New CodeBuild workflow

codebuild/samples/connect-linux.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -e
+set -o pipefail
+
+env
+
+pushd $CODEBUILD_SRC_DIR/samples/
+
+ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
+
+echo "Basic Connect test"
+python3 basic_connect.py --endpoint $ENDPOINT --key /tmp/privatekey.pem --cert /tmp/certificate.pem
+
+echo "Websocket Connect test"
+python3 websocket_connect.py --endpoint $ENDPOINT --signing_region us-east-1
+
+popd

codebuild/samples/custom-auth-linux.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+set -o pipefail
+
+env
+
+pushd $CODEBUILD_SRC_DIR/samples/
+
+ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
+AUTH_NAME=$(aws secretsmanager get-secret-value --secret-id "ci/CustomAuthorizer/name" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
+AUTH_PASSWORD=$(aws secretsmanager get-secret-value --secret-id "ci/CustomAuthorizer/password" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
+
+echo "Custom Authorizer test"
+python3 custom_authorizer_connect.py --endpoint $ENDPOINT --custom_auth_authorizer_name $AUTH_NAME --custom_auth_password $AUTH_PASSWORD
+
+popd

codebuild/samples/linux-smoke-tests.yml

@@ -1,15 +1,26 @@
+# Assumes are running using the Ubuntu Codebuild standard image
+# NOTE: This script assumes that the AWS CLI-V2 is pre-installed!
+# - AWS CLI-V2 is a requirement to run this script.
 version: 0.2
 phases:
   install:
     commands:
       - add-apt-repository ppa:ubuntu-toolchain-r/test
       - apt-get update -y
       - apt-get install python3 softhsm -y
+      - echo "\nBuild version data:"
+      - echo "\nPython Version:"; python3 --version
+      - echo "\nSoftHSM (PKCS11) version:"; softhsm2-util --version
+      - echo "\n"
   build:
     commands:
       - echo Build started on `date`
       - $CODEBUILD_SRC_DIR/codebuild/samples/setup-linux.sh
+      - $CODEBUILD_SRC_DIR/codebuild/samples/connect-linux.sh
+      - $CODEBUILD_SRC_DIR/codebuild/samples/custom-auth-linux.sh
+      - $CODEBUILD_SRC_DIR/codebuild/samples/pkcs11-connect-linux.sh
       - $CODEBUILD_SRC_DIR/codebuild/samples/pubsub-linux.sh
+      - $CODEBUILD_SRC_DIR/codebuild/samples/shadow-linux.sh
   post_build:
     commands:
       - echo Build completed on `date`

codebuild/samples/pkcs11-connect-linux.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -e
+set -o pipefail
+
+pushd $CODEBUILD_SRC_DIR/samples/
+
+ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
+
+# from hereon commands are echoed. don't leak secrets
+set -x
+
+softhsm2-util --version
+
+# SoftHSM2's default tokendir path might be invalid on this machine
+# so set up a conf file that specifies a known good tokendir path
+mkdir -p /tmp/tokens
+export SOFTHSM2_CONF=/tmp/softhsm2.conf
+echo "directories.tokendir = /tmp/tokens" > /tmp/softhsm2.conf
+
+# create token
+softhsm2-util --init-token --free --label my-token --pin 0000 --so-pin 0000
+
+# add private key to token (must be in PKCS#8 format)
+openssl pkcs8 -topk8 -in /tmp/privatekey.pem -out /tmp/privatekey.p8.pem -nocrypt
+softhsm2-util --import /tmp/privatekey.p8.pem --token my-token --label my-key --id BEEFCAFE --pin 0000
+
+# run sample
+python3 pkcs11_connect.py --endpoint $ENDPOINT --cert /tmp/certificate.pem --pkcs11_lib /usr/lib/softhsm/libsofthsm2.so --pin 0000 --token_label my-token --key_label my-key
+
+popd

codebuild/samples/pubsub-linux.sh

@@ -1,12 +1,13 @@
 #!/bin/bash
 
 set -e
+set -o pipefail
 
 env
 
 pushd $CODEBUILD_SRC_DIR/samples/
 
-ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "unit-test/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
+ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
 
 echo "PubSub test"
 python3 pubsub.py --endpoint $ENDPOINT --key /tmp/privatekey.pem --cert /tmp/certificate.pem

codebuild/samples/setup-linux.sh

@@ -1,6 +1,7 @@
 #!/bin/bash
 
 set -e
+set -o pipefail
 
 env
 
@@ -10,5 +11,6 @@ cd $CODEBUILD_SRC_DIR
 ulimit -c unlimited
 python3 -m pip install .
 
-cert=$(aws secretsmanager get-secret-value --secret-id "unit-test/certificate" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem
-key=$(aws secretsmanager get-secret-value --secret-id "unit-test/privatekey" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem
+cert=$(aws secretsmanager get-secret-value --secret-id "ci/CodeBuild/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem
+key=$(aws secretsmanager get-secret-value --secret-id "ci/CodeBuild/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem
+key_p8=$(aws secretsmanager get-secret-value --secret-id "ci/CodeBuild/keyp8" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key_p8" > /tmp/privatekey_p8.pem

codebuild/samples/shadow-linux.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -e
+set -o pipefail
+
+env
+
+pushd $CODEBUILD_SRC_DIR/samples/
+
+ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "ci/endpoint" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
+
+echo "Shadow test"
+python3 shadow.py --endpoint $ENDPOINT --key /tmp/privatekey.pem --cert /tmp/certificate.pem --thing_name CI_CodeBuild_Thing --is_ci true
+
+popd