feat(gorgone): use centreonvault lib to decrypt password in gorgone c…

…onfiguration (#1791) * feat(gorgone): interpret vault secret in gorgone configuration * doc(gorgone): Add vault option in documentation * ci(gorgone): launch gorgone build when tests are modified * feat(gorgone): Add Gorgone dependency on centreon-perl-libs-common for vault. * ci(gorgone): Gorgone unit test run on the CI. * ci(gorgone): don't deliver package if test don't pass The automated test should pass before we try to deliver the deb/rpm package. This is for now not backported because the tests are still new. * tests(gorgone): Add a whole gorgone configuration to be checked by unit tests. I didn't link to the template used by package installation because it can change (this have more configuration by the way, so is a better exemple of gorgone configuration) and I don't want to be sure the package install the correct file, I want to be sure gorgone read configuration correctly. Co-authored-by: omercier <[email protected]> Co-authored-by: cg-tw <[email protected]> Refs:MON-106121
centreon · Dec 11, 2024 · 4aed3b9 · 4aed3b9
1 parent 47302f2
commit 4aed3b9
Show file tree

Hide file tree

Showing 25 changed files with 583 additions and 276 deletions.
diff --git a/.github/actions/package/action.yml b/.github/actions/package/action.yml
@@ -116,6 +116,6 @@ runs:
       name: Upload package artifacts
       uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
       with:
-        name: ${{ inputs.arch != '' && format('packages-{0}-{1}', inputs.distrib, inputs.arch) || format('packages-{0}', inputs.distrib) }}
+        name: ${{ inputs.arch != '' && format('packages-{0}-{1}', inputs.distrib, inputs.arch) || format('packages-{0}', inputs.distrib) }}-${{ inputs.stability }}
         path: ./*.${{ inputs.package_extension}}
         retention-days: 1
diff --git a/.github/workflows/gorgone.yml b/.github/workflows/gorgone.yml
@@ -94,13 +94,13 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Run unit tests
-        run: yath -L test ./perl-libs/lib/
+        run: yath -L test ./perl-libs/lib/ ./gorgone/tests/unit/
 
       - name: Upload logs as artifacts if tests failed
         if: failure()
         uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
-          name: plugin-installation-${{ matrix.distrib }}
+          name: centreon-collect-perl-unit-tests-${{ matrix.distrib }}
           path: ./lastlog.jsonl
           retention-days: 1
 
@@ -348,7 +348,7 @@ jobs:
 
   deliver-deb:
     runs-on: [self-hosted, common]
-    needs: [get-environment, package]
+    needs: [get-environment, package, robot-test-gorgone, unit-test-perl]
     if: |
       needs.get-environment.outputs.skip_workflow == 'false' &&
       contains(fromJson('["unstable", "testing"]'), needs.get-environment.outputs.stability) &&

diff --git a/gorgone/docs/configuration.md b/gorgone/docs/configuration.md
@@ -100,6 +100,22 @@ configuration:
       proxy_name: proxy
 ```
 
+## *centreon vault*
+
+Centreon Vault is a tool that secures the passwords present in the Centreon configuration.\
+
+It stores passwords in a vault and retrieves them when needed by each component.\
+
+Gorgone allows you to use a vault to store any string in the configuration. It cannot store an array or a hash.
+
+
+To use Vault, read the official documentation to set up Vault and the configuration file in `/var/lib/centreon/vault/vault.json`\
+
+Then replace any password present in the Gorgone configuration with a Vault string. See the official format here : 
+
+
+https://github.com/centreon/centreon-collect/blob/develop/perl-libs/lib/centreon/common/centreonvault.pm#L391
+
 ## *modules*
 
 See the *configuration* titles of the modules documentations listed [here](../docs/modules.md).
diff --git a/gorgone/gorgone/class/core.pm b/gorgone/gorgone/class/core.pm
@@ -35,7 +35,7 @@ use gorgone::class::listener;
 use gorgone::class::frame;
 use Time::HiRes;
 use Try::Tiny;
-
+use centreon::common::centreonvault;
 my ($gorgone);
 
 use base qw(gorgone::class::script);
@@ -163,10 +163,17 @@ sub init {
         $self->{logger}->writeLogError("[core] can't find config file '$self->{config_file}'");
         exit(1);
     }
+    # before loading the config, we need to load initialize vault.
+    # Gorgone don't know how to reload for now, but once it will be done, we will need to retry the vault connexion if it failed when starting, and read again the configuration
+    $self->{vault_file} = defined($self->{vault_file}) ? $self->{vault_file} : '/var/lib/centreon/vault/vault.json';
+    $self->{vault} = centreon::common::centreonvault->new(logger => $self->{logger},  'config_file' =>  $self->{vault_file});
+
     $self->{config} = $self->yaml_load_config(
-        file => $self->{config_file},
+        file   => $self->{config_file},
+        # the filter is used to remove anything from the configuration not related to gorgone or centreon
         filter => '!($ariane eq "configuration##" || $ariane =~ /^configuration##(?:gorgone|centreon)##/)'
     );
+
     $self->init_server_keys();
 
     $self->{config}->{configuration}->{gorgone}->{gorgonecore}->{external_com_zmq_tcp_keepalive} =

diff --git a/gorgone/gorgone/class/logger.pm b/gorgone/gorgone/class/logger.pm