Add certificate creation scripts

Author: calesanz

test/bkp_default.yml

@@ -27,3 +27,12 @@ splunk:
             useLocalAuth: false
             auditLogsLookupBackTime: -2h
             timewait: 30
+    - key: server
+      value:
+        directory: /opt/splunk/etc/system/local/
+        content:
+          sslConfig:
+            enableSplunkdSSL: true
+            serverCert: /cert_dir/splunk_sh.pem
+            sslRootCAPath: /cert_dir/ca.crt
+            sslPassword: password

test/certificates/Dockerfile

@@ -0,0 +1,9 @@
+FROM alpine:latest
+
+RUN apk update && \
+  apk add --no-cache openssl bash && \
+  rm -rf "/var/cache/apk/*"
+
+COPY createca.sh createcerts.sh entrypoint.sh /scripts/
+
+ENTRYPOINT [ "bash", "/scripts/entrypoint.sh" ]

test/certificates/createcerts.sh

@@ -60,6 +60,7 @@ mkdir -p $dir/certs
 [ ! -f $dir/index.txt ] && touch $dir/index.txt
 # SIGN Request
 openssl ca \
+  -batch \
   -in ${CSR} \
   -out ${CERT} \
   -extensions ${CRT_TYPE} \

test/certificates/entrypoint.sh

@@ -0,0 +1,21 @@
+#!/bin/sh
+set -e
+echo "Starting Certificate Creation"
+mkdir -p /cert_dir
+cd /cert_dir
+sh /scripts/createca.sh
+while read -r line; do
+  # Get the string before = (the var name)
+  name="${line%=*}"
+  eval value="\$$name"
+  if [[ $name = 'CERTIFICATE'* ]]
+  then
+    echo "name: ${name}, value: ${value}"
+    bash /scripts/createcerts.sh  ${value}
+  fi
+done <<EOF
+$(env)
+EOF
+
+
+echo $(env)

test/docker-compose.yml

@@ -5,6 +5,16 @@ networks:
     attachable: true
 
 services:
+  certificates:
+    build: certificates
+    hostname: certificates
+    container_name: certificates
+    volumes:
+      - cert_dir:/cert_dir
+    environment:
+      CERTIFICATE_0: "splunk_moc 127.0.0.1 server_cert"
+      CERTIFICATE_1: "splunk_sh 127.0.0.1 server_cert"
+
   splunk_sh:
     networks:
       splunknet:
@@ -27,7 +37,11 @@ services:
       - ../metadata:/opt/splunk/etc/apps/SplunkVersionControl/metadata
       - ../README:/opt/splunk/etc/apps/SplunkVersionControl/README
       - ../static:/opt/splunk/etc/apps/SplunkVersionControl/static
+      - ../lookups/splunkversioncontrol_globalexclusionlist.csv:/opt/splunk/etc/apps/SplunkVersionControl/lookups/splunkversioncontrol_globalexclusionlist.csv
       - ../test/sh_default.yml:/tmp/defaults/default.yml
+      - cert_dir:/cert_dir
+    depends_on:
+      - certificates
 
   splunk_moc:
     networks:
@@ -57,5 +71,12 @@ services:
       - ../metadata:/opt/splunk/etc/apps/SplunkVersionControl/metadata
       - ../README:/opt/splunk/etc/apps/SplunkVersionControl/README
       - ../static:/opt/splunk/etc/apps/SplunkVersionControl/static
+      - ../lookups/splunkversioncontrol_globalexclusionlist.csv:/opt/splunk/etc/apps/SplunkVersionControl/lookups/splunkversioncontrol_globalexclusionlist.csv
       - ../test/bkp_default.yml:/tmp/defaults/default.yml
       - ../test/custom_init.sh:/usr/sbin/custom_init.sh
+      - cert_dir:/cert_dir
+    depends_on:
+      - certificates
+
+volumes:
+  cert_dir: {}

test/sh_default.yml

@@ -12,3 +12,12 @@ splunk:
           sslVerify:
             definiton: false
             # definition: /opt/splunk/etc/apps/SplunkVersionControl/auth/ca.pem
+    - key: server
+      value:
+        directory: /opt/splunk/etc/system/local/
+        content:
+          sslConfig:
+            enableSplunkdSSL: true
+            serverCert: /cert_dir/splunk_sh.pem
+            sslRootCAPath: /cert_dir/ca.crt
+            sslPassword: password