From 741a03639d978a7f0c205edfd90ed258c64117ac Mon Sep 17 00:00:00 2001
From: Naomi Haser <naomi.haser@cyberark.com>
Date: Fri, 6 Aug 2021 11:03:09 -0400
Subject: [PATCH 1/5] Modifying and renaming files and env variables

---
 bin/test-workflow/0_prep_env.sh               |  2 +
 .../6_app_build_and_push_containers.sh        | 59 -------------------
 ...loy_backend.sh => 6_app_deploy_backend.sh} |  0
 .../{8_app_deploy.sh => 7_app_deploy.sh}      |  4 +-
 ...tion.sh => 8_app_verify_authentication.sh} |  0
 5 files changed, 4 insertions(+), 61 deletions(-)
 delete mode 100755 bin/test-workflow/6_app_build_and_push_containers.sh
 rename bin/test-workflow/{7_app_deploy_backend.sh => 6_app_deploy_backend.sh} (100%)
 rename bin/test-workflow/{8_app_deploy.sh => 7_app_deploy.sh} (91%)
 rename bin/test-workflow/{9_app_verify_authentication.sh => 8_app_verify_authentication.sh} (100%)

diff --git a/bin/test-workflow/0_prep_env.sh b/bin/test-workflow/0_prep_env.sh
index 0bc75073..c491fb85 100755
--- a/bin/test-workflow/0_prep_env.sh
+++ b/bin/test-workflow/0_prep_env.sh
@@ -45,6 +45,8 @@ export CONJUR_AUTHN_LOGIN_PREFIX="${CONJUR_AUTHN_LOGIN_PREFIX:-host/conjur/authn
 export CONJUR_VERSION="${CONJUR_VERSION:-5}"
 export TEST_APP_NAMESPACE_NAME="${TEST_APP_NAMESPACE_NAME:-app-test}"
 export TEST_APP_DATABASE="${TEST_APP_DATABASE:-postgres}"
+export TEST_APP_REPO="${TEST_APP_REPO:-app-test}"
+export TEST_APP_TAG="${TEST_APP_TAG:-latest}"
 
 if [[ "$CONJUR_OSS_HELM_INSTALLED" == "true" ]]; then
   conjur_service="conjur-oss"
diff --git a/bin/test-workflow/6_app_build_and_push_containers.sh b/bin/test-workflow/6_app_build_and_push_containers.sh
deleted file mode 100755
index 0dfbaf3d..00000000
--- a/bin/test-workflow/6_app_build_and_push_containers.sh
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-cd "$(dirname "$0")" || ( echo "cannot cd into dir" && exit 1 )
-
-PLATFORM="${PLATFORM:-kubernetes}"
-USE_DOCKER_LOCAL_REGISTRY="${USE_DOCKER_LOCAL_REGISTRY:-true}"
-DOCKER_REGISTRY_URL="${DOCKER_REGISTRY_URL:-localhost:5000}"
-PULL_DOCKER_REGISTRY_URL="${PULL_DOCKER_REGISTRY_URL:-localhost:5000}"
-CONJUR_OSS_HELM_INSTALLED="${CONJUR_OSS_HELM_INSTALLED:-true}"
-
-source utils.sh
-
-if [[ "$PLATFORM" == "openshift" ]]; then
-    docker login -u _ -p $(oc whoami -t) "$DOCKER_REGISTRY_PATH"
-fi
-
-announce "Building and pushing test app images."
-
-readonly APPS=(
-  "init"
-  "sidecar"
-)
-
-pushd test_app_summon
-  if [[ "$PLATFORM" == "openshift" ]]; then
-    echo "Building Summon binaries to include in app image"
-    docker build -t test-app-builder -f Dockerfile.builder .
-
-    # retrieve the summon binaries
-    id="$(docker create test-app-builder)"
-    docker cp "$id":/usr/local/lib/summon/summon-conjur ./tmp.summon-conjur
-    docker cp "$id":/usr/local/bin/summon ./tmp.summon
-    docker rm --volumes "$id"
-  fi
-
-
-  for app_type in "${APPS[@]}"; do
-    # prep secrets.yml
-    # NOTE: generated files are prefixed with the test app namespace to allow for parallel CI
-    sed "s#{{ TEST_APP_NAME }}#test-summon-$app_type-app#g" ./secrets.template.yml > "tmp.$TEST_APP_NAMESPACE_NAME.secrets.yml"
-
-    dockerfile="Dockerfile"
-    if [[ "$PLATFORM" == "openshift" ]]; then
-      dockerfile="Dockerfile.oc"
-    fi
-
-    echo "Building test app image"
-    docker build \
-      --build-arg namespace="$TEST_APP_NAMESPACE_NAME" \
-      --tag test-app:"$CONJUR_NAMESPACE_NAME" \
-      --file "$dockerfile" .
-
-    test_app_image=$(platform_image_for_push "test-$app_type-app")
-    docker tag "test-app:$CONJUR_NAMESPACE_NAME" "$test_app_image"
-
-    docker push "$test_app_image"
-  done
-popd
diff --git a/bin/test-workflow/7_app_deploy_backend.sh b/bin/test-workflow/6_app_deploy_backend.sh
similarity index 100%
rename from bin/test-workflow/7_app_deploy_backend.sh
rename to bin/test-workflow/6_app_deploy_backend.sh
diff --git a/bin/test-workflow/8_app_deploy.sh b/bin/test-workflow/7_app_deploy.sh
similarity index 91%
rename from bin/test-workflow/8_app_deploy.sh
rename to bin/test-workflow/7_app_deploy.sh
index ae7364db..4963da00 100755
--- a/bin/test-workflow/8_app_deploy.sh
+++ b/bin/test-workflow/7_app_deploy.sh
@@ -24,8 +24,8 @@ pushd ../../helm/conjur-app-deploy > /dev/null
       --set global.conjur.conjurConnConfigMap="conjur-connect" \
       --set app-summon-sidecar.enabled=true \
       --set app-summon-sidecar.conjur.authnLogin="$CONJUR_AUTHN_LOGIN_PREFIX/test-app-summon-sidecar" \
-      --set app-summon-sidecar.app.image.tag="$CONJUR_NAMESPACE_NAME" \
-      --set app-summon-sidecar.app.image.repository="$DOCKER_REGISTRY_PATH/test-sidecar-app"
+      --set app-summon-sidecar.app.image.tag="$TEST_APP_TAG" \
+      --set app-summon-sidecar.app.image.repository="$DOCKER_REGISTRY_PATH/$TEST_APP_REPO
 
 popd > /dev/null
 
diff --git a/bin/test-workflow/9_app_verify_authentication.sh b/bin/test-workflow/8_app_verify_authentication.sh
similarity index 100%
rename from bin/test-workflow/9_app_verify_authentication.sh
rename to bin/test-workflow/8_app_verify_authentication.sh

From c0a1a0553a2156c1ff5a958b215d29a9b475852f Mon Sep 17 00:00:00 2001
From: Naomi Haser <naomi.haser@cyberark.com>
Date: Tue, 10 Aug 2021 13:34:00 -0400
Subject: [PATCH 2/5] Workflow edits

---
 bin/test-workflow/0_prep_env.sh                 |  2 +-
 bin/test-workflow/7_app_deploy.sh               |  2 +-
 .../8_app_verify_authentication.sh              | 17 ++++++++++-------
 bin/test-workflow/start                         |  7 +++----
 .../templates/secrets-configmap.yml             | 14 ++++++++++++++
 .../templates/test-app-summon-sidecar.yaml      | 10 ++++++++++
 6 files changed, 39 insertions(+), 13 deletions(-)
 create mode 100644 helm/conjur-app-deploy/charts/app-summon-sidecar/templates/secrets-configmap.yml

diff --git a/bin/test-workflow/0_prep_env.sh b/bin/test-workflow/0_prep_env.sh
index c491fb85..ab89dc31 100755
--- a/bin/test-workflow/0_prep_env.sh
+++ b/bin/test-workflow/0_prep_env.sh
@@ -45,7 +45,7 @@ export CONJUR_AUTHN_LOGIN_PREFIX="${CONJUR_AUTHN_LOGIN_PREFIX:-host/conjur/authn
 export CONJUR_VERSION="${CONJUR_VERSION:-5}"
 export TEST_APP_NAMESPACE_NAME="${TEST_APP_NAMESPACE_NAME:-app-test}"
 export TEST_APP_DATABASE="${TEST_APP_DATABASE:-postgres}"
-export TEST_APP_REPO="${TEST_APP_REPO:-app-test}"
+export TEST_APP_REPO="${TEST_APP_REPO:-cyberark/demo-app}"
 export TEST_APP_TAG="${TEST_APP_TAG:-latest}"
 
 if [[ "$CONJUR_OSS_HELM_INSTALLED" == "true" ]]; then
diff --git a/bin/test-workflow/7_app_deploy.sh b/bin/test-workflow/7_app_deploy.sh
index 4963da00..9ba5766f 100755
--- a/bin/test-workflow/7_app_deploy.sh
+++ b/bin/test-workflow/7_app_deploy.sh
@@ -25,7 +25,7 @@ pushd ../../helm/conjur-app-deploy > /dev/null
       --set app-summon-sidecar.enabled=true \
       --set app-summon-sidecar.conjur.authnLogin="$CONJUR_AUTHN_LOGIN_PREFIX/test-app-summon-sidecar" \
       --set app-summon-sidecar.app.image.tag="$TEST_APP_TAG" \
-      --set app-summon-sidecar.app.image.repository="$DOCKER_REGISTRY_PATH/$TEST_APP_REPO
+      --set app-summon-sidecar.app.image.repository="$TEST_APP_REPO"
 
 popd > /dev/null
 
diff --git a/bin/test-workflow/8_app_verify_authentication.sh b/bin/test-workflow/8_app_verify_authentication.sh
index a44b55db..8e9039d8 100755
--- a/bin/test-workflow/8_app_verify_authentication.sh
+++ b/bin/test-workflow/8_app_verify_authentication.sh
@@ -18,11 +18,9 @@ RETRIES=150
 # Seconds
 RETRY_WAIT=2
 
-# Dump some kubernetes resources and Conjur authentication policy if this
-# script exits prematurely
-DETAILED_DUMP_ON_EXIT=true
-
 function finish {
+  exit_code=$?
+
   readonly PIDS=(
     "SIDECAR_PORT_FORWARD_PID"
     "INIT_PORT_FORWARD_PID"
@@ -30,7 +28,8 @@ function finish {
     "SECRETLESS_PORT_FORWARD_PID"
   )
 
-  if [[ "$DETAILED_DUMP_ON_EXIT" == "true" ]]; then
+  # Upon error, dump some kubernetes resources and Conjur authentication policy
+  if [ $exit_code -ne 0 ]; then
     dump_kubernetes_resources
     dump_authentication_policy
   fi
@@ -44,6 +43,12 @@ function finish {
       kill "${!pid}" > /dev/null 2>&1
     fi
   done
+
+if [ $exit_code -eq 0 ]; then
+    announce "Test PASSED!!!!"
+  else
+    announce "Test FAILED!!!!"
+  fi
 }
 trap finish EXIT
 
@@ -149,5 +154,3 @@ $curl_cmd "$sidecar_url"/pets
 
 # echo -e "\n\nQuerying secretless app\n"
 # $curl_cmd "$secretless_url"/pets
-
-DETAILED_DUMP_ON_EXIT=false
diff --git a/bin/test-workflow/start b/bin/test-workflow/start
index 95b07040..26d4d870 100755
--- a/bin/test-workflow/start
+++ b/bin/test-workflow/start
@@ -97,10 +97,9 @@ conjur_prep="
 cluster_prep="./4_admin_cluster_prep.sh"
 test_app_workflow="
 ./5_app_namespace_prep.sh &&
-./6_app_build_and_push_containers.sh &&
-./7_app_deploy_backend.sh &&
-./8_app_deploy.sh &&
-./9_app_verify_authentication.sh"
+./6_app_deploy_backend.sh &&
+./7_app_deploy.sh &&
+./8_app_verify_authentication.sh"
 
 if [[ "$CONJUR_OSS_HELM_INSTALLED" == "true" ]]; then
   eval "$conjur_prep"
diff --git a/helm/conjur-app-deploy/charts/app-summon-sidecar/templates/secrets-configmap.yml b/helm/conjur-app-deploy/charts/app-summon-sidecar/templates/secrets-configmap.yml
new file mode 100644
index 00000000..f565ced6
--- /dev/null
+++ b/helm/conjur-app-deploy/charts/app-summon-sidecar/templates/secrets-configmap.yml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+    name: secrets-configmap
+    labels:
+      release: {{ .Release.Name }}
+      heritage: {{ .Release.Service }}
+      conjur.org/name: "secrets-configmap"
+      helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+data:
+    secrets.yml: |
+      DB_URL: !var test-summon-sidecar-app-db/url
+      DB_USERNAME: !var test-summon-sidecar-app-db/username
+      DB_PASSWORD: !var test-summon-sidecar-app-db/password
\ No newline at end of file
diff --git a/helm/conjur-app-deploy/charts/app-summon-sidecar/templates/test-app-summon-sidecar.yaml b/helm/conjur-app-deploy/charts/app-summon-sidecar/templates/test-app-summon-sidecar.yaml
index 650e9669..745d2f8a 100644
--- a/helm/conjur-app-deploy/charts/app-summon-sidecar/templates/test-app-summon-sidecar.yaml
+++ b/helm/conjur-app-deploy/charts/app-summon-sidecar/templates/test-app-summon-sidecar.yaml
@@ -38,6 +38,7 @@ spec:
       containers:
       - image: {{ printf "%s:%s" .Values.app.image.repository .Values.app.image.tag }}
         imagePullPolicy: {{ .Values.app.image.pullPolicy }}
+        command: ["summon", "--provider", "summon-conjur", "-f", "/etc/conjur/secrets.yml", "java", "-jar", "/app.jar"]
         name: test-app
         ports:
         - name: http
@@ -58,6 +59,9 @@ spec:
           - mountPath: /run/conjur
             name: conjur-access-token
             readOnly: true
+          - mountPath: /etc/conjur
+            name: secrets-config
+            readOnly: true
       - image: {{ printf "%s:%s" .Values.authnClient.image.repository .Values.authnClient.image.tag }}
         imagePullPolicy: {{ .Values.authnClient.image.pullPolicy }}
         name: authenticator
@@ -93,3 +97,9 @@ spec:
         - name: conjur-access-token
           emptyDir:
             medium: Memory
+        - name: secrets-config
+          configMap:
+            name: secrets-configmap
+            items:
+            - key: "secrets.yml"
+              path: "secrets.yml"

From 7736e426295f19d6c64dc5c98bd9a5a63b592267 Mon Sep 17 00:00:00 2001
From: Naomi Haser <naomi.haser@cyberark.com>
Date: Tue, 10 Aug 2021 14:53:25 -0400
Subject: [PATCH 3/5] Unbound variables added

---
 bin/test-workflow/utils.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/bin/test-workflow/utils.sh b/bin/test-workflow/utils.sh
index 7671e3cc..5accd087 100755
--- a/bin/test-workflow/utils.sh
+++ b/bin/test-workflow/utils.sh
@@ -283,6 +283,8 @@ function run_command_with_platform {
     -e OSHIFT_CONJUR_ADMIN_USERNAME \
     -e OSHIFT_CLUSTER_ADMIN_USERNAME \
     -e CONJUR_LOG_LEVEL \
+    -e TEST_APP_TAG \
+    -e TEST_APP_REPO \
     -e TEST_APP_LOADBALANCER_SVCS \
     -e GCLOUD_SERVICE_KEY=/tmp"$GCLOUD_SERVICE_KEY" \
     "$GCLOUD_INCLUDES" \

From 3bdbf6b24bbe121d8cee26a260265ef70f02ee36 Mon Sep 17 00:00:00 2001
From: Naomi Haser <naomi.haser@cyberark.com>
Date: Tue, 10 Aug 2021 15:13:22 -0400
Subject: [PATCH 4/5] Add blank line to yml file

---
 .../charts/app-summon-sidecar/templates/secrets-configmap.yml  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/helm/conjur-app-deploy/charts/app-summon-sidecar/templates/secrets-configmap.yml b/helm/conjur-app-deploy/charts/app-summon-sidecar/templates/secrets-configmap.yml
index f565ced6..00707746 100644
--- a/helm/conjur-app-deploy/charts/app-summon-sidecar/templates/secrets-configmap.yml
+++ b/helm/conjur-app-deploy/charts/app-summon-sidecar/templates/secrets-configmap.yml
@@ -11,4 +11,5 @@ data:
     secrets.yml: |
       DB_URL: !var test-summon-sidecar-app-db/url
       DB_USERNAME: !var test-summon-sidecar-app-db/username
-      DB_PASSWORD: !var test-summon-sidecar-app-db/password
\ No newline at end of file
+      DB_PASSWORD: !var test-summon-sidecar-app-db/password
+      
\ No newline at end of file

From 8dab7888efd0713d2c098b9a8a7a67643db9c1fd Mon Sep 17 00:00:00 2001
From: Naomi Haser <naomi.haser@cyberark.com>
Date: Tue, 10 Aug 2021 15:17:59 -0400
Subject: [PATCH 5/5] Delete tabs to have valid EOF line

---
 .../charts/app-summon-sidecar/templates/secrets-configmap.yml    | 1 -
 1 file changed, 1 deletion(-)

diff --git a/helm/conjur-app-deploy/charts/app-summon-sidecar/templates/secrets-configmap.yml b/helm/conjur-app-deploy/charts/app-summon-sidecar/templates/secrets-configmap.yml
index 00707746..6bc4f8db 100644
--- a/helm/conjur-app-deploy/charts/app-summon-sidecar/templates/secrets-configmap.yml
+++ b/helm/conjur-app-deploy/charts/app-summon-sidecar/templates/secrets-configmap.yml
@@ -12,4 +12,3 @@ data:
       DB_URL: !var test-summon-sidecar-app-db/url
       DB_USERNAME: !var test-summon-sidecar-app-db/username
       DB_PASSWORD: !var test-summon-sidecar-app-db/password
-      
\ No newline at end of file