Sign upLogin

cyberark/secrets-provider-for-k8s

View on GitHub
Star
bin/start

Summary

Maintainability
Test Coverage
#!/bin/bash -ex

print_help() {
  cat << EOF
Test the secrets-provider-for-k8s image. This script sets up a Conjur cluster in k8s and deploys a k8s environment with an app
container and a secrets-provider-for-k8s init container. Finally it tests that the outcome is as expected (for example,
in the vanilla flow it verifies that the Conjur secret was provided to the app container via the environment.

Usage: ./bin/start [options]
    --docker      Run the integation tests in a docker container. This is helpful when running the test in a machine that
                  doesn't have "oc" or "kubectl" installed on it.

    --dev         Run the development environment. By default the environment is run against a Conjur DAP deployment on GKE.

    --reload      Run reload to rebuild and redeploy changes done in Secrets Provider to a local cluster without redeploying DAP/Conjur.

    --oss         Run the integration tests with a OSS Conjur deployment. By default the tests are run against a Conjur DAP deployment.

    --dap         Run the integration tests with a DAP Conjur deployment. By default the tests are run against a Conjur DAP deployment.

    --gke         Run the integration tests on GKE. By default the tests are run on GKE.

    --oldest      Run the integration tests on the oldest running Openshift platform. By default the tests are run on GKE.

    --current     Run the integration tests on the currently supported Openshift platform. By default the tests are run on GKE.

    --next        Run the integration tests on the latest Openshift platform. By default the tests are run on GKE.

    -h, --help    Shows this help message.
EOF
  exit
}

runScriptWithSummon() {
    # CONJUR_ACCOUNT is set in bootstrap.env to a test value, which isn't valid for
    # conjurops.
    CONJUR_ACCOUNT="conjur" summon --provider summon-conjur --environment $SUMMON_ENV -f ./summon/secrets.yml $1
}

RUN_IN_DOCKER=false
CONJUR_DEPLOYMENT=dap
SUMMON_ENV=gke
RELOAD_ENV=false
DEV=false

while true ; do
  case "$1" in
    --docker ) RUN_IN_DOCKER=true ; shift ;;
    --dev ) DEV=true ; shift ;;
    --test-prefix=* ) TEST_NAME_PREFIX="${1#*=}" ; export TEST_NAME_PREFIX; shift ;;
    --reload ) RELOAD_ENV=true ; shift ;;
    --template=* ) TEMPLATE_OVERRIDE="${1#*=}" ; export TEMPLATE_OVERRIDE; shift ;;
    --oss ) CONJUR_DEPLOYMENT=oss ; shift ;;
    --dap ) CONJUR_DEPLOYMENT=dap ; shift ;;
    --gke ) SUMMON_ENV=gke ; shift ;;
    --oldest ) SUMMON_ENV=oldest ; shift ;;
    --current ) SUMMON_ENV=current ; shift ;;
    --next ) SUMMON_ENV=next ; shift ;;
    --template=* ) TEMPLATE_OVERRIDE="${1#*=}" ; export TEMPLATE_OVERRIDE; shift ;;
    -h | --help ) print_help ; shift ;;
     * ) if [ -z "$1" ]; then break; else echo "$1 is not a valid option"; exit 1; fi;;
  esac
done

if [[ "${DEV}" = "false" && $RELOAD_ENV = true ]]; then
  echo "Error: --reload should be configured with --dev"
  exit 1
fi

export RUN_IN_DOCKER
export CONJUR_DEPLOYMENT
export DEV
export SUMMON_ENV
export TEMPLATE_OVERRIDE

echo $TEMPLATE_OVERRIDE

# summon environment variable
export CONJUR_MAJOR_VERSION=5

# make sure we are in the project root
cd $(git rev-parse --show-toplevel)

source bootstrap.env

pushd deploy
  if [[ $RUN_IN_DOCKER = true ]]; then
    # this option cannot run locally due to lack of docker credentials. It works only in the Jenkins pipeline
    runScriptWithSummon ./test/test_in_docker.sh
  elif [[ "${DEV}" = "true" && $RELOAD_ENV = true ]]; then
    ./dev/reload.sh
  elif [[ "${DEV}" = "true" ]]; then
    ./run.sh
  else
    runScriptWithSummon ./run.sh
  fi
popd