Input cleanup in deploy-certificate.sh

This brings deploy-certificate.sh up to
parity with the input validation changes
made in deploy-config.sh. Adds some more
input validation for certificate parameters.

Author: kuthiala

action.yml

@@ -27,7 +27,7 @@ inputs:
     required: false
     default: ""
   nginx-certificates:
-    description: 'An array of JSON objects each with keys nginx_cert_name, keyvault_secret, certificate_virtual_path and key_virtual_path. Example: [{"certificateName": "server1", "keyvaultSecret": "https://...", "certificateVirtualPath": "/etc/ssl/certs/server1.crt", "keyVirtualPath": "/etc/ssl/certs/server1.key"  }, {"name": "server2", "keyvaultSecret": "https://...", "certificateVirtualPath": "/etc/ssl/certs/server2.crt", "keyVirtualPath": "/etc/ssl/certs/server2.key"  }] '
+    description: 'An array of JSON objects each with keys nginx_cert_name, keyvault_secret, certificate_virtual_path and key_virtual_path. Example: [{"certificateName": "server1", "keyvaultSecret": "https://...", "certificateVirtualPath": "/etc/nginx/certs/server1.crt", "keyVirtualPath": "/etc/nginx/certs/server1.key"  }, {"name": "server2", "keyvaultSecret": "https://...", "certificateVirtualPath": "/etc/nginx/certs/server2.crt", "keyVirtualPath": "/etc/nginx/certs/server2.key"  }] '
     required: false
   protected-files:
     description: "Comma-separated list of file paths relative to nginx-config-directory-path that should be marked as protected. Example: 'ssl/private.key,conf.d/secrets.conf'"
@@ -41,7 +41,7 @@ runs:
   using: "composite"
   steps:
     - name: "Synchronize NGINX certificate(s) from the Git repository to an NGINXaaS for Azure deployment"
-      run: ${{github.action_path}}/src/deploy-certificate.sh --subscription_id=${{ inputs.subscription-id }} --resource_group_name=${{ inputs.resource-group-name }} --nginx_deployment_name=${{ inputs.nginx-deployment-name }} --certificates=${{ toJSON(inputs.nginx-certificates) }} --debug=${{ inputs.debug }}
+      run: ${{github.action_path}}/src/deploy-certificate.sh --subscription-id=${{ inputs.subscription-id }} --resource-group-name=${{ inputs.resource-group-name }} --nginx-deployment-name=${{ inputs.nginx-deployment-name }} --certificates=${{ toJSON(inputs.nginx-certificates) }} --debug=${{ inputs.debug }}
       if: ${{ inputs.nginx-certificates != '' }}
       shell: bash
     - name: "Synchronize NGINX configuration from the Git repository to an NGINXaaS for Azure deployment"

src/deploy-certificate.sh

@@ -1,19 +1,19 @@
 #!/bin/bash
-set -euo pipefail
+set -eo pipefail
 IFS=$'\n\t'
 
 for i in "$@"
 do
 case $i in
-    --subscription_id=*)
+    --subscription-id=*)
     subscription_id="${i#*=}"
     shift
     ;;
-    --resource_group_name=*)
+    --resource-group-name=*)
     resource_group_name="${i#*=}"
     shift
     ;;
-    --nginx_deployment_name=*)
+    --nginx-deployment-name=*)
     nginx_deployment_name="${i#*=}"
     shift
     ;;
@@ -26,35 +26,47 @@ case $i in
     shift
     ;;
     *)
-    echo "Not matched option '${i#*=}' passed in."
+    echo "Unknown option '${i}' passed in."
     exit 1
     ;;
 esac
 done
 
-if [[ ! -v subscription_id ]];
-then
-    echo "Please set 'subscription-id' ..."
-    exit 1
+# Validate Required Parameters
+missing_params=()
+if [ -z "$subscription_id" ]; then
+    missing_params+=("subscription-id")
 fi
-if [[ ! -v resource_group_name ]];
-then
-    echo "Please set 'resource-group-name' ..."
-    exit 1
+if [ -z "$resource_group_name" ]; then
+    missing_params+=("resource-group-name")
 fi
-if [[ ! -v nginx_deployment_name ]];
-then
-    echo "Please set 'nginx-deployment-name' ..."
-    exit 1
+if [ -z "$nginx_deployment_name" ]; then
+    missing_params+=("nginx-deployment-name")
+fi
+if [ -z "$certificates" ]; then
+    missing_params+=("certificates")
 fi
-if [[ ! -v certificates ]];
-then
-    echo "Please set 'nginx-certificates' ..."
+
+# Check and print if any required params are missing
+if [ ${#missing_params[@]} -gt 0 ]; then
+    echo "Error: Missing required variables in the workflow:"
+    echo "${missing_params[*]}"
     exit 1
 fi
 
+# Synchronize the NGINX certificates to the NGINXaaS for Azure deployment.
+
+echo "Synchronizing NGINX certificates"
+echo "Subscription ID: $subscription_id"
+echo "Resource group name: $resource_group_name"
+echo "NGINXaaS for Azure deployment name: $nginx_deployment_name"
+echo ""
+
 az account set -s "$subscription_id" --verbose
 
+echo "Installing the az nginx extension if not already installed."
+az extension add --name nginx --allow-preview true
+
 count=$(echo "$certificates" | jq '. | length')
 for (( i=0; i<count; i++ ));
 do
@@ -63,67 +75,52 @@ do
     nginx_key_file=$(echo "$certificates" | jq -r '.['"$i"'].keyVirtualPath')
     keyvault_secret=$(echo "$certificates" | jq -r '.['"$i"'].keyvaultSecret')
 
-    do_nginx_arm_deployment=1
-    err_msg=" "
-    if [ -z "$nginx_cert_name" ] || [ "$nginx_cert_name" = "null" ]
-    then
-        err_msg+="nginx_cert_name is empty;"
-        do_nginx_arm_deployment=0
+    # Validate certificate parameters
+    missing_cert_params=()
+    if [ -z "$nginx_cert_name" ] || [ "$nginx_cert_name" = "null" ]; then
+        missing_cert_params+=("certificateName")
     fi
-    if [ -z "$nginx_cert_file" ] || [ "$nginx_cert_file" = "null" ]
-    then
-        err_msg+="nginx_cert_file is empty;"
-        do_nginx_arm_deployment=0
+    if [ -z "$nginx_cert_file" ] || [ "$nginx_cert_file" = "null" ]; then
+        missing_cert_params+=("certificateVirtualPath")
     fi
-    if [ -z "$nginx_key_file" ] || [ "$nginx_key_file" = "null" ]
-    then
-        err_msg+="nginx_key_file is empty;"
-        do_nginx_arm_deployment=0
+    if [ -z "$nginx_key_file" ] || [ "$nginx_key_file" = "null" ]; then
+        missing_cert_params+=("keyVirtualPath")
     fi
-    if [ -z "$keyvault_secret" ] || [ "$keyvault_secret" = "null" ]
-    then
-        err_msg+="keyvault_secret is empty;"
-        do_nginx_arm_deployment=0
+    if [ -z "$keyvault_secret" ] || [ "$keyvault_secret" = "null" ]; then
+        missing_cert_params+=("keyvaultSecret")
     fi
 
-    echo "Synchronizing NGINX certificate"
-    echo "Subscription ID: $subscription_id"
-    echo "Resource group name: $resource_group_name"
-    echo "NGINXaaS for Azure deployment name: $nginx_deployment_name"
-    echo ""
-    echo "NGINXaaS for Azure cert name: $nginx_cert_name"
-    echo "NGINXaaS for Azure cert file location: $nginx_cert_file"
-    echo "NGINXaaS for Azure key file location: $nginx_key_file"
+    if [ ${#missing_cert_params[@]} -gt 0 ]; then
+        echo "Skipping certificate $i deployment due to missing parameters:"
+        echo "${missing_cert_params[*]}"
+        echo ""
+        continue
+    fi
+
+    echo "Processing certificate: $nginx_cert_name"
+    echo "Certificate file location: $nginx_cert_file"
+    echo "Key file location: $nginx_key_file"
     echo ""
 
-    echo "Installing the az nginx extension if not already installed."
-    az extension add --name nginx --allow-preview true
+    az_cmd=(
+        "az"
+        "nginx"
+        "deployment"
+        "certificate"
+        "create"
+        "--resource-group" "$resource_group_name"
+        "--certificate-name" "$nginx_cert_name"
+        "--deployment-name" "$nginx_deployment_name"
+        "--certificate-path" "$nginx_cert_file"
+        "--key-path" "$nginx_key_file"
+        "--key-vault-secret-id" "$keyvault_secret"
+        "--verbose"
+    )
 
-    if [ $do_nginx_arm_deployment -eq 1 ]
-    then
-        az_cmd=(
-            "az"
-            "nginx"
-            "deployment"
-            "certificate"
-            "create"
-            "--resource-group" "$resource_group_name"
-            "--certificate-name" "$nginx_cert_name"
-            "--deployment-name" "$nginx_deployment_name"
-            "--certificate-path" "$nginx_cert_file"
-            "--key-path" "$nginx_key_file"
-            "--key-vault-secret-id" "$keyvault_secret"
-            "--verbose"
-        )
-        if [[ "$debug" == true ]]; then
-            az_cmd+=("--debug")
-            echo "${az_cmd[@]}"
-        fi
-        set +e
-        "${az_cmd[@]}"
-        set -e
-    else
-        echo "Skipping JSON object $i cert deployment with error:$err_msg"
-        echo ""
+    if [[ "$debug" == true ]]; then
+        az_cmd+=("--debug")
+        echo "${az_cmd[@]}"
     fi
+
+    "${az_cmd[@]}"
 done