diff --git a/custom-vpc-contract-generator/templates/user-data-encrypted.yaml b/custom-vpc-contract-generator/templates/user-data-encrypted.yaml index cbe431a..7682bc3 100644 --- a/custom-vpc-contract-generator/templates/user-data-encrypted.yaml +++ b/custom-vpc-contract-generator/templates/user-data-encrypted.yaml @@ -42,12 +42,12 @@ env: {{- range $vk, $vv := .WorkloadEnvs}} {{$vk}}: {{$vv}} {{- end}} -{{- end}}{{- if .EnvPass}}env: "hyper-protect-basic.{{rsaCertEnc "" .EnvPass | b64enc}}. - {{- $envData := execTpl "envTemplate" .}} - {{- aesCbcPbkdfEnc .EnvPass $envData | b64enc}}" +{{- end}}{{- if .EnvPass}}env: "hyper-protect-basic.{{EncRsaCert .IbmHyperProtectCert .EnvPass | b64enc}}. + {{- $envData := execTemplate "envTemplate" .}} + {{- EncAesCbcPbkdf .EnvPass $envData | b64enc}}" {{- end}} {{- if .WorkloadPass}} -workload: "hyper-protect-basic.{{rsaCertEnc "" .WorkloadPass | b64enc}}. - {{- $workloadData := execTpl "workloadTemplate" .}} - {{- aesCbcPbkdfEnc .WorkloadPass $workloadData | b64enc}}" +workload: "hyper-protect-basic.{{EncRsaCert .IbmHyperProtectCert .WorkloadPass | b64enc}}. + {{- $workloadData := execTemplate "workloadTemplate" .}} + {{- EncAesCbcPbkdf .WorkloadPass $workloadData | b64enc}}" {{- end}} diff --git a/custom-vpc-contract-generator/vpccontractgenerator.star b/custom-vpc-contract-generator/vpccontractgenerator.star index 6c474ba..5fc7bd9 100644 --- a/custom-vpc-contract-generator/vpccontractgenerator.star +++ b/custom-vpc-contract-generator/vpccontractgenerator.star @@ -14,6 +14,42 @@ # Creates IBM VPC contract file def transform(new_artifacts, old_artifacts): + ibmHyperProtectCert = """ +-----BEGIN CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQLKNAizePV1jGkvBknjjfOzANBgkqhkiG9w0BAQ0FADCB +0TELMAkGA1UEBhMCREUxGzAZBgNVBAgMEkJhZGVuLVfDvHJ0dGVtYmVyZzETMBEG +A1UEBwwKQsO2YmxpbmdlbjE0MDIGA1UECgwrSUJNIERldXRzY2hsYW5kIFJlc2Vh +cmNoICYgRGV2ZWxvcG1lbnQgR21iSDEkMCIGA1UECxMbSUJNIFogSHlicmlkIENs +b3VkIFBsYXRmb3JtMTQwMgYDVQQDDCtJQk0gRGV1dHNjaGxhbmQgUmVzZWFyY2gg +JiBEZXZlbG9wbWVudCBHbWJIMB4XDTIyMDkwMjE2NTc0N1oXDTQyMDkwMjE2NTc1 +N1owgZYxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJCVzETMBEGA1UEBxMKQm9lYmxp +bmdlbjEhMB8GA1UECgwYSUJNIERldXRzY2hsYW5kIFImRCBHbWJIMSQwIgYDVQQL +ExtJQk0gWiBIeWJyaWQgQ2xvdWQgUGxhdGZvcm0xHDAaBgNVBAMTE2NvbnRyYWN0 +LWRlY3J5cHRpb24wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDI9Jx9 +NXPsbONFVqIsXfzB/4WI4Kj070AxveF8QHTMb8mQ8KOD5ZDs6Ug1fli2JbxFPfvK +oFD0v1FNsxBhjWHAkq8LpeIzrG0YVLmDcjQqEaJQd58YK8GygOLy7qoRMedsVr2X ++MIqxJda06tc/O3GrM4swZRQVh7I0BHB9cJ3mLbh7St3vmhBpNZt9EKIgTJUGFUH +gTpeZuh2AjOcKsdrbzfGcs+4q1CstVNZ9eECVc27JPAzzrfzS8ZRlLJPOVEVDj1Z +gs3rA36eTxRMC0XuJC+mgKASJsFKygYQmfbs1mzIN0oIzsewjHM6AywuJ21Srjaq +gMSaRKzfpnMELJqWpIKFDGjj+p6anp8zJPYQy9IrOG8ifgCg+LhVGQ6mx3xMgY3m +H9Mwcto/ox6mkLf/7JYWK2RoAZEJRuojuMpOfeOLEkkzkBgzgD2JLh2ps+Zc7YxE +I9O02vMHUHhamqLyjD1OOBUBbYQ+W+28svbMgr3m5F8ILzXVWTnT6+h6WStXhLbk +zUIsAWconRt6g3A6Y9UCeK252j3ITjKPlcduICZkkcnaj73VDACRmoOVBPrnb2Ex +YfXhibBlwPcGyUV+GwlZgs5IN+X8GIU0I6QFFUUh3+BhgbVu8Rei0CKl52aRyFTe +w9wo0abntwYLQlovZLNsPtMeZIGO/P37IMelGwIDAQABMA0GCSqGSIb3DQEBDQUA +A4ICAQAgBhbamlqQlOYNgyOOPnuDNRe/LEshv+yeHS5Yqjgb/o5WzhHQNla6kQpD +TgbYvF70Qkj3agSH6+M6C+mmdgzGNQOWhnPBPtDiySOn8BvlhIvcsOz/OQyIi0Se +4vqiKPQmGUJ9aZCmzmkKbzUIpWJZy8XOcG15a5lW1OIDIVl7qRehZDQ0MqhYk5yQ +hXG/0o50APhSJ3fN6ulcdP/BfMGQmHs3fRHiaOMxJvJC/obUSDCgDIrBodAk2GvW +8aKEu2yRS1RoespumrkB621eULWhTQ//M31JlvBSo5daulOcjfBeCmGcQGQFJs45 +hsTkLfltYf6nkFxzrjPvaRMT9xGmXFUkMrr163P2f0ngDp2BopqAGaVT/yD4llOs +Li5o5ZEcSOhILypa141pGwDBK/7IGv35zicO39VlpKsF/sRej4xPMkZOSlBSAgQf +oDJ6NLx69TtmcDpz0nU9y4yjZQDWj2CiG8yK5Lr9ayq8ayOneJr3Krh0bJ43izD2 +19UeNHaQrN94ylMNAyNB+2QrOtkAYuu0XKYuEDYaKx5V9w0Oodc2RJVZVt4PeHyY +BxB0v4gNdfr/ESjrmwHfQJh1wQYMG6mUUHseIGKwb7qLaHIp7Nxxc1bydlxEHqqB +bF0c1daNoz1JrAL6rrhMRMT8TQZTw+n/+R3HDbdIWG9alxtNbg== +-----END CERTIFICATE-----""" + pathMappings = [] artifacts = [] usesVPC = m2k.query({"id": "move2kube.ibmvpc", "type": "Select", "description": "Do you use IBM VPC?", "hints": ["A VPC contract file will be created."], "options": ["Yes", "No"]}) @@ -109,5 +145,6 @@ def transform(new_artifacts, old_artifacts): data["WorkloadEnvs"] = workloadEnvs if workloadPass != "": data["WorkloadPass"] = workloadPass + data["IbmHyperProtectCert"] = ibmHyperProtectCert pathMappings.append({'type': 'Template', 'templateConfig': data, 'destinationPath': 'ibm_vpc_artifacts/'}) return {'pathMappings': pathMappings, 'artifacts': artifacts}