extended auth providers support

Makefile

@@ -50,7 +50,7 @@ log:
 
 # Delete the running container
 clean:
-	@echo "Deleting Docker container..."
+	@echo "Deleting Docker container if exists..."
 	@docker rm -f $(CONTAINER_NAME) || true
 
 # Run the validation tests

lib/auth/aws.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+
+# Example usage of the function
+# aws_authenticate "/path/to/your/aws_creds.json"
+#
+# Example AWS credentials JSON file:
+#
+# {
+#     "AccessKeyId": "your-access-key-id",
+#     "SecretAccessKey": "your-secret-access-key",
+#     "Region": "your-aws-region"
+# }
+
+# Function to authenticate AWS using IAM user credentials
+aws_authenticate() {
+    local creds_json="$1"
+
+    # Read the contents of the file
+    local creds_content
+    creds_content=$(cat "$creds_json")
+
+    if [[ -z "$creds_content" ]]; then
+        echo "[ERROR] No AWS credentials provided." >&2
+        return 1
+    fi
+
+    # Extract necessary fields from the JSON credentials
+    local accessKeyId secretAccessKey region
+
+    accessKeyId=$(echo "$creds_content" | jq -r '.AccessKeyId')
+    secretAccessKey=$(echo "$creds_content" | jq -r '.SecretAccessKey')
+    region=$(echo "$creds_content" | jq -r '.Region')
+
+    if [[ -z "$accessKeyId" || -z "$secretAccessKey" || -z "$region" ]]; then
+        echo "[ERROR] Missing required AWS credentials." >&2
+        return 1
+    fi
+
+    # Set AWS credentials as environment variables
+    export AWS_ACCESS_KEY_ID="$accessKeyId"
+    export AWS_SECRET_ACCESS_KEY="$secretAccessKey"
+    export AWS_DEFAULT_REGION="$region"
+
+    # Test authentication by listing S3 buckets or another simple AWS service operation
+    echo "[INFO] Testing AWS authentication..."
+    if ! aws sts get-caller-identity >/dev/null 2>&1; then
+        echo "[ERROR] AWS authentication failed." >&2
+        return 1
+    fi
+
+    echo "[INFO] AWS authenticated successfully."
+}
+
+# Example usage of the function
+# aws_authenticate "/path/to/your/aws_creds.json"

lib/auth/azure.sh

@@ -1,5 +1,20 @@
 #!/bin/bash
 
+# Function to authenticate Azure accounts
+#
+# Example usage of the function
+# azure_authenticate "/path/to/your/azure_creds.json"
+#
+# Example Azure credentials JSON file:
+#
+# {
+#     "clientId": "your-client-id",
+#     "clientSecret": "your-client-secret",
+#     "subscriptionId": "your-subscription-id",
+#     "tenantId": "your-tenant-id"
+# }
+#
+
 # Function to authenticate Azure accounts
 azure_authenticate() {
     local creds_json="$1"

lib/auth/bitwarden.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+
+# Function to authenticate Bitwarden using API key or master password
+#
+# Example usage of the function
+# bitwarden_authenticate "/path/to/your/bitwarden_creds.json"
+#
+# Example Bitwarden credentials JSON file:
+#
+# {
+#     "clientId": "your-client-id",
+#     "clientSecret": "your-client-secret",
+#     "masterPassword": "your-master-password"
+# }
+#
+
+# Function to authenticate Bitwarden using API key or master password
+bitwarden_authenticate() {
+    local creds_json="$1"
+
+    # Read the contents of the file
+    local creds_content
+    creds_content=$(cat "$creds_json")
+
+    if [[ -z "$creds_content" ]]; then
+        echo "[ERROR] No Bitwarden credentials provided." >&2
+        return 1
+    fi
+
+    # Extract necessary fields from the JSON credentials
+    local clientId clientSecret masterPassword
+
+    clientId=$(echo "$creds_content" | jq -r '.clientId')
+    clientSecret=$(echo "$creds_content" | jq -r '.clientSecret')
+    masterPassword=$(echo "$creds_content" | jq -r '.masterPassword')
+
+    if [[ -z "$clientId" || -z "$clientSecret" || -z "$masterPassword" ]]; then
+        echo "[ERROR] Missing required Bitwarden credentials." >&2
+        return 1
+    fi
+
+    # Log in to Bitwarden CLI using API key
+    echo "[INFO] Authenticating Bitwarden using client ID and secret..."
+    if ! bw login --apikey --client-id "$clientId" --client-secret "$clientSecret" >/dev/null 2>&1; then
+        echo "[ERROR] Bitwarden login failed." >&2
+        return 1
+    fi
+
+    # Unlock the vault using the master password
+    echo "[INFO] Unlocking the Bitwarden vault..."
+    if ! bw unlock "$masterPassword" --raw >/dev/null 2>&1; then
+        echo "[ERROR] Failed to unlock the Bitwarden vault." >&2
+        return 1
+    fi
+
+    echo "[INFO] Bitwarden authenticated and vault unlocked successfully."
+}
+
+# Example usage of the function
+# bitwarden_authenticate "/path/to/your/bitwarden_creds.json"

lib/auth/gcp.sh

@@ -0,0 +1,70 @@
+#!/bin/bash
+
+# Function to authenticate GCP service accounts
+#
+# Example usage of the function
+# gcp_authenticate "/path/to/your/gcp_creds.json"
+#
+# Example GCP credentials JSON file:
+#
+# {
+#     "type": "service_account",
+#     "project_id": "your-project-id",
+#     "private_key_id": "your-private-key-id",
+#     "private_key": "your-private-key",
+#     "client_email": "your-client-email",
+#     "client_id": "your-client-id",
+#     "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+#     "token_uri": "https://oauth2.googleapis.com/token",
+#     "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+#     "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/your-client-email"
+# }
+#
+
+# Function to authenticate GCP service accounts
+gcp_authenticate() {
+    local creds_json="$1"
+
+    # Read the contents of the file
+    local creds_content
+    creds_content=$(cat "$creds_json")
+
+    if [[ -z "$creds_content" ]]; then
+        echo "[ERROR] No GCP credentials provided." >&2
+        return 1
+    fi
+
+    # Extract necessary fields from the JSON credentials
+    local clientEmail privateKey projectId
+
+    clientEmail=$(echo "$creds_content" | jq -r '.client_email')
+    privateKey=$(echo "$creds_content" | jq -r '.private_key')
+    projectId=$(echo "$creds_content" | jq -r '.project_id')
+
+    if [[ -z "$clientEmail" || -z "$privateKey" || -z "$projectId" ]]; then
+        echo "[ERROR] Missing required GCP credentials." >&2
+        return 1
+    fi
+
+    # Create a temporary credentials file for gcloud authentication
+    local temp_creds_file="/tmp/gcp_creds.json"
+    echo "$creds_content" > "$temp_creds_file"
+
+    echo "[INFO] Authenticating GCP service account..."
+    if ! gcloud auth activate-service-account "$clientEmail" --key-file="$temp_creds_file" >/dev/null 2>&1; then
+        echo "[ERROR] GCP service account authentication failed." >&2
+        rm -f "$temp_creds_file"
+        return 1
+    fi
+
+    if ! gcloud config set project "$projectId" >/dev/null 2>&1; then
+        echo "[ERROR] Failed to set GCP project." >&2
+        rm -f "$temp_creds_file"
+        return 1
+    fi
+
+    echo "[INFO] GCP service account authenticated and project set."
+
+    # Clean up temporary credentials file
+    rm -f "$temp_creds_file"
+}

lib/auth/readme.md

@@ -27,12 +27,9 @@ Note the appId, password, and tenant.
 Update your `worker.yml` configuration file to include the Azure Service Principal credentials:
 
 ```yaml
-workerActors:
-  - type: azure-service-principal
-    subscription: "YOUR_SUBSCRIPTION_ID"
-    tenant: "YOUR_TENANT_ID"
-    application: "YOUR_APP_ID"
-    password: "YOUR_CLIENT_SECRET"
+actors:
+  - type: azure
+    creds: "${AZURE_CREDS}"    
 ```
 
 ### AWS IAM Role (TBD)
@@ -43,6 +40,10 @@ Instructions for setting up AWS IAM Role will be provided here.
 
 Instructions for setting up GCP Service Account will be provided here.
 
+### Bitwarden Service Account (TBD)
+
+Instructions for setting up GCP Service Account will be provided here.
+
 ## Best Practices
 
 - **Use least privilege**: Assign the minimum required permissions to service accounts and roles.

lib/environment.sh

@@ -8,21 +8,8 @@ source /usr/local/lib/secrets.sh
 source /usr/local/lib/cleanup.sh
 source /usr/local/lib/worker_config.sh
 
-# Load environment variables from .env file if it exists
-load_env_file() {
-    if [ -f .env ]; then
-        log_info "Loading environment variables from .env file."
-        # Quote the command substitution to prevent word splitting
-        export "$(grep -v '^#' .env | xargs -r)"
-    else
-        log_info "No .env file found. Proceeding with environment variables from the host."
-    fi
-}
-
 # Main function to coordinate environment setup
 configure_environment() {
-    # Load environment variables from .env file if it exists
-    load_env_file
 
     # Load and resolve the worker configuration
     local resolved_config

lib/secrets/readme.md

@@ -25,8 +25,9 @@ az keyvault secret set --vault-name "your-vault-name" --name "your-secret-name"
 Update your worker.yml configuration file to include the Azure Key Vault secrets:
 
 ```yaml
-workerSecrets:
-  MY_SECRET: "https://your-vault-name.vault.azure.net/secrets/your-secret-name"
+secrets:
+  NEW_RELIC_API_KEY: "azure/kv-udx-worker/new-relic-api-key"
+  HEALTHCHECK_IO_API_KEY: "azure/kv-udx-worker/healthcheck-io-api-key"
 ```
 
 ### AWS IAM Role (TBD)
@@ -37,6 +38,10 @@ Instructions for setting up AWS IAM Role will be provided here.
 
 Instructions for setting up GCP Service Account will be provided here.
 
+### Bitwarden Service Account (TBD)
+
+Instructions for setting up GCP Service Account will be provided here.
+
 ## Best Practices
 
 - **Encrypt secrets**: Ensure secrets are encrypted at rest and in transit.

src/configs/readme.md

@@ -21,7 +21,8 @@ config:
   variables:
     DOCKER_IMAGE_NAME: "udx-worker"
   secrets:
-    NEW_RELIC_API_KEY: "azure/kv-udx-worker/udx-worker-secret-one"
+    NEW_RELIC_API_KEY: "azure/kv-udx-worker/new-relic-api-key"
+    HEALTHCHECK_IO_API_KEY: "azure/kv-udx-worker/healthcheck-io-api-key"
   actors:
     - type: azure
       creds: "${AZURE_CREDS}"