now we add defect dojo post install scripts

emmanuel-knafo · emmanuel-knafo · commit cf7d77c11fe4 · 2024-11-26T21:12:09.000-05:00
diff --git a/New-Deployment.ps1 b/New-Deployment.ps1
@@ -0,0 +1,28 @@
+param (
+    [Parameter()]
+    [string]$nameSuffix = "ek005",
+    [Parameter()]
+    [string]$deploymentName = "deploy-rg-fnapp-$nameSuffix",
+    [Parameter()]
+    [string]$location = "canadacentral",
+    [Parameter()]
+    [string]$templateFile = "infra/main.bicep",    
+    [Parameter()]
+    [string]$resourceGroupName = "rg-fnapp-$nameSuffix"
+)
+
+# echo parameters
+Write-Host "deploymentName: $deploymentName"
+Write-Host "location: $location"
+Write-Host "templateFile: $templateFile"
+Write-Host "nameSuffix: $nameSuffix"
+Write-Host "resourceGroupName: $resourceGroupName"
+
+# create resource group
+az group create --name $resourceGroupName `
+    --location $location
+
+az deployment group create --name $deploymentName `
+    --resource-group $resourceGroupName `
+    --template-file $templateFile `
+    --parameters nameSuffix="$nameSuffix"
diff --git a/New-GitHubFederatedIdentity.ps1 b/New-GitHubFederatedIdentity.ps1
@@ -0,0 +1,86 @@
+param (
+    [Parameter()]
+    [string]
+    $displayName = "GH__devopsabcs_engineering__WRKSHP_FunctionApps", #"<your-service-principal-name>"
+    [Parameter()]
+    [string]
+    $githubRepo = "devopsabcs-engineering/WRKSHP_FunctionApps", #"<your-github-username>/<your-repo-name>"
+    [Parameter()]
+    [string]
+    $subscriptionId = "64c3d212-40ed-4c6d-a825-6adfbdf25dad", #"<your-subscription-id>"
+    [Parameter()]
+    [string]
+    $tenantId = "aa93b9d9-037d-4f08-a26d-783cff0e2369", #"<your-tenant-id>"
+    [Parameter()]
+    [string]
+    $clientId = ""
+)
+
+# echo parameters
+Write-Output "displayName: $displayName"
+Write-Output "githubRepo: $githubRepo"
+Write-Output "subscriptionId: $subscriptionId"
+Write-Output "tenantId: $tenantId"
+Write-Output "clientId: $clientId"
+
+# create azure credentials for the pipeline in github actions
+
+# Login to Azure
+#az login --service-principal -u "<your-service-principal-id>" -p "<your-service-principal-secret>" --tenant $tenantId
+az login --tenant $tenantId
+
+# Create the federated service principal
+$sp = az ad sp create-for-rbac --name $displayName --role Contributor `
+    --scopes /subscriptions/$subscriptionId `
+    --query "{clientId: appId, clientSecret: password}" -o json | ConvertFrom-Json
+$clientId = $sp.clientId
+
+# get object id from app registration
+$objectId = az ad app show --id $clientId --query id -o tsv
+Write-Output "Service principal object ID: $objectId"
+
+
+Write-Output "Service principal created."
+Write-Output "Client ID: $clientId"
+
+# read credentials.json from file
+#$credentialRaw = Get-Content -Path "credential.json" -Raw
+$credentialRaw = 
+@'
+{
+    "name": "__CREDENTIAL_NAME__",
+    "issuer": "https://token.actions.githubusercontent.com",
+    "subject": "__SUBJECT__",
+    "audiences": [
+        "api://AzureADTokenExchange"
+    ]
+}
+'@
+
+# find and replace the placeholders with the actual values
+$credential = $credentialRaw -replace "__CREDENTIAL_NAME__", $displayName -replace "__SUBJECT__", "repo:${githubRepo}:ref:refs/heads/main"
+
+#$appId = "<Your-App-Id>"
+$credential = $credential | ConvertFrom-Json
+Write-Output "Credential: $credential"
+New-AzADAppFederatedCredential -ApplicationObjectId $objectId -Name $credential.name `
+    -Issuer $credential.issuer -Subject $credential.subject `
+    -Audience $credential.audiences
+
+gh auth login
+
+# Push secrets to GitHub
+$secrets = @{
+    AZURE_CLIENT_ID       = $clientId
+    AZURE_TENANT_ID       = $tenantId
+    AZURE_SUBSCRIPTION_ID = $subscriptionId
+}
+
+# use gh cli to push secrets to github
+foreach ($secret in $secrets.GetEnumerator()) {
+    $value = $secret.Value
+    $name = $secret.Key
+    gh secret set $name -b $value -R $githubRepo
+}
+
+Write-Output "Federated service principal created and secrets pushed to GitHub."
diff --git a/Validate-Deployment.ps1 b/Validate-Deployment.ps1
@@ -0,0 +1,45 @@
+param (
+    [Parameter()]
+    [string]$nameSuffix = "ek002",
+    [Parameter()]
+    [string]$deploymentName = "deploy-rg-fnapp-$nameSuffix",
+    [Parameter()]
+    [string]$resourceGroupName = "rg-fnapp-$nameSuffix"
+)
+
+# echo parameters
+Write-Host "deploymentName: $deploymentName"
+Write-Host "nameSuffix: $nameSuffix"
+Write-Host "resourceGroupName: $resourceGroupName"
+
+#az account show                      
+# get functionAppName
+$functionAppName = az deployment group show --resource-group $resourceGroupName `
+    --name $deploymentName `
+    --query properties.outputs.azureFunctionName.value `
+    -o tsv
+Write-Host "functionAppName: $functionAppName"
+
+# get testUrl with function key
+$functionKey = az functionapp keys list --name $functionAppName `
+    --resource-group $resourceGroupName `
+    --query functionKeys.default `
+    -o tsv
+
+Write-Host "functionKey: $functionKey"
+
+$addNameParameter = $true
+
+if ($addNameParameter) {
+    Write-Host "Adding name parameter to testUrl"
+    $testUrl = "https://$functionAppName.azurewebsites.net/api/HttpExample?name=AzureDevOpsSmokeTest&code=$functionKey"
+}
+else {
+    $testUrl = "https://$functionAppName.azurewebsites.net/api/HttpExample?code=$functionKey"
+}
+
+Write-Host "testUrl: $testUrl"
+
+# test function
+$testResult = Invoke-RestMethod -Uri $testUrl
+Write-Host "testResult: $testResult"
diff --git a/infra/defect-dojo/deployDefectDojo.ps1 b/infra/defect-dojo/deployDefectDojo.ps1
@@ -0,0 +1,127 @@
+param (
+    [Parameter()]
+    [string]$nameSuffix = "ek005",
+    [Parameter()]
+    [string]$deploymentName = "deploy-rg-defectdojo-$nameSuffix",
+    [Parameter()]
+    [string]$location = "canadacentral",
+    [Parameter()]
+    [string]$templateFile = "main.bicep",    
+    [Parameter()]
+    [string]$resourceGroupName = "rg-defectdojo-$nameSuffix",
+    [Parameter()]
+    [string]$subscriptionId = "IT Test",
+    [Parameter()]
+    [string]$sshKeyPath = "$HOME\.ssh\vm-defectdojo-${nameSuffix}-id_rsa"
+)
+
+# function to generate random password
+function New-Password {
+    param (
+        [int]$length = 32
+    )
+
+    $chars = [char[]]('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+-=[]{}|;:,.<>?')
+    $password = -join ($chars | Get-Random -Count $length)
+    return $password
+}
+
+# install az cli if not already installed
+if (-not (Get-Command az -ErrorAction SilentlyContinue)) {
+    Write-Output "Installing az cli"
+    Invoke-Expression (New-Object System.Net.WebClient).DownloadString('https://aka.ms/installazurecliwindows')
+}
+else {
+    Write-Output "az cli already installed"    
+}
+
+# login
+Write-Output "Logging in to Azure"
+az login
+
+# set subscription
+Write-Output "Setting subscription to $subscriptionId"
+az account set --subscription "$subscriptionId"
+
+# echo parameters
+Write-Output "nameSuffix: $nameSuffix"
+Write-Output "deploymentName: $deploymentName"
+Write-Output "location: $location"
+Write-Output "templateFile: $templateFile"
+Write-Output "resourceGroupName: $resourceGroupName"
+
+# deploy
+# create resource group
+Write-Output "Creating resource group $resourceGroupName in location $location"
+az group create --name $resourceGroupName `
+    --location $location
+
+# generate ssh key pair
+Write-Output "Generating ssh key pair at $sshKeyPath"
+if (-not (Test-Path $sshKeyPath)) {
+    ssh-keygen -t rsa -b 2048 -f $sshKeyPath -q -N ""
+}
+else {
+    Write-Output "ssh key pair already exists"
+}
+
+# echo ssh public key
+Write-Output "Public key:"
+$sshPublicKey = Get-Content "$sshKeyPath.pub"
+Write-Output $sshPublicKey
+
+# generate random password for postgresql
+$password = New-Password -length 32
+Write-Output "Generated password for PostgreSQL: $password"
+
+# deploy bicep
+Write-Output "Deploying bicep template $templateFile to resource group $resourceGroupName"
+az deployment group create `
+    --name $deploymentName `
+    --resource-group $resourceGroupName `
+    --template-file main.bicep `
+    --parameters sshPublicKey="`"$sshPublicKey`"" `
+    --parameters administratorLoginPassword="`"$password`"" `
+    --parameters nameSuffix="`"$nameSuffix`""
+
+# output vm public ip address from deployment output
+$fqdn = (az deployment group show `
+        --name $deploymentName `
+        --resource-group $resourceGroupName `
+        --query "properties.outputs.fqdn.value" `
+        --output tsv)
+
+Write-Output "DefectDojo is deployed at $fqdn"
+
+# output postgresql fqdn from deployment output
+$fullyQualifiedDomainName = (az deployment group show `
+        --name $deploymentName `
+        --resource-group $resourceGroupName `
+        --query "properties.outputs.fullyQualifiedDomainName.value" `
+        --output tsv)
+
+Write-Output "PostgreSQL is deployed at $fullyQualifiedDomainName"
+
+# output admin username from deployment output
+$adminUsername = (az deployment group show `
+        --name $deploymentName `
+        --resource-group $resourceGroupName `
+        --query "properties.outputs.adminUsername.value" `
+        --output tsv)
+
+Write-Output "Admin username is $adminUsername"
+
+# get psql password from deployment output
+$administratorLogin = (az deployment group show `
+        --name $deploymentName `
+        --resource-group $resourceGroupName `
+        --query "properties.outputs.administratorLogin.value" `
+        --output tsv)
+
+# give ssh instructions
+Write-Output "To ssh into the VM, run the following command:"
+Write-Output "ssh -i $sshKeyPath $adminUsername@$fqdn"
+
+# give psql instructions
+Write-Output "To connect to PostgreSQL, run the following command:"
+Write-Output "psql -h $fullyQualifiedDomainName -U $administratorLogin -P $password"
diff --git a/infra/defect-dojo/main.bicep b/infra/defect-dojo/main.bicep
diff --git a/infra/defect-dojo/modules/postgresql.bicep b/infra/defect-dojo/modules/postgresql.bicep
