install CA cert to lambda image

Author: terrywbrady

.gitignore

@@ -16,3 +16,4 @@ mysql-deps/mysql-dependencies.zip
 ~$MerrittAdminTool.pptx
 vendor/
 consistency-driver/out.txt
+UC3-Self-Signed-CA.crt

buildspec.yml

@@ -45,11 +45,14 @@ phases:
         -t ${ECR_REGISTRY}/uc3-mrt-admin-lambda:${DOCKTAG} src-admintool
     # use tag or branch for the deployed image
     - |
+      CA_CERT_NAME=UC3-Self-Signed-CA.crt
+      aws ssm get-parameter --name /uc3/default/uc3_ca/$CA_CERT_NAME --output text --query 'Parameter.Value' > src-colladmin/$CA_CERT_NAME
       docker build --quiet --push \
         --build-arg ECR_REGISTRY=${ECR_REGISTRY} \
         --build-arg COMMITDATE="${COMMITDATE}" \
         --build-arg DOCKTAG="${DOCKTAG}" \
         -t ${ECR_REGISTRY}/uc3-mrt-colladmin-lambda:${DOCKTAG} src-colladmin
+      rm src-colladmin/$CA_CERT_NAME
 
     # report results
     - mkdir -p reports

colladmin-lambda-deploy.sh

@@ -52,6 +52,9 @@ COMMITDATE=`date "+local: %Y-%m-%dT%H:%M:%S%z"`
 COMMITDATE=devserver
 DOCKTAG="local: ${DEPLOY_ENV}"
 
+CA_CERT_NAME=UC3-Self-Signed-CA.crt
+aws ssm get-parameter --name /uc3/default/uc3_ca/$CA_CERT_NAME --output text --query 'Parameter.Value' > src-colladmin/$CA_CERT_NAME
+
 # build the admin tool
 docker build \
   --build-arg ECR_REGISTRY=${ECR_REGISTRY} \
@@ -60,6 +63,8 @@ docker build \
   -t ${ECR_IMAGE_TAG} src-colladmin \
   || die "Image build failure ${ECR_REGISTRY}/${ECR_IMAGE_TAG}"
 
+rm src-colladmin/$CA_CERT_NAME
+
 # aws ecr create-repository --repository-name ${FUNCTNAME}
 docker push ${ECR_IMAGE_TAG} || die "Image push failure"
 

src-colladmin/Dockerfile

@@ -12,6 +12,9 @@ FROM ${ECR_REGISTRY}/uc3-mrt-admin-common
 ARG COMMITDATE=''
 ARG DOCKTAG=''
 
+COPY UC3-Self-Signed-CA.crt /etc/pki/ca-trust/source/anchors/UC3-Self-Signed-CA.crt
+RUN /usr/bin/update-ca-trust extract
+
 RUN dnf -y update && \
     dnf -y install gcc-c++ make tar patch && \
     dnf clean all