ -0,0 +1,47 @@ +parameters: + rootFolder: '$(Build.SourcesDirectory)' + +steps: + - pwsh: | + $(Build.SourcesDirectory)/eng/common/scripts/trust-proxy-certificate.ps1 + displayName: 'Language Specific Certificate Trust' + + - pwsh: | + Write-Host "##vso[task.setvariable variable=OriginalPath]$env:PATH" + displayName: 'Store Path Value' + + - pwsh: | + Write-Host "##vso[task.setvariable variable=ASPNETCORE_Kestrel__Certificates__Default__Path]$(Build.SourcesDirectory)/eng/common/testproxy/dotnet-devcert.pfx" + Write-Host "##vso[task.setvariable variable=ASPNETCORE_Kestrel__Certificates__Default__Password]password" + displayName: 'Configure Kestrel Environment Variables' + + - task: UseDotNet@2 + displayName: "Use .NET Core SDK" + inputs: + packageType: sdk + version: 5.0.205 + + - pwsh: | + dotnet tool install azure.sdk.tools.testproxy ` + --tool-path $(Build.BinariesDirectory)/test-proxy ` + --add-source https://pkgs.dev.azure.com/azure-sdk/public/_packaging/azure-sdk-for-net/nuget/v3/index.json ` + --version 1.0.0-dev.20210811.2 + displayName: "Install test-proxy" + + - pwsh: | + Start-Process $(Build.BinariesDirectory)/test-proxy/test-proxy.exe ` + -ArgumentList "--storage-location '${{ parameters.rootFolder }}'" ` + -NoNewWindow -PassThru + displayName: 'Run the testproxy - windows' + condition: and(succeeded(), eq(variables['Agent.OS'],'Windows_NT')) + + # nohup does NOT continue beyond the current session if you use it within powershell + - bash: | + sudo nohup $(Build.BinariesDirectory)/test-proxy/test-proxy & + displayName: "Run the testproxy - linux/mac" + condition: and(succeeded(), ne(variables['Agent.OS'],'Windows_NT')) + workingDirectory: "${{ parameters.rootFolder }}" + + - pwsh: | + Write-Host "##vso[task.setvariable variable=PATH]$(OriginalPath)" + displayName: 'Restore .NET version by resetting path' \ No newline at end of file