Conditionally disable uaa HSTS when the distro is 'oss'

Signed-off-by: Anthony Emengo <[email protected]>

bin/build

@@ -9,7 +9,7 @@ rm -rf "$output_dir"
 mkdir "$output_dir"
 
 "$pcfdev_dir/bin/setup-packer" "$output_dir/packer-bosh"
-"$pcfdev_dir/bin/fetch-assets" "$pcfdev_dir/versions.json" "$output_dir"
+"$pcfdev_dir/bin/fetch-assets" "$pcfdev_dir/versions.json" "$output_dir" 'oss'
 
 spiff merge \
   "$pcfdev_dir/manifest.yml" \

bin/fetch-assets

@@ -9,9 +9,9 @@ if [[ -z $(which jq) ]]; then
     exit 1
 fi
 
-if [[ -z $1 ]] || [[ -z $2 ]] || [[ ! -d $(dirname "$2") ]]; then
+if [[ -z $1 ]] || [[ -z $2 ]] || [[ -z $3 ]] || [[ ! -d $(dirname "$2") ]]; then
   >&2 echo "Usage:"
-  >&2 echo -e "\t$0 /path/to/versions.json /path/to/pcfdev-workspace"
+  >&2 echo -e "\t$0 /path/to/versions.json /path/to/pcfdev-workspace distribution"
   exit 1
 fi
 
@@ -32,6 +32,7 @@ shasum_matches() {
 
 versions_json_path=$1
 output_dir=$2
+distro=$3
 
 assets_dir=$output_dir/assets
 releases_dir=$(cd "$output_dir" && cd .. && pwd)/releases
@@ -41,7 +42,7 @@ mkdir -p "$assets_dir"/{releases,extras,versions}
 mkdir -p "$releases_dir"
 
 GOOS=linux GOARCH=amd64 GOPATH=$pcfdev_dir \
-  go build -a -o "$assets_dir/scripts/provision" pcfdev
+  go build -a -ldflags "-X main.distro=${distro}" -o "$assets_dir/scripts/provision" pcfdev
 
 cp -r "$pcfdev_dir/src/github.com/cppforlife/bosh-provisioner/assets"/{monit,agent} "$assets_dir/"
 GOOS=linux GOARCH=amd64 GOPATH=$pcfdev_dir \

src/pcfdev/main.go

@@ -16,6 +16,7 @@ import (
 var (
 	provisionScriptPath = "/var/pcfdev/run"
 	timeoutInSeconds    = "3600"
+	distro              = "pcf"
 )
 
 func main() {
@@ -36,6 +37,8 @@ func main() {
 		DisableUAAHSTS: &commands.DisableUAAHSTS{
 			WebXMLPath: "/var/vcap/packages/uaa/tomcat/conf/web.xml",
 		},
+
+		Distro: distro,
 	}
 
 	if err := p.Provision(provisionScriptPath, os.Args[1:]...); err != nil {

src/pcfdev/main_test.go

@@ -74,14 +74,30 @@ var _ = Describe("PCF Dev provision", func() {
 		Eventually(session).Should(gbytes.Say("<param-value>false</param-value>"))
 	})
 
+	Context("when the distribution is not 'pcf'", func() {
+		BeforeEach(func() {
+			Expect(exec.Command("docker", "exec", dockerID, "go", "build", "-ldflags", "-X main.distro=oss -X main.provisionScriptPath=/go/src/pcfdev/provision-script", "pcfdev").Run()).To(Succeed())
+		})
+
+		It("should not disable HSTS in UAA", func() {
+			session, err := gexec.Start(exec.Command("docker", "exec", dockerID, "/go/src/pcfdev/pcfdev", "local.pcfdev.io"), GinkgoWriter, GinkgoWriter)
+			Expect(err).NotTo(HaveOccurred())
+			Eventually(session).Should(gexec.Exit(0))
+
+			session, err = gexec.Start(exec.Command("docker", "exec", dockerID, "grep", "<param-name>hstsEnabled</param-name>", "/var/vcap/packages/uaa/tomcat/conf/web.xml"), GinkgoWriter, GinkgoWriter)
+			Expect(err).NotTo(HaveOccurred())
+			Eventually(session).Should(gexec.Exit(1))
+		})
+	})
+
 	Context("when provisioning fails", func() {
 		BeforeEach(func() {
 			Expect(exec.Command("bash", "-c", "echo \"#!/bin/bash\nexit 42\" > "+pwd+"/provision-script").Run()).To(Succeed())
 		})
 
 		It("should exit with the exit status of the provision script", func() {
 			session, _ := gexec.Start(exec.Command("docker", "exec", dockerID, "/go/src/pcfdev/pcfdev", "local.pcfdev.io"), GinkgoWriter, GinkgoWriter)
-			Eventually(session).Should(gexec.Exit(42))
+			Eventually(session, "5s").Should(gexec.Exit(42))
 		})
 	})
 

src/pcfdev/provisioner/provisioner.go

@@ -32,12 +32,13 @@ type Command interface {
 }
 
 type Provisioner struct {
-	Cert      Cert
-	CmdRunner CmdRunner
-	FS        FS
-	UI        UI
-
+	Cert           Cert
+	CmdRunner      CmdRunner
+	FS             FS
+	UI             UI
 	DisableUAAHSTS Command
+
+	Distro string
 }
 
 func (p *Provisioner) Provision(provisionScriptPath string, args ...string) error {
@@ -68,8 +69,10 @@ func (p *Provisioner) Provision(provisionScriptPath string, args ...string) erro
 		return err
 	}
 
-	if err := p.DisableUAAHSTS.Run(); err != nil {
-		return err
+	if p.Distro == "pcf" {
+		if err := p.DisableUAAHSTS.Run(); err != nil {
+			return err
+		}
 	}
 
 	return p.CmdRunner.Run(provisionScriptPath, args...)

src/pcfdev/provisioner/provisioner_test.go

@@ -33,12 +33,13 @@ var _ = Describe("Provisioner", func() {
 			mockDisableUAAHSTS = mocks.NewMockCommand(mockCtrl)
 
 			p = &provisioner.Provisioner{
-				Cert:      mockCert,
-				CmdRunner: mockCmdRunner,
-				FS:        mockFS,
-				UI:        mockUI,
-
+				Cert:           mockCert,
+				CmdRunner:      mockCmdRunner,
+				FS:             mockFS,
+				UI:             mockUI,
 				DisableUAAHSTS: mockDisableUAAHSTS,
+
+				Distro: "pcf",
 			}
 		})
 
@@ -61,6 +62,26 @@ var _ = Describe("Provisioner", func() {
 			Expect(p.Provision("some-provision-script-path", "some-domain")).To(Succeed())
 		})
 
+		Context("when the distribution is not 'pcf'", func() {
+			BeforeEach(func() {
+				p.Distro = "oss"
+			})
+
+			It("should provision a vm without disabling UAAHSTS", func() {
+				gomock.InOrder(
+					mockCert.EXPECT().GenerateCerts("some-domain").Return([]byte("some-cert"), []byte("some-key"), []byte("some-ca-cert"), []byte("some-ca-key"), nil),
+					mockFS.EXPECT().Mkdir("/var/vcap/jobs/gorouter/config"),
+					mockFS.EXPECT().Write("/var/vcap/jobs/gorouter/config/cert.pem", bytes.NewReader([]byte("some-cert"))),
+					mockFS.EXPECT().Write("/var/vcap/jobs/gorouter/config/key.pem", bytes.NewReader([]byte("some-key"))),
+					mockFS.EXPECT().Mkdir("/var/pcfdev/openssl"),
+					mockFS.EXPECT().Write("/var/pcfdev/openssl/ca_cert.pem", bytes.NewReader([]byte("some-ca-cert"))),
+					mockCmdRunner.EXPECT().Run("some-provision-script-path", "some-domain"),
+				)
+
+				Expect(p.Provision("some-provision-script-path", "some-domain")).To(Succeed())
+			})
+		})
+
 		Context("when there is an error generating certificate", func() {
 			It("should return the error", func() {
 				mockCert.EXPECT().GenerateCerts("some-domain").Return(nil, nil, nil, nil, errors.New("some-error"))