Demonapp dockerhub

bin/test-workflow/0_prep_env.sh

@@ -45,6 +45,8 @@ export CONJUR_AUTHN_LOGIN_PREFIX="${CONJUR_AUTHN_LOGIN_PREFIX:-host/conjur/authn
 export CONJUR_VERSION="${CONJUR_VERSION:-5}"
 export TEST_APP_NAMESPACE_NAME="${TEST_APP_NAMESPACE_NAME:-app-test}"
 export TEST_APP_DATABASE="${TEST_APP_DATABASE:-postgres}"
+export TEST_APP_REPO="${TEST_APP_REPO:-cyberark/demo-app}"
+export TEST_APP_TAG="${TEST_APP_TAG:-latest}"
 
 if [[ "$CONJUR_OSS_HELM_INSTALLED" == "true" ]]; then
   conjur_service="conjur-oss"

bin/test-workflow/8_app_deploy.sh → bin/test-workflow/7_app_deploy.sh

@@ -24,8 +24,8 @@ pushd ../../helm/conjur-app-deploy > /dev/null
       --set global.conjur.conjurConnConfigMap="conjur-connect" \
       --set app-summon-sidecar.enabled=true \
       --set app-summon-sidecar.conjur.authnLogin="$CONJUR_AUTHN_LOGIN_PREFIX/test-app-summon-sidecar" \
-      --set app-summon-sidecar.app.image.tag="$CONJUR_NAMESPACE_NAME" \
-      --set app-summon-sidecar.app.image.repository="$DOCKER_REGISTRY_PATH/test-sidecar-app"
+      --set app-summon-sidecar.app.image.tag="$TEST_APP_TAG" \
+      --set app-summon-sidecar.app.image.repository="$TEST_APP_REPO"
 
 popd > /dev/null
 

bin/test-workflow/9_app_verify_authentication.sh → bin/test-workflow/8_app_verify_authentication.sh

@@ -18,19 +18,18 @@ RETRIES=150
 # Seconds
 RETRY_WAIT=2
 
-# Dump some kubernetes resources and Conjur authentication policy if this
-# script exits prematurely
-DETAILED_DUMP_ON_EXIT=true
-
 function finish {
+  exit_code=$?
+
   readonly PIDS=(
     "SIDECAR_PORT_FORWARD_PID"
     "INIT_PORT_FORWARD_PID"
     "INIT_WITH_HOST_OUTSIDE_APPS_PORT_FORWARD_PID"
     "SECRETLESS_PORT_FORWARD_PID"
   )
 
-  if [[ "$DETAILED_DUMP_ON_EXIT" == "true" ]]; then
+  # Upon error, dump some kubernetes resources and Conjur authentication policy
+  if [ $exit_code -ne 0 ]; then
     dump_kubernetes_resources
     dump_authentication_policy
   fi
@@ -44,6 +43,12 @@ function finish {
       kill "${!pid}" > /dev/null 2>&1
     fi
   done
+
+if [ $exit_code -eq 0 ]; then
+    announce "Test PASSED!!!!"
+  else
+    announce "Test FAILED!!!!"
+  fi
 }
 trap finish EXIT
 
@@ -149,5 +154,3 @@ $curl_cmd "$sidecar_url"/pets
 
 # echo -e "\n\nQuerying secretless app\n"
 # $curl_cmd "$secretless_url"/pets
-
-DETAILED_DUMP_ON_EXIT=false

bin/test-workflow/start

@@ -97,10 +97,9 @@ conjur_prep="
 cluster_prep="./4_admin_cluster_prep.sh"
 test_app_workflow="
 ./5_app_namespace_prep.sh &&
-./6_app_build_and_push_containers.sh &&
-./7_app_deploy_backend.sh &&
-./8_app_deploy.sh &&
-./9_app_verify_authentication.sh"
+./6_app_deploy_backend.sh &&
+./7_app_deploy.sh &&
+./8_app_verify_authentication.sh"
 
 if [[ "$CONJUR_OSS_HELM_INSTALLED" == "true" ]]; then
   eval "$conjur_prep"

bin/test-workflow/utils.sh

@@ -283,6 +283,8 @@ function run_command_with_platform {
     -e OSHIFT_CONJUR_ADMIN_USERNAME \
     -e OSHIFT_CLUSTER_ADMIN_USERNAME \
     -e CONJUR_LOG_LEVEL \
+    -e TEST_APP_TAG \
+    -e TEST_APP_REPO \
     -e TEST_APP_LOADBALANCER_SVCS \
     -e GCLOUD_SERVICE_KEY=/tmp"$GCLOUD_SERVICE_KEY" \
     "$GCLOUD_INCLUDES" \

helm/conjur-app-deploy/charts/app-summon-sidecar/templates/secrets-configmap.yml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+    name: secrets-configmap
+    labels:
+      release: {{ .Release.Name }}
+      heritage: {{ .Release.Service }}
+      conjur.org/name: "secrets-configmap"
+      helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+data:
+    secrets.yml: |
+      DB_URL: !var test-summon-sidecar-app-db/url
+      DB_USERNAME: !var test-summon-sidecar-app-db/username
+      DB_PASSWORD: !var test-summon-sidecar-app-db/password

helm/conjur-app-deploy/charts/app-summon-sidecar/templates/test-app-summon-sidecar.yaml

@@ -38,6 +38,7 @@ spec:
       containers:
       - image: {{ printf "%s:%s" .Values.app.image.repository .Values.app.image.tag }}
         imagePullPolicy: {{ .Values.app.image.pullPolicy }}
+        command: ["summon", "--provider", "summon-conjur", "-f", "/etc/conjur/secrets.yml", "java", "-jar", "/app.jar"]
         name: test-app
         ports:
         - name: http
@@ -58,6 +59,9 @@ spec:
           - mountPath: /run/conjur
             name: conjur-access-token
             readOnly: true
+          - mountPath: /etc/conjur
+            name: secrets-config
+            readOnly: true
       - image: {{ printf "%s:%s" .Values.authnClient.image.repository .Values.authnClient.image.tag }}
         imagePullPolicy: {{ .Values.authnClient.image.pullPolicy }}
         name: authenticator
@@ -93,3 +97,9 @@ spec:
         - name: conjur-access-token
           emptyDir:
             medium: Memory
+        - name: secrets-config
+          configMap:
+            name: secrets-configmap
+            items:
+            - key: "secrets.yml"
+              path: "secrets.yml"