From d41286ab37cd703f25c6b2020efd919f13c9b29b Mon Sep 17 00:00:00 2001
From: haochenhu233 <92703718+haochenhu233@users.noreply.github.com>
Date: Fri, 7 Feb 2025 21:51:29 -0500
Subject: [PATCH] Credhub sync (#82)

* fix rabbitmq credhub credentials synchronization

* adding nats_client_ca

* clean tmp files

* bump releases versions and fix credhub sync

* use genesis credhub instead of credhub directly

---------

Co-authored-by: FiveTwenty AWS Bastion <bastion@fivetwenty.io>
---
 hooks/addon                       | 25 +++++++++++++++++--------
 manifests/forges/rabbitmq.yml     |  6 +++---
 manifests/forges/redis.yml        |  7 +++----
 manifests/releases/blacksmith.yml |  7 +++----
 4 files changed, 26 insertions(+), 19 deletions(-)

diff --git a/hooks/addon b/hooks/addon
index 9c46a8a..020ad11 100755
--- a/hooks/addon
+++ b/hooks/addon
@@ -129,21 +129,30 @@ blacksmith::register() {
 blacksmith::ca::sync() {
   # TODO: future we can use `credhub:` similar to `exodus:` in manifest instead of this
   describe "Fetching Blacksmith CA certificate details..."
+  
+  describe "Setting values in credhub for blacksmith_services_ca..."
 
   _path="${GENESIS_SECRETS_MOUNT}/${GENESIS_VAULT_PREFIX}/broker/ca"
 
-  safe get "${_path}:certificate" > ${PWD}/blacksmith-ca.crt
-  safe get "${_path}:key"         > ${PWD}/blacksmith-ca.key
+  genesis credhub ${GENESIS_ENVIRONMENT} set \
+     -t certificate \
+     -n "/${GENESIS_ENVIRONMENT}-bosh/${GENESIS_ENVIRONMENT}-blacksmith/blacksmith_services_ca" \
+     -c <(safe get "${_path}:certificate") \
+     -p <(safe get "${_path}:key")
+
 
-  describe "Setting values in credhub (you did login to credhub first, right?...)"
+  describe "Setting values in credhub for nats_client_cert..."
+  
+  _path_1="${GENESIS_SECRETS_MOUNT}exodus/${GENESIS_ENVIRONMENT}/cf"
+  _cf_path="${GENESIS_SECRETS_MOUNT}/${GENESIS_VAULT_PREFIX/blacksmith/cf}"
 
-  credhub set \
+  genesis credhub ${GENESIS_ENVIRONMENT} set \
     -t certificate \
-    -n "/${GENESIS_ENVIRONMENT}-bosh/${GENESIS_ENVIRONMENT}-blacksmith/blacksmith_services_ca" \
-    -c ${PWD}/blacksmith-ca.crt \
-    -p ${PWD}/blacksmith-ca.key
+    -n "/${GENESIS_ENVIRONMENT}-bosh/${GENESIS_ENVIRONMENT}-cf/nats_client_cert" \
+    -c <(safe get "${_path_1}:nats_client_cert") \
+    -p <(safe get "${_path_1}:nats_client_key") \
+    -r <(safe get "${_cf_path}/nats_ca:certificate")
 
-  rm -f blacksmith-ca.crt blacksmith-ca.key
 }
 
 blacksmith::visit() {
diff --git a/manifests/forges/rabbitmq.yml b/manifests/forges/rabbitmq.yml
index 8421168..7e1ac1c 100644
--- a/manifests/forges/rabbitmq.yml
+++ b/manifests/forges/rabbitmq.yml
@@ -18,9 +18,9 @@ meta:
 
 releases:
 - name:    rabbitmq-forge
-  version: 1.2.7
-  url:     https://github.com/blacksmith-community/rabbitmq-forge-boshrelease/releases/download/v1.2.7/rabbitmq-forge-1.2.7.tgz
-  sha1:    845e9930b891098336aa54ceea3044085c8cb008
+  version: 1.3.0
+  url:     https://github.com/blacksmith-community/rabbitmq-forge-boshrelease/releases/download/v1.3.0/rabbitmq-forge-1.3.0.tgz
+  sha1:    755c6ecf935da11f685a08d33fabb1e349bf1361
 
 params:
   releases:
diff --git a/manifests/forges/redis.yml b/manifests/forges/redis.yml
index 8ea0c14..5a007af 100644
--- a/manifests/forges/redis.yml
+++ b/manifests/forges/redis.yml
@@ -29,12 +29,11 @@ meta:
         type: standalone-7
         vm_type: default
 
-
 releases:
 - name:    redis-forge
-  version: 1.2.0
-  url:     https://github.com/blacksmith-community/redis-forge-boshrelease/releases/download/v1.2.0/redis-forge-1.2.0.tgz
-  sha1:    6c5bed86ba757aff8e7d8c3fc6b982e69b6932fb
+  version: 1.2.1
+  url:     https://github.com/blacksmith-community/redis-forge-boshrelease/releases/download/v1.2.1/redis-forge-1.2.1.tgz
+  sha1:    da3d12fd717c80e8d8cf99951edd108a1a9c8d30
 
 params:
   releases:
diff --git a/manifests/releases/blacksmith.yml b/manifests/releases/blacksmith.yml
index 3c0044d..36208b1 100644
--- a/manifests/releases/blacksmith.yml
+++ b/manifests/releases/blacksmith.yml
@@ -1,10 +1,9 @@
 ---
 releases:
   - name:    blacksmith
-    version: "1.8.0"
-    url:     (( concat "https://github.com/blacksmith-community/blacksmith-boshrelease/releases/download/v" releases.blacksmith.version "/blacksmith-" releases.blacksmith.version ".tgz" ))
-    sha1:    f722638c363c0762988c59a38500eb25bddfd94b
-
+    version: 1.9.0
+    url:     https://github.com/blacksmith-community/blacksmith-boshrelease/releases/download/v1.9.0/blacksmith-1.9.0.tgz
+    sha1:    9b86679c60a7651d9e8f6ea306179051491a19b0
   - name:    bosh
     version: "277.3.1"
     sha1:    73029034704f1d2e48bf0c312c0576b5fb14387e