PR comment fixes

bin/test-workflow/0_prep_env.sh

@@ -7,7 +7,8 @@ export CONJUR_OSS_HELM_INSTALLED="${CONJUR_OSS_HELM_INSTALLED:-true}"
 export UNIQUE_TEST_ID="$(uuidgen | tr "[:upper:]" "[:lower:]" | head -c 10)"
 
 # PLATFORM is used to differentiate between general Kubernetes platforms (K8s vs. oc), while
-# CLUSTER_TYPE is used to differentiate between sub-platforms (for vanilla K8s, KinD vs. GKE)
+# CONJUR_PLATFORM is used to differentiate between sub-platforms (for vanilla K8s, KinD vs. GKE) for the Conjur deployment
+# APP_PLATFORM serves the same purpose as CONJUR_PLATFORM, but for the test app deployment
 if [[ "$CONJUR_OSS_HELM_INSTALLED" == "true" ]]; then
   CONJUR_PLATFORM="${CONJUR_PLATFORM:-kind}"
 else
@@ -22,6 +23,13 @@ else
 fi
 export PLATFORM
 
+if [[ "$CONJUR_PLATFORM" != "jenkins" ]]; then
+  APP_PLATFORM="$CONJUR_PLATFORM"
+else
+  APP_PLATFORM="gke"
+fi
+export APP_PLATFORM
+
 ### DOCKER CONFIG
 export USE_DOCKER_LOCAL_REGISTRY="${USE_DOCKER_LOCAL_REGISTRY:-true}"
 export DOCKER_REGISTRY_URL="${DOCKER_REGISTRY_URL:-localhost:5000}"
@@ -39,45 +47,50 @@ export TEST_APP_NAMESPACE_NAME="${TEST_APP_NAMESPACE_NAME:-app-test}"
 export TEST_APP_DATABASE="${TEST_APP_DATABASE:-postgres}"
 
 if [[ "$CONJUR_OSS_HELM_INSTALLED" == "true" ]]; then
-    conjur_service="conjur-oss"
-    export CONJUR_NAMESPACE_NAME="${CONJUR_NAMESPACE_NAME:-$conjur_service}"
+  conjur_service="conjur-oss"
+  export CONJUR_NAMESPACE_NAME="${CONJUR_NAMESPACE_NAME:-$conjur_service}"
 else
+  export TEST_APP_NAMESPACE_NAME="$TEST_APP_NAMESPACE_NAME-$UNIQUE_TEST_ID"
+  export CONJUR_APPLIANCE_IMAGE="${CONJUR_APPLIANCE_IMAGE:-registry2.itci.conjur.net/conjur-appliance:5.0-stable}"
+  export CONJUR_ADMIN_PASSWORD="MySecretP@ss1"
+
+  if [[ "$CONJUR_PLATFORM" == "gke" ]]; then
     conjur_service="conjur-master"
-    export CONJUR_NAMESPACE_NAME="${CONJUR_NAMESPACE_NAME:-$conjur_service-${UNIQUE_TEST_ID}}"
-    export TEST_APP_NAMESPACE_NAME="$TEST_APP_NAMESPACE_NAME-$UNIQUE_TEST_ID"
-    export CONJUR_APPLIANCE_IMAGE="registry2.itci.conjur.net/conjur-appliance:5.0-stable"
-    export CONJUR_ADMIN_PASSWORD="MySecretP@ss1"
+  else
+    conjur_service="conjur-authentication"
+  fi
+  export CONJUR_NAMESPACE_NAME="${CONJUR_NAMESPACE_NAME:-$conjur_service-${UNIQUE_TEST_ID}}"
 fi
 
 export CONJUR_APPLIANCE_URL=${CONJUR_APPLIANCE_URL:-https://$conjur_service.$CONJUR_NAMESPACE_NAME.svc.cluster.local}
 export SAMPLE_APP_BACKEND_DB_PASSWORD="$(openssl rand -hex 12)"
 
 ### PLATFORM SPECIFIC CONFIG
 if [[ "$CONJUR_PLATFORM" == "gke" ]]; then
-    export CONJUR_FOLLOWER_URL="https://conjur-follower.$CONJUR_NAMESPACE_NAME.svc.cluster.local"
-    export CONJUR_FOLLOWER_COUNT=1
-    export CONJUR_AUTHN_LOGIN="host/conjur/authn-k8s/${AUTHENTICATOR_ID}/apps/$CONJUR_NAMESPACE_NAME/service_account/conjur-cluster"
-    export STOP_RUNNING_ENV=true
-    export DEPLOY_MASTER_CLUSTER=true
-    export CONFIGURE_CONJUR_MASTER=true
+  export CONJUR_FOLLOWER_URL="https://conjur-follower.$CONJUR_NAMESPACE_NAME.svc.cluster.local"
+  export CONJUR_FOLLOWER_COUNT=1
+  export CONJUR_AUTHN_LOGIN="host/conjur/authn-k8s/${AUTHENTICATOR_ID}/apps/$CONJUR_NAMESPACE_NAME/service_account/conjur-cluster"
+  export STOP_RUNNING_ENV=true
+  export DEPLOY_MASTER_CLUSTER=true
+  export CONFIGURE_CONJUR_MASTER=true
 elif [[ "$CONJUR_PLATFORM" == "jenkins" ]]; then
-    export HOST_IP="${HOST_IP:-$(curl http://169.254.169.254/latest/meta-data/public-ipv4)}"
-    export CONJUR_MASTER_PORT="${CONJUR_MASTER_PORT:-40001}"
-    export CONJUR_FOLLOWER_PORT="${CONJUR_FOLLOWER_PORT:-40002}"
-    export CONJUR_APPLIANCE_URL="https://${HOST_IP}:${CONJUR_MASTER_PORT}"
-    export CONJUR_FOLLOWER_URL="https://${HOST_IP}:${CONJUR_FOLLOWER_PORT}"
-    export CONJUR_ACCOUNT="demo"
+  export HOST_IP="${HOST_IP:-$(curl http://169.254.169.254/latest/meta-data/public-ipv4)}"
+  export CONJUR_MASTER_PORT="${CONJUR_MASTER_PORT:-40001}"
+  export CONJUR_FOLLOWER_PORT="${CONJUR_FOLLOWER_PORT:-40002}"
+  export CONJUR_APPLIANCE_URL="https://${HOST_IP}:${CONJUR_MASTER_PORT}"
+  export CONJUR_FOLLOWER_URL="https://${HOST_IP}:${CONJUR_FOLLOWER_PORT}"
+  export CONJUR_ACCOUNT="demo"
 
-    docker build --tag "custom-certs" \
-      --file Dockerfile.jq \
-      .
+  docker build --tag "custom-certs" \
+    --file Dockerfile.jq \
+    .
 fi
 
 if [[ "$CONJUR_PLATFORM" == "gke" || "$APP_PLATFORM" == "gke" ]]; then
-    export PLATFORM_CONTAINER="platform-container"
+  export PLATFORM_CONTAINER="platform-container"
 
-    docker build --tag "$PLATFORM_CONTAINER:$CONJUR_NAMESPACE_NAME" \
-        --file Dockerfile \
-        --build-arg KUBECTL_VERSION="$KUBECTL_VERSION" \
-        .
+  docker build --tag "$PLATFORM_CONTAINER:$CONJUR_NAMESPACE_NAME" \
+      --file Dockerfile \
+      --build-arg KUBECTL_VERSION="$KUBECTL_VERSION" \
+      .
 fi

bin/test-workflow/1_deploy_conjur.sh

@@ -8,6 +8,8 @@ source utils.sh
 function setup_conjur_enterprise {
   docker pull "$CONJUR_APPLIANCE_IMAGE"
 
+  announce "Deploying Conjur Enterprise"
+
   # deploy Conjur to GKE cluster
   if [[ "${CONJUR_PLATFORM}" == "gke" ]]; then
     check_env_var GCLOUD_PROJECT_NAME
@@ -19,21 +21,21 @@ function setup_conjur_enterprise {
       git clone --single-branch --branch master [email protected]:cyberark/kubernetes-conjur-deploy "kubernetes-conjur-deploy-$UNIQUE_TEST_ID"
     popd > /dev/null
 
-    announce "Deploying Conjur Enterprise"
     run_command_with_platform "cd temp/kubernetes-conjur-deploy-$UNIQUE_TEST_ID && ./start"
 
   # deploy Conjur locally
   elif [[ "${CONJUR_PLATFORM}" == "jenkins" ]]; then
     check_env_var HOST_IP
 
     pushd temp > /dev/null
+      # TODO - once these changes are merged, this branch has to be updated to main
       git clone --single-branch --branch custom-port-follower [email protected]:conjurdemos/conjur-intro.git "conjur-intro-$UNIQUE_TEST_ID"
 
       pushd "conjur-intro-$UNIQUE_TEST_ID" > /dev/null
 
         # add public IP address to custom certificate config as SAN
         docker run --rm \
-          -v ${PWD}:/src \
+          -v "${PWD}":/src \
           -w /src/artifacts/certificate-generator/configuration \
           "custom-certs" \
           ash -c "
@@ -42,9 +44,9 @@ function setup_conjur_enterprise {
           "
 
         echo """
-CONJUR_MASTER_PORT=${CONJUR_MASTER_PORT}
-CONJUR_FOLLOWER_PORT=${CONJUR_FOLLOWER_PORT}
-CONJUR_AUTHENTICATORS=authn-k8s/${AUTHENTICATOR_ID},authn
+CONJUR_MASTER_PORT=\"${CONJUR_MASTER_PORT}\"
+CONJUR_FOLLOWER_PORT=\"${CONJUR_FOLLOWER_PORT}\"
+CONJUR_AUTHENTICATORS=authn-k8s/\"${AUTHENTICATOR_ID}\",authn
         """ > .env
         ./bin/dap --provision-master
         ./bin/dap --import-custom-certificates

bin/test-workflow/2_admin_load_conjur_policies.sh

@@ -97,7 +97,7 @@ pushd policy > /dev/null
 popd > /dev/null
 
 if [[ "$CONJUR_PLATFORM" == "jenkins" ]]; then
-  docker-compose -f temp/conjur-intro-$UNIQUE_TEST_ID/docker-compose.yml \
+  docker-compose -f "temp/conjur-intro-$UNIQUE_TEST_ID/docker-compose.yml" \
     run --rm \
     -v "${PWD}/policy":/policy \
     -w /src/cli \

bin/test-workflow/4_admin_cluster_prep.sh

@@ -25,22 +25,19 @@ pushd ../../helm/conjur-config-cluster-prep > /dev/null
     conjur_url="$CONJUR_APPLIANCE_URL"
     get_cert_options="-v -i -s -u"
     service_account_options=""
-    target_namespace="$CONJUR_NAMESPACE_NAME"
   else
     conjur_url="$CONJUR_FOLLOWER_URL"
     if [[ "$CONJUR_PLATFORM" == "gke" ]]; then
       get_cert_options="-v -i -s -u"
       service_account_options="--set authnK8s.serviceAccount.create=false --set authnK8s.serviceAccount.name=conjur-cluster"
-      target_namespace="$CONJUR_NAMESPACE_NAME"
     elif [[ "$CONJUR_PLATFORM" == "jenkins" ]]; then
       get_cert_options="-v -s -u"
       service_account_options=""
-      target_namespace="$TEST_APP_NAMESPACE_NAME"
     fi
   fi
 
   ./bin/get-conjur-cert.sh $get_cert_options "$conjur_url"
-  helm upgrade --install "cluster-prep-$UNIQUE_TEST_ID" . -n "$target_namespace" --debug --wait --timeout "$TIMEOUT" \
+  helm upgrade --install "cluster-prep-$UNIQUE_TEST_ID" . -n "$CONJUR_NAMESPACE_NAME" --debug --wait --timeout "$TIMEOUT" \
       --create-namespace \
       --set conjur.account="$CONJUR_ACCOUNT" \
       --set conjur.applianceUrl="$conjur_url" \

bin/test-workflow/5_app_namespace_prep.sh

@@ -15,17 +15,10 @@ set_namespace default
 # Prepare a given namespace with a subset of credentials from the golden configmap
 announce "Installing namespace prep chart"
 pushd ../../helm/conjur-config-namespace-prep > /dev/null
-
-    if [[ "$CONJUR_PLATFORM" == "jenkins" ]]; then
-        authnK8s_namespace="$TEST_APP_NAMESPACE_NAME"
-    else
-        authnK8s_namespace="$CONJUR_NAMESPACE_NAME"
-    fi
-
     # Namespace $TEST_APP_NAMESPACE_NAME will be created if it does not exist
     helm upgrade --install "namespace-prep-$UNIQUE_TEST_ID" . -n "$TEST_APP_NAMESPACE_NAME" --debug --wait --timeout "$TIMEOUT" \
         --create-namespace \
         --set authnK8s.goldenConfigMap="conjur-configmap" \
-        --set authnK8s.namespace="$authnK8s_namespace"
+        --set authnK8s.namespace="$CONJUR_NAMESPACE_NAME"
 
 popd > /dev/null

bin/test-workflow/cleanup_helm.sh

@@ -1,11 +1,5 @@
 #!/usr/bin/env bash
 
-if [[ "$CONJUR_PLATFORM" == "jenkins" ]]; then
-  cluster_prep_namespace="$TEST_APP_NAMESPACE_NAME"
-elif [[ "$CONJUR_PLATFORM" == "gke" ]]; then
-  cluster_prep_namespace="$CONJUR_NAMESPACE_NAME"
-fi
-
-helm uninstall "cluster-prep-$UNIQUE_TEST_ID" -n "$cluster_prep_namespace"
+helm uninstall "cluster-prep-$UNIQUE_TEST_ID" -n "$CONJUR_NAMESPACE_NAME"
 helm uninstall "namespace-prep-$UNIQUE_TEST_ID" -n "$TEST_APP_NAMESPACE_NAME"
 helm uninstall app-backend-pg -n "$TEST_APP_NAMESPACE_NAME"

bin/test-workflow/conjur_outside_k8s_vars.sh

@@ -14,14 +14,14 @@ source ./utils.sh
 announce "Loading policy values for Conjur-outside-K8s connection."
 
 run_command_with_platform "$cli config view --minify -o json | jq -r '.clusters[0].cluster.server' > kubernetes/api-url"
-run_command_with_platform "$cli get secrets -n \"\$TEST_APP_NAMESPACE_NAME\" | grep 'conjur.*service-account-token' | head -n1 | awk '{print \$1}' > kubernetes/token-name"
-run_command_with_platform "$cli get secret -n \"\$TEST_APP_NAMESPACE_NAME\" $(cat kubernetes/token-name) -o json | jq -r .data.token | base64 --decode > kubernetes/service-account-token"
+run_command_with_platform "$cli get secrets -n \"\$CONJUR_NAMESPACE_NAME\" | grep 'conjur.*service-account-token' | head -n1 | awk '{print \$1}' > kubernetes/token-name"
+run_command_with_platform "$cli get secret -n \"\$CONJUR_NAMESPACE_NAME\" $(cat kubernetes/token-name) -o json | jq -r .data.token | base64 --decode > kubernetes/service-account-token"
 
 host="$(cat kubernetes/api-url | sed 's/https:\/\///')"
 echo -n \
   | openssl s_client -connect "$host:443" -servername "$host" -showcerts 2>/dev/null \
   | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > kubernetes/api-ca.pem
-run_command_with_platform "$cli get secret -n \"\$TEST_APP_NAMESPACE_NAME\" $(cat kubernetes/token-name) -o json | jq -r '.data[\"ca.crt\"]' | base64 --decode >> kubernetes/api-ca.pem"
+run_command_with_platform "$cli get secret -n \"\$CONJUR_NAMESPACE_NAME\" $(cat kubernetes/token-name) -o json | jq -r '.data[\"ca.crt\"]' | base64 --decode >> kubernetes/api-ca.pem"
 
 # conjur variable values add conjur/authn-k8s/<authenticator>/kubernetes/<var> "<value>"
 docker-compose -f "temp/conjur-intro-$UNIQUE_TEST_ID/docker-compose.yml" \