Aotearoa is a command line tool that allows Application Operations teams generate complex configurations for an application while having little to no knowledge of the application's configuration system beyond the few values they are entrusted to provide (e.g.: production credentials, certificates, private keys, etc...).
AOtearoa starts with template files. A template is a normal text configuration file that contains 'tags' in which values will be inserted.
# Enable JWT verification flag.
enableVerifyJwt: {{jwt-security}}
...
# JWT signature public certificates. kid and certificate path mappings.
jwt:
certificate:
'100': {{oauth-certificate}}
clockSkewInSeconds: 60
...
PostgresDataSource:
DriverClassName: org.postgresql.ds.PGSimpleDataSource
jdbcUrl: jdbc:postgresql://{{database-urls}}/users?ssl=true&sslfactory=com.biz.SSLSocketFactory
...
...
tableauPassword: {{tableau-password}}
...
The tags {{jwt-security}}
, {oauth-certificate}
, {{postgres-servers}}
, and {{tableau-password}}
take their values from a 'values' file:
jwt-security:
- false
database-urls:
- dev-postgres-01.biz.com:9000
- dev-postgres-02.biz.com:9000
oauth-certificate:
- oauth-dev.pem
tableau-password:
- devpassword
jwt-security:
- true
database-urls:
- tss-postgres-01.biz.com:7373
- tss-postgres-02.biz.com:7373
- tss-postgres-03.biz.com:7390
oauth-certificate:
- oauth.pem
tableau-password:
- password
As you can see in the examples above, you can use different value files for different environments.
In addition to templates and values, you must provide a metadata file that describes the values to be injected.
variables:
jwt-security:
min: 1
max: 1
output:
- copy
type: string
prompt-text: Enable (true) or disable (false) JWT verification security
files:
- security
database-urls:
min: 1
max: inf
output:
- comma-separated
type: string
prompt-text: Provide a list of one or more urls for the database
files:
- datasource
oauth-certificate:
min: 1
max: 1
output:
- copy
type: string
prompt-text: Enter the name of the OAuth (Auth Server) certificate
files:
- security
tableau-password:
min: 1
max: 1
output:
- encrypt
type: string
prompt-text: Tableau password (this will be encrypted)
files:
- secret
Note that you specify the template file(s) that each value should be injected into, in the file section of the value's metadata entry. If the file name ends in '.yml', then you may omit the extension (e.g.: a file entry of 'secret' will cause aotearo to scan the file 'secret.yml' in the template folder). However, if you need to inject values into a file that ends in an extension that is different than '.yml', you can put in the full filename (e.g.: you could enter 'logback.xml' if you need to inject values into a template for slf4j).
There are numerous ways in which values can be specified to the template resolver.
Below see our example production value file.
jwt-security:
- true
database-urls:
- tss-postgres-01.biz.com:7373
- tss-postgres-02.biz.com:7373
- tss-postgres-03.biz.com:7390
oauth-certificate:
- oauth.pem
tableau-password:
- password
All values must be entered as elements of a Yaml list (even if there is only a single entry).
The metadata file allows the input to be transformed. In the current version, 3 types of transforms are supported:
copy
comma-separated
encrypt
The copy
transform simply pastes the value in as-is.
The encrypt
transform will encrypt the password using Light4j's default symmetric encryption. E.g.: The tableau password (set as password above) will appear as CRYPT:iR7QkKyNDJ4wTRn9BEXROgm2iAkajmIv2ZR5VOsxMqs=
in secret.yml.
The comma-separated
transform concatenates elements in the list and separates them with commas. E.g.: the list
- value1
- value2
- value3
will be converted to value1,value2,value3
prior to being inserted.
If command line prompts are chosen as the method to input values, then on the command line, the user would see the following:
Type \\q to quit
[Enable (true) or disable (false) JWT verification security]: true
Next entry requires between 1 and inf values. Enter \\n to complete.
[Provide a list of one or more urls for the database]:
[Value 1]: tss-postgres-01.biz.com:7373
[Value 2]: tss-postgres-02.biz.com:7373
[Value 3]: tss-postgres-03.biz.com:7390
[Value 4]: \\n
[Enter the name of the OAuth (Auth Server) certificate]: oauth.pem
[Tableau password (this will be encrypted)]: password
Resolving templates...done.
Not yet implemented.
To run aotearoa, you would run
$ java -jar aotearoa.jar [arguments...]
with the appropriate arguments:
Command | Description |
-h, --help | Display help/usage information |
-m, --metadata | Variable metadata file (required) |
-o, --outputdir | Output directory (required) |
-p, --prompts | Use command line prompts to enter values (optional) |
-s, --server | Config Server URL (optional) |
-t, --templates | Template file folder (required) |
-v, --values | Value file (optional) |
Some examples are below:
$ java -jar aotearoa.jar \
-m ./templates/_metadata.yml \ # metadata file
-t ./templates \ # template files directory
-o ./config-out \ # output folder
-v ./templates/_values.yml # values file
$ java -jar aotearoa.jar \
-m ./templates/_metadata.yml \ # metadata file
-t ./templates \ # template files directory
-o ./config-out \ # output folder
-p # values from prompts