ID-29: Add support for environment variables for field and password configuration

Author: mlookaxw

CHANGELOG.adoc

@@ -111,6 +111,39 @@ In case of "source" is equal to "property" the password is retrieved form the pr
 <4> specifies a property as the source of the password
 
 NOTE: Configuration files in the old format are automatically converted into the new format.
+
+|https://github.com/Axway-API-Management-Plus/apigw-maven-plugin/issues/29[#29]
+|Enhancement
+|Add support for environment variables for field and password configuration.
+
+The `source` property new supports a new value `env` to specify an environment variable as the source for field values and certificate passwords.
+
+*Environmentalized Fields*
+[source,json]
+----
+  "field#0": {
+    "source": "env", <1>
+    "type": string",
+    "used": true,
+    "value": "ENV_NAME" <2>
+  }
+----
+<1> specifies an environment variable as the source of the field value
+<2> field value is retrieved from the environment variable `ENV_NAME`
+
+*Certificates*
+[source,json]
+----
+"update": {
+  "file": "cert/server.p12",
+  "password": "SERVER_PASSWORD", <1> 
+  "source": "env" <2>
+  "type": "p12"
+}
+----
+<1> password is retrieved from the environment variable `SERVER_PASSWORD`
+<2> specifies an environment variable as the source of the password
+
 |===
 
 

doc/manual/_config-tool.adoc

@@ -157,7 +157,7 @@ For each configured environmentalized entity a property exists.
 The name of the property is the _short hand key_ of the entity.
 
 The value of the field can be specified directly by a `value` property.
-It can also be specified indirectly by a property identified by the `property` property.
+It can also be specified indirectly by a property or environment variables (controlled via the `source` property).
 
 Properties are name/value pairs.
 The value of the property is defined ... _(in order of precedence)_
@@ -221,7 +221,7 @@ The plugin and the configuration tool provides a set of predefined system proper
                     "value": "_system.build.datetime" <8>
                 }
             }
-        }
+        },
         "/[CircuitContainer]name=Hello World/[FilterCircuit]name=Hello World Message/[SetAttributeFilter]name=Network zone": {
             "description": "Network zone the API Gateway is located.", 
             "fields": {
@@ -232,9 +232,20 @@ The plugin and the configuration tool provides a set of predefined system proper
                     "value": "internal" <9>
                 }
             }
+        },
+        "/[CircuitContainer]name=Hello World/[FilterCircuit]name=Hello World Message/[SetAttributeFilter]name=User": {
+            "description": "Name of the user building the .fed", 
+            "fields": {
+                "attributeValue#0": {
+                    "source": "env" <10>
+                    "type": "string",
+                    "used": true,
+                    "value": "USERNAME" <11>
+                }
+            }
         }
     }
-    "properties": { <10>
+    "properties": { <12>
         "foobar": "myvalue"
     }
 }
@@ -250,7 +261,9 @@ The property is automatically maintained by the plugin.
 <7> Name of the property containing the value.
 <8> Use value of the predefined system property `_system.build.datetime`.
 <9> Literal value for the field.
-<10> An optional local definition of properties.
+<10> Specifies an environment variable as the source for the field value.
+<11> Field value is retrieved from the `USERNAME` environment variable.
+<12> An optional local definition of properties.
 If the same property is defined in a separate property file (see below), the separate property has precedence.
 
 NOTE: If `value` is _null_ the field is treated as undefined and the build will fail.
@@ -306,6 +319,14 @@ It specifies the alias of the certificates within the project and the source of
                 "source": "property", <14>
                 "type": "p12"
             }
+        },
+        "test3": {
+            "update": {
+                "file": "cert/server.p12", 
+                "password": "TEST3_PASSWORD", <15>
+                "source": "env", <16>
+                "type": "p12"
+            }
         }
     }
 }
@@ -328,6 +349,8 @@ A missing `update` attribute indicates a new/unconfigured certificate.
 This certificate will be added to the certificate store.
 <13> Password for the `.p12` file is retrieved from the property configuration file.
 <14> Declares the property "password" as the source of the password for the `.p12` file.
+<15> The password is retrieved from the `TEST3_PASSWORD` environment variable.
+<16> Specifies an environment variable as the source of the password.
 
 === Properties
 

example/config-tool/config/gateway.certs.json

@@ -1,5 +1,13 @@
 {
   "certificates": {
+    "new-server": {
+      "update": {
+        "file": "config/certs/staged-server.p12", 
+        "password": "NEW_SERVER_PASSWORD", 
+        "source": "env", 
+        "type": "p12"
+      }
+    }, 
     "server": {
       "origin": {
         "info": {
@@ -9,10 +17,6 @@
       }, 
       "update": {
         "file": "config/certs/staged-server.p12", 
-        "info": {
-          "not_after": "2020-08-23T20:26:00+02:00", 
-          "subject": "CN=staged, O=ACME Inc., C=EX"
-        }, 
         "password": "cert.password.staged.server", 
         "source": "property", 
         "type": "p12"
@@ -27,10 +31,6 @@
       }, 
       "update": {
         "file": "config/certs/staged-root-ca.crt", 
-        "info": {
-          "not_after": "2029-08-23T20:22:00+02:00", 
-          "subject": "CN=staged-acme-inc-example, O=ACME Inc. (staged), C=EX"
-        }, 
         "type": "crt"
       }
     }

example/config-tool/config/gateway.config.json

@@ -32,10 +32,10 @@
           "value": "service.address"
         }, 
         "port#0": {
-          "source": "property", 
+          "source": "env", 
           "type": "string", 
           "used": true, 
-          "value": "service.port"
+          "value": "SERVICE_PORT"
         }
       }
     }

example/config-tool/config/gateway.props.json

@@ -1,6 +1,5 @@
 {
 	"properties": {
-		"service.address": "localhost",
-		"service.port": "18443"
+		"service.address": "localhost"
 	}
 }

example/config-tool/run.cmd

@@ -4,5 +4,9 @@ SET CMD_HOME=%~dp0
 CD /d "%CMD_HOME%"
 SET BUILDFED="..\..\src\main\resources\scripts\buildfed.cmd"
 
+REM Define environment variables for field value and password configuration
+SET SERVICE_PORT=18443
+SET NEW_SERVER_PASSWORD=changeme
+
 CALL %BUILDFED% -e src\gateway.env -p src\gateway.pol -c config\gateway.config.json --cert=config\gateway.certs.json --prop=config\gateway.props.json --prop=config\passwords.props.json -D artifact:demo-1.0.0 --output-fed=gateway.fed --passphrase-in=changeme --passphrase-out=changed
 ENDLOCAL

src/main/resources/scripts/lib/envconfig.py

@@ -167,10 +167,13 @@ def get_value(self, entity, entity_field):
         fk = FieldKey(self.to_shorthandkey(entity), entity_field.getEntityFieldName(), entity_field.getIndex(), entity_field.getType())
         f = self.__get_field(fk)
 
-        value = None
         if "source" not in f:
             raise ValueError("Missing 'source' property in field '%s#%s' of entity '%s'" % (fk.name, str(fk.index), fk.short_hand_key))
 
+        if "value" not in f:
+            raise ValueError("Missing 'value' property in field '%s#%s' of entity '%s'" % (fk.name, str(fk.index), fk.short_hand_key))
+
+        value = None
         if "property" == f["source"]:
             if f["value"]:
                 p = f["value"]
@@ -179,6 +182,10 @@ def get_value(self, entity, entity_field):
                     raise ValueError("Missing configured property '%s'" % (p))
         elif "value" == f["source"]:
             value = f["value"]
+        elif "env" == f["source"]:
+            if f["value"]:
+                e = f["value"]
+                value = os.environ[e]
         else:
             raise ValueError("Invalid source property '%s'" % f["source"])
 
@@ -350,6 +357,9 @@ def get_certificates(self):
 
                 password = None
                 if "password" in cert:
+                    if not cert["password"]:
+                        raise ValueError("Missing value for 'password' property in 'update' for alias '%s'!" % alias)
+
                     if "source" not in cert:
                         raise ValueError("Missing 'source' property in 'update' for alias '%s'!" % alias)
 
@@ -360,6 +370,9 @@ def get_certificates(self):
                             raise ValueError("Missing configured property '%s' for alias '%s'!" % (p, alias))
                     elif "password" == cert["source"]:
                         password = cert["password"]
+                    elif "env" == cert["source"]:
+                        e = cert["password"]
+                        password = os.environ[e]
                     else:
                         raise ValueError("Invalid password source '%s' for alias '%s'!" % (cert["source"], alias))