From 59ccac1726c468bbd323fb8d5b9fe2c549fa4651 Mon Sep 17 00:00:00 2001
From: TwistedTwigleg <ncbeard@amazon.com>
Date: Thu, 10 Nov 2022 15:17:54 -0500
Subject: [PATCH] New CodeBuild workflow (#328)

Use new CodeBuild workflow
---
 codebuild/samples/connect-linux.sh        |  3 ++-
 codebuild/samples/custom-auth-linux.sh    | 19 ++++++++++++++
 codebuild/samples/custom-key-ops-linux.sh | 16 ++++++++++++
 codebuild/samples/linux-smoke-tests.yml   | 18 ++++++++++---
 codebuild/samples/pkcs11-connect-linux.sh | 31 +++++++++++++++++++++++
 codebuild/samples/pubsub-linux.sh         | 17 +++++++++++++
 codebuild/samples/setup-linux.sh          |  8 +++---
 codebuild/samples/shadow-linux.sh         | 17 +++++++++++++
 8 files changed, 120 insertions(+), 9 deletions(-)
 create mode 100755 codebuild/samples/custom-auth-linux.sh
 create mode 100755 codebuild/samples/custom-key-ops-linux.sh
 create mode 100755 codebuild/samples/pkcs11-connect-linux.sh
 create mode 100755 codebuild/samples/pubsub-linux.sh
 create mode 100755 codebuild/samples/shadow-linux.sh

diff --git a/codebuild/samples/connect-linux.sh b/codebuild/samples/connect-linux.sh
index bfb18834c..6875747b9 100755
--- a/codebuild/samples/connect-linux.sh
+++ b/codebuild/samples/connect-linux.sh
@@ -1,12 +1,13 @@
 #!/bin/bash
 
 set -e
+set -o pipefail
 
 env
 
 pushd $CODEBUILD_SRC_DIR/samples/BasicConnect
 
-ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "unit-test/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
+ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
 
 mvn compile
 
diff --git a/codebuild/samples/custom-auth-linux.sh b/codebuild/samples/custom-auth-linux.sh
new file mode 100755
index 000000000..f8edd27fa
--- /dev/null
+++ b/codebuild/samples/custom-auth-linux.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -e
+set -o pipefail
+
+env
+
+pushd $CODEBUILD_SRC_DIR/samples/CustomAuthorizerConnect
+
+ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
+AUTH_NAME=$(aws secretsmanager get-secret-value --secret-id "ci/CustomAuthorizer/name" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
+AUTH_PASSWORD=$(aws secretsmanager get-secret-value --secret-id "ci/CustomAuthorizer/password" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
+
+mvn compile
+
+echo "Mqtt Connect with Custom Authorizer test"
+mvn exec:java -Dexec.mainClass="customauthorizerconnect.CustomAuthorizerConnect" -Daws.crt.ci="True" -Dexec.arguments="--endpoint,$ENDPOINT,--custom_auth_authorizer_name,$AUTH_NAME,--custom_auth_password,$AUTH_PASSWORD"
+
+popd
diff --git a/codebuild/samples/custom-key-ops-linux.sh b/codebuild/samples/custom-key-ops-linux.sh
new file mode 100755
index 000000000..57a887566
--- /dev/null
+++ b/codebuild/samples/custom-key-ops-linux.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e
+set -o pipefail
+env
+
+pushd $CODEBUILD_SRC_DIR/samples/CustomKeyOpsPubSub
+
+ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
+
+mvn compile
+
+echo "Custom Key Ops test"
+mvn exec:java -Dexec.mainClass="customkeyopspubsub.CustomKeyOpsPubSub" -Daws.crt.ci="True" -Dexec.arguments="--endpoint,$ENDPOINT,--key,/tmp/privatekey_p8.pem,--cert,/tmp/certificate.pem"
+
+popd
diff --git a/codebuild/samples/linux-smoke-tests.yml b/codebuild/samples/linux-smoke-tests.yml
index f1382bddc..432671c51 100644
--- a/codebuild/samples/linux-smoke-tests.yml
+++ b/codebuild/samples/linux-smoke-tests.yml
@@ -1,19 +1,29 @@
+# Assumes are running using the Ubuntu Codebuild standard image
+# NOTE: This script assumes that the AWS CLI-V2 is pre-installed!
+# - AWS CLI-V2 is a requirement to run this script.
 version: 0.2
-#this build spec assumes the ubuntu aws/codebuild/java:openjdk-8 image
 phases:
   install:
     commands:
       - sudo add-apt-repository ppa:openjdk-r/ppa
       - sudo add-apt-repository ppa:ubuntu-toolchain-r/test
       - sudo apt-get update -y
-      - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip"
-      - unzip -q -d /tmp /tmp/awscliv2.zip
-      - sudo /tmp/aws/install
+      - sudo apt-get install softhsm -y
+      - echo "\nBuild version data:"
+      - echo "\nJava Version:"; java -version
+      - echo "\nMaven Version:"; mvn --version
+      - echo "\nSoftHSM (PKCS11) version:"; softhsm2-util --version
+      - echo "\n"
   build:
     commands:
       - echo Build started on `date`
       - $CODEBUILD_SRC_DIR/codebuild/samples/setup-linux.sh
       - $CODEBUILD_SRC_DIR/codebuild/samples/connect-linux.sh
+      - $CODEBUILD_SRC_DIR/codebuild/samples/custom-auth-linux.sh
+      - $CODEBUILD_SRC_DIR/codebuild/samples/custom-key-ops-linux.sh
+      - $CODEBUILD_SRC_DIR/codebuild/samples/pkcs11-connect-linux.sh
+      - $CODEBUILD_SRC_DIR/codebuild/samples/pubsub-linux.sh
+      - $CODEBUILD_SRC_DIR/codebuild/samples/shadow-linux.sh
   post_build:
     commands:
       - echo Build completed on `date`
diff --git a/codebuild/samples/pkcs11-connect-linux.sh b/codebuild/samples/pkcs11-connect-linux.sh
new file mode 100755
index 000000000..65c2fbc3e
--- /dev/null
+++ b/codebuild/samples/pkcs11-connect-linux.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -e
+set -o pipefail
+
+pushd $CODEBUILD_SRC_DIR/samples/Pkcs11Connect
+
+ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
+
+# from hereon commands are echoed. don't leak secrets
+set -x
+
+softhsm2-util --version
+
+# SoftHSM2's default tokendir path might be invalid on this machine
+# so set up a conf file that specifies a known good tokendir path
+mkdir -p /tmp/tokens
+export SOFTHSM2_CONF=/tmp/softhsm2.conf
+echo "directories.tokendir = /tmp/tokens" > /tmp/softhsm2.conf
+
+# create token
+softhsm2-util --init-token --free --label my-token --pin 0000 --so-pin 0000
+
+# add private key to token (must be in PKCS#8 format)
+openssl pkcs8 -topk8 -in /tmp/privatekey.pem -out /tmp/privatekey.p8.pem -nocrypt
+softhsm2-util --import /tmp/privatekey.p8.pem --token my-token --label my-key --id BEEFCAFE --pin 0000
+
+# run sample
+mvn exec:java -Dexec.mainClass="pkcs11connect.Pkcs11Connect" -Daws.crt.ci="True" -Dexec.arguments="--endpoint,$ENDPOINT,--cert,/tmp/certificate.pem,--pkcs11_lib,/usr/lib/softhsm/libsofthsm2.so,--pin,0000,--token_label,my-token,--key_label,my-key"
+
+popd
diff --git a/codebuild/samples/pubsub-linux.sh b/codebuild/samples/pubsub-linux.sh
new file mode 100755
index 000000000..f810416e5
--- /dev/null
+++ b/codebuild/samples/pubsub-linux.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+set -o pipefail
+
+env
+
+pushd $CODEBUILD_SRC_DIR/samples/BasicPubSub
+
+ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
+
+mvn compile
+
+echo "Basic PubSub test"
+mvn exec:java -Dexec.mainClass="pubsub.PubSub" -Daws.crt.ci="True" -Dexec.arguments="--endpoint,$ENDPOINT,--key,/tmp/privatekey.pem,--cert,/tmp/certificate.pem"
+
+popd
diff --git a/codebuild/samples/setup-linux.sh b/codebuild/samples/setup-linux.sh
index c932f8773..7382cb8f3 100755
--- a/codebuild/samples/setup-linux.sh
+++ b/codebuild/samples/setup-linux.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 
 set -e
+set -o pipefail
 
 env
 
@@ -11,7 +12,6 @@ ulimit -c unlimited
 mvn compile
 mvn install -DskipTests=true
 
-cert=$(aws secretsmanager get-secret-value --secret-id "unit-test/certificate" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem
-key=$(aws secretsmanager get-secret-value --secret-id "unit-test/privatekey" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem
-key_p8=$(aws secretsmanager get-secret-value --secret-id "unit-test/privatekey-p8" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key_p8" > /tmp/privatekey_p8.pem
-
+cert=$(aws secretsmanager get-secret-value --secret-id "ci/CodeBuild/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem
+key=$(aws secretsmanager get-secret-value --secret-id "ci/CodeBuild/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem
+key_p8=$(aws secretsmanager get-secret-value --secret-id "ci/CodeBuild/keyp8" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key_p8" > /tmp/privatekey_p8.pem
diff --git a/codebuild/samples/shadow-linux.sh b/codebuild/samples/shadow-linux.sh
new file mode 100755
index 000000000..9138d060e
--- /dev/null
+++ b/codebuild/samples/shadow-linux.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+set -o pipefail
+
+env
+
+pushd $CODEBUILD_SRC_DIR/samples/Shadow
+
+ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
+
+mvn compile
+
+echo "Shadow test"
+mvn exec:java -Dexec.mainClass="shadow.ShadowSample" -Daws.crt.ci="True" -Dexec.arguments="--endpoint,$ENDPOINT,--key,/tmp/privatekey.pem,--cert,/tmp/certificate.pem,--thing_name,CI_CodeBuild_Thing"
+
+popd