From 519f4785cb0b4f71c8384f2184e56d180d7ea10c Mon Sep 17 00:00:00 2001
From: Martin Lablans <m.lablans@dkfz-heidelberg.de>
Date: Tue, 31 May 2022 13:56:44 +0200
Subject: [PATCH] Make git update use new credential helper that fetches git
 creds from vault.

---
 lib/gitpassword.sh       | 46 ++++++++++++++++++++++++++++++++++++++++
 lib/update-bridgehead.sh | 29 ++++++++++++++++++++++---
 2 files changed, 72 insertions(+), 3 deletions(-)
 create mode 100755 lib/gitpassword.sh

diff --git a/lib/gitpassword.sh b/lib/gitpassword.sh
new file mode 100755
index 0000000..3ec76d5
--- /dev/null
+++ b/lib/gitpassword.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+if [ "$1" != "get" ]; then
+	echo "Usage: $0 get"
+	exit 1
+fi
+
+baseDir() {
+	# see https://stackoverflow.com/questions/59895
+	SOURCE=${BASH_SOURCE[0]}
+	while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
+		DIR=$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )
+		SOURCE=$(readlink "$SOURCE")
+		[[ $SOURCE != /* ]] && SOURCE=$DIR/$SOURCE # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
+        done
+        DIR=$( cd -P "$( dirname "$SOURCE" )/.." >/dev/null 2>&1 && pwd )
+        echo $DIR
+}
+
+BASE=$(baseDir)
+cd $BASE
+
+source lib/functions.sh
+
+assertVarsNotEmpty SITE_ID || exit 1
+
+date >> /tmp/gitpass
+
+PARAMS="$(tee -a /tmp/gitpass)"
+GITHOST=$(echo "$PARAMS" | grep "^host=" | sed 's/host=\(.*\)/\1/g')
+
+fetchVarsFromVault CCP_GIT
+
+if [ -z "${CCP_GIT}" ]; then
+	log ERROR "Git password not found."
+	exit 1
+fi
+
+tee -a /tmp/gitpass <<EOF
+protocol=https
+host=$GITHOST
+username=bk-${SITE_ID}
+password=${CCP_GIT}
+EOF
+
+echo >> /tmp/gitpass
diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh
index 2b06687..b6cd317 100755
--- a/lib/update-bridgehead.sh
+++ b/lib/update-bridgehead.sh
@@ -1,10 +1,30 @@
 #!/bin/bash
 source lib/functions.sh
 
-log "INFO" "Checking for updates of services"
+CONFFILE=/etc/bridgehead/$1.conf
+
+if [ ! -e $CONFFILE ]; then
+  log ERROR "Configuration file $CONFFILE not found."
+  exit 1
+fi
+
+source $CONFFILE
+
+assertVarsNotEmpty SITE_ID || exit 1
+export SITE_ID
+
+checkOwner . bridgehead || exit 1
+checkOwner /etc/bridgehead bridgehead || exit 1
+
+CREDHELPER="/srv/docker/bridgehead/lib/gitpassword.sh"
 
 # Check git updates
 for DIR in /etc/bridgehead $(pwd); do
+  log "INFO" "Checking for updates to git repo $DIR ..."
+  if [ "$(git -C $DIR config --get credential.helper)" != "$CREDHELPER" ]; then
+    log "INFO" "Configuring repo to use bridgehead git credential helper."
+    git -C $DIR config credential.helper "$CREDHELPER"
+  fi
   old_git_hash="$(git -C $DIR rev-parse --verify HEAD)"
   git -C $DIR fetch 2>&1
   git -C $DIR pull 2>&1
@@ -30,6 +50,7 @@ for DIR in /etc/bridgehead $(pwd); do
 done
 
 # Check docker updates
+log "INFO" "Checking for updates to running docker images ..."
 docker_updated="false"
 for IMAGE in $(docker ps --filter "name=bridgehead" --format {{.Image}}); do
   log "INFO" "Checking for Updates of Image: $IMAGE"
@@ -41,10 +62,12 @@ done
 
 # If anything is updated, restart service
 if [ $git_updated = "true" ] || [ $docker_updated = "true" ]; then
-  log "INFO" "Due to previous updates now restarting bridgehead"
+  log "INFO" "Update detected, now restarting bridgehead"
   systemctl restart 'bridgehead@*'
+else
+  log "INFO" "Nothing updated, nothing to restart."
 fi
-log "INFO" "checking updates finished"
+
 exit 0
 
 # TODO: Print last commit explicit