Skip to main content

This post is from the XebiaLabs blog and has not been updated since the original publish date.

Last Updated Dec 08, 2014 — DevOps Expert

XL Rules: Custom Integrations With XL Deploy Rules Framework

DevOps

I was working with a customer recently to prove some concepts one of which involved sourcing a password from Cyberark Password Vault. To do this I used rules and performed an action  in the planning stage.

First I added a new property to all containers called CyberarkId using a type modification within the synthetic.xml file  (..../ext/synthetic.xml)
<type-modification type="udm.BaseContainer">
    <property name="cyberarkId" category="Cyber Ark" required="false"/>
</type-modification>
Screen Shot 2014-11-26 at 16.36.53Then I added a rule to invoke our script (..../ext/xl-rules.xml)
    <rule name="CyberArkPasswordRegistration" scope="plan">
        <planning-script-path>cyberark/cyberark-password-rule.py</planning-script-path>
    </rule>
And created a python script that loops through the deltas, looks for containers with an assigned cyberark variable and uses that to look up a password. In our demo case we are simply parsing a key=value text file, but this could easily be a REST call or some other wrapped API call to cyberark.  We might need to add some additional information to connect to cyberark or to retrieve our credentials by specifying more information, but that's just gravy.
def emptyOrNone(s):
    return s is None or len(s.strip()) == 0
def extract_cyberark_aware_containers(deltas):
    containers = {}
    # Get our deployed containers
    for delta in deltas.deltas:
        delta_op = str(delta.operation)
        deployed = delta.previous if delta_op == "DESTROY" else delta.deployed
        container = deployed.container
        if container.hasProperty("cyberarkId") and not emptyOrNone(container.cyberarkId):
            # Ensure we only add our container once
            if container.name in containers.keys():
                continue
            containers[container.name] = container
    return [containers[ke] for ke in containers.keys()]
def update_passwords_from_cyberark(containers, context):
    f = open('/tmp/password.txt')
    id_pwds = f.readlines()
    f.close()
    for container in containers:
        cyber_ark_id = container.cyberarkId
        #call cyber ark
        # In our example password.txt is a simple key=value file.
        for id_pwd in id_pwds:
            id, pwd = id_pwd.split('=')
            if cyber_ark_id == id:
                container.setProperty("password", pwd)
update_passwords_from_cyberark(extract_cyberark_aware_containers(deltas), context)
This is cool and definitely serves to demonstrate the simple flexibility of XL Deploy, but with respect to this particular use case I would add the following cautionary note: It might be fine for demonstrating the concept, but the idea of having every deployment to every container interact with a centralized tool (that may have been designed and optimized for occasional human access) adds quite an overhead to the deployment.  I suspect as this is scaled out to hundreds of servers we would have to think of another approach (perhaps a bulk update of infrastructure CIs periodically for example using the our Command Line Interface). That said, it is however a good start, and with approximately 6 lines of configuration ( 2 if you like xml on a single line ) and a small python script we have made a powerful but manageable change to our deployment. I think the biggest win for me is to have something tangible that shows us extending the product in a straight forward way and of course meeting one of the requirements of our growing user base.  Also in my context its a very quick way to get to talk about the problem of managing information such as credentials.  The issues of making deployments dependent on another single point of failure for example.

How have you extended XL Deploy and how did you find it?

Expect to see more examples of our rules framework in the coming weeks and months. XL Rules!

More from the Blog

View more
Mar 01, 2021

Discover the change management practices that are ripe for optimization

DevOps
Change has become the most important part of modern digital product cr ...
Read More
Feb 22, 2021

Reckoning DevOps’ role in the enterprise value stream

DevOps
If you’re a software or digital solutions company, you may use DevOps ...
Read More
Feb 10, 2021

Customer spotlight: Schneider avoiding bumps in the road with DevOps adoption

DevOps
Everyone wants to deliver software faster and more reliably. Companies ...
Read More
Jan 06, 2021

How testing automation can build a culture of QA while accelerating continuous delivery

DevOps
An organization’s level of automated test coverage is quickly emerging ...
Read More
Contact Us