adding Java SDK client example and scripts to run it on openshift

demos/java-api-client/Dockerfile

@@ -0,0 +1,4 @@
+FROM openjdk:8-jre-alpine
+ADD target/ConjurJavaClient-1.0-SNAPSHOT-with-dependencies.jar ConjurJavaClient-1.0-SNAPSHOT-with-dependencies.jar
+ENTRYPOINT ["java", "-jar", "ConjurJavaClient-1.0-SNAPSHOT-with-dependencies.jar"]
+

demos/java-api-client/README.md

@@ -0,0 +1,8 @@
+Instructions for building java client
+-------------------------------------
+
+For compiling java test application please run: ./build.sh  
+Java SDK API fat jar will appear in the directory and docker image of the client application will be available  
+In addition, JAVA API SDK fat jar will be installed in local maven repository and will be usable for other applications  
+For Running this application on openshift please look for instructions in ../openshift-install/README.txt  
+

demos/java-api-client/build.sh

@@ -0,0 +1,76 @@
+#!/bin/bash
+
+set -e
+#set -x
+
+function validate_app {
+  APPNAME=$1
+  CHECK_APP=$( which $APPNAME )
+  if [ -z "$CHECK_APP" ]
+  then
+    echo "Please install $APPNAME"
+    exit 1
+  fi
+}
+
+validate_app git
+validate_app mvn
+validate_app docker
+
+COMMAND=$0
+echo "$COMMAND"
+suffix="/build.sh";
+HOME_DIR=${COMMAND%$suffix};
+pushd $HOME_DIR
+
+rm -rf target
+rm -rf conjur-api-java
+
+echo "Cloning Conjur Java SDK repository from Github"
+
+git clone https://github.com/cyberark/conjur-api-java.git
+
+if [ ! -d "./conjur-api-java" ]
+then
+  echo "Git clone failed"
+  exit 1
+fi
+
+BRANCH_NAME=$( git rev-parse --abbrev-ref HEAD )
+
+git checkout $BRANCH_NAME
+
+pushd conjur-api-java
+
+echo "Building Conjur Java SDK JAR"
+
+mvn install -DskipTests -Dmaven.javadoc.skip=true
+
+popd
+
+API_JAR_NAME=$( ls conjur-api-java/target/*with-dependencies.jar | grep conjur-api )
+echo "API_JAR_NAME=$API_JAR_NAME"
+if [ -z $API_JAR_NAME ]
+then
+  echo "Maven install Conjur Java SDK jar failed"
+  exit 1
+fi
+
+VERSION=$( echo "$API_JAR_NAME"| cut -d'/' -f 3 | cut -d'-' -f 3 )
+
+echo "Installing Conjur Java SDK JAR to Maven Repo"
+
+mvn install:install-file -Dfile=conjur-api-java/target/conjur-api-$VERSION-with-dependencies.jar -DgroupId=net.conjur.api -DartifactId=conjur-api -Dversion=$VERSION -Dpackaging=jar
+
+echo "Build Conjur Java Client Example"
+mvn install -Dconjur-api-version=2.1.0
+
+cp conjur-api-java/target/conjur-api-2.1.0-with-dependencies.jar .
+
+rm -rf conjur-api-java
+
+echo "Creating docker image of Conjur Java Client Example"
+docker build -f Dockerfile -t conjur-java-client .
+
+docker images | grep conjur-java-client
+

demos/java-api-client/pom.xml

@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <properties>
+        <conjur-api-version>2.1.0</conjur-api-version>
+    </properties>
+    <groupId>com.cyberark.example</groupId>
+    <artifactId>ConjurJavaClient</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <dependencies>
+        <dependency>
+            <groupId>net.conjur.api</groupId>
+            <artifactId>conjur-api</artifactId>
+            <version>${conjur-api-version}</version>
+        </dependency>
+    </dependencies>
+    <build><plugins>
+          <plugin>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>2.3.2</version>
+                <configuration>
+                    <source>1.6</source>
+                    <target>1.6</target>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.20</version>
+                <configuration>
+                    <systemPropertyVariables>
+                        <CONJUR_ACCOUNT>${env.CONJUR_ACCOUNT}</CONJUR_ACCOUNT>
+                        <CONJUR_APPLIANCE_URL>${env.CONJUR_APPLIANCE_URL}</CONJUR_APPLIANCE_URL>
+                        <CONJUR_AUTHN_LOGIN>${env.CONJUR_AUTHN_LOGIN}</CONJUR_AUTHN_LOGIN>
+                    </systemPropertyVariables>
+                </configuration>
+            </plugin>
+           <!-- Plugin to create jar with dependencies -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-shade-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>shade</goal>
+                        </goals>
+                        <configuration>
+                            <shadedClassifierName>with-dependencies</shadedClassifierName>
+                            <shadedArtifactAttached>true</shadedArtifactAttached>
+				<transformers>
+				<transformer
+                                    implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
+                                <mainClass>com.cyberark.example.JavaClient</mainClass>
+                            </transformer>
+			    <transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
+				  <resource>META-INF/cxf/bus-extensions.txt</resource>
+			    </transformer>
+                        </transformers>
+                    </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+
+    </plugins></build>
+
+</project>

demos/java-api-client/src/main/java/com/cyberark/example/JavaClient.java

@@ -0,0 +1,62 @@
+package com.cyberark.example;
+
+import net.conjur.api.Conjur;
+import net.conjur.api.Token;
+
+import java.io.FileOutputStream;
+import java.io.PrintWriter;
+
+import java.io.File;
+import java.nio.file.Paths;
+
+public class JavaClient {
+
+  private static String truststoreFileName = "/run/conjur/truststore.jks";
+
+  private static void initialize()
+  {
+    System.setProperty("javax.net.ssl.trustStore", truststoreFileName);
+    System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
+    System.setProperty("CONJUR_ACCOUNT", System.getenv("CONJUR_ACCOUNT"));
+    if (System.getenv("CONJUR_AUTHN_LOGIN") != null)
+    {
+      System.setProperty("CONJUR_AUTHN_LOGIN", System.getenv("CONJUR_AUTHN_LOGIN"));
+    }
+    System.setProperty("CONJUR_APPLIANCE_URL", System.getenv("CONJUR_APPLIANCE_URL"));
+  }
+
+  private static void enterPending()
+  {
+    try 
+    {
+      Thread.sleep(500000);
+    }
+    catch (Exception e)
+    {
+      System.out.println("Timer Exception:" + e);
+    }
+  }
+
+  public static void main(String args[])
+  {
+    System.out.println("Running Conjur Java SDK Example");
+    initialize();
+    Token token = null;
+    try 
+    {
+      System.out.println("CONJUR_AUTHN_TOKEN_FILE = " + System.getenv("CONJUR_AUTHN_TOKEN_FILE"));
+      token = Token.fromFile(Paths.get(System.getenv("CONJUR_AUTHN_TOKEN_FILE")));
+    }
+    catch (Exception e)
+    {
+      System.out.println("Exception:" + e);
+      return;
+    }
+    System.out.println("Create Conjur API Instance");
+    Conjur conjur = new Conjur(token);
+    String secret = conjur.variables().retrieveSecret("variables/mypassword");
+    System.out.println("Retrieved secret = " + secret);
+    enterPending();
+  }
+
+}

demos/openshift-install/README.md

@@ -0,0 +1,36 @@
+Explanations:
+-------------
+The purpose of this demo is to install Conjur on existing OpenShift environment and then run Java Client on top of it  
+The environent contains 4 pods each with up to 2 containers inside  
+Pod #1: Postgres  
+Pod #2: Conjur + Nginx  
+Pod #3: Conjur CLI  
+Pod #4: Conjur authenticator client + Java Client  
+
+Local Prerequisites:
+--------------------
+Git - git version 2.24.1  
+Maven - Apache Maven 3.6.3  
+Java SDK / JRE - openjdk version "1.8.0_232"  
+MAC OS Catalina - Version 10.15.1 (19076)  
+OpenShift client installed on MAC  
+
+External Prerequisites:
+-----------------------
+A GitHub user for GitHub environment  
+OpenShift -     oc v3.11.0+0cbc58b  
+                kubernetes v1.11.0+d4cacc0  
+                features: Basic-Auth  
+
+Commands:
+---------
+1. **Building Java Client:** cd <home-dir>/conjur-intro/demos/java-api-client  
+			 ./build.sh  
+2. **Installing Conjur and Conjur-CLI on OpenShift:** <home-dir>/conjur-intro/demos/openshift-install  
+						   ./installer.sh --with-config --ocp-url <ocp-url>:<port> --project-name <project-name> --account-name <account-name> --authenticator <authenticator>  
+3. **Verify that all pods are up and running by:** 	oc get pods  
+4. **Installing and running java client opn Open Shift:** ./java-client-installer.sh --ocp-url <ocp-url>:<port> --docker-url <docker-url> --project-name <project-name> --account-name <account-name> --authenticator <authenticator>  
+5. **Verify that all pods are up and running by:** 	oc get pods  
+6. **Checking output of Java client container on pod #4:** oc logs <pod-name> -c my-conjur-java-client  
+   It should show that secret was retrieved properly  
+

demos/openshift-install/cleanup.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+#set -x
+#set -e
+
+function validate_app {
+  APPNAME=$1
+  CHECK_APP=$( which $APPNAME )
+  if [ -z "$CHECK_APP" ]
+  then
+     echo "Please install $APPNAME"
+     exit 1
+  fi
+}
+
+validate_app oc
+
+oc delete project $1

demos/openshift-install/conjur-cli.yaml

@@ -0,0 +1,27 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: conjur-cli
+  labels:
+    app: conjur-cli
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: conjur-cli
+  template:
+    metadata:
+      name: conjur-cli
+      labels:
+        app: conjur-cli
+    spec:
+      serviceAccountName: default
+      containers:
+      - name: conjur-cli
+        image: cyberark/conjur-cli:5-latest
+        imagePullPolicy: IfNotPresent
+        command: ["sleep"]
+        args: ["infinity"]
+      imagePullSecrets:
+        - name: dockerpullsecret

demos/openshift-install/conjur_scripts/cert_script.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+set -e
+AUTHENTICATOR_ID=$2
+CONJUR_ACCOUNT=$1
+
+# Generate OpenSSL private key
+openssl genrsa -out ca.key 2048
+
+CONFIG="
+[ req ]
+distinguished_name = dn
+x509_extensions = v3_ca
+[ dn ]
+[ v3_ca ]
+basicConstraints = critical,CA:TRUE
+subjectKeyIdentifier   = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+"
+
+# Generate root CA certificate
+openssl req -x509 -new -nodes -key ca.key -sha1 -days 3650 -set_serial 0x0 -out ca.cert \
+  -subj "/CN=conjur.authn-k8s.$AUTHENTICATOR_ID/OU=Conjur Kubernetes CA/O=$CONJUR_ACCOUNT" \
+  -config <(echo "$CONFIG")
+
+# Verify cert
+openssl x509 -in ca.cert -text -noout &> /dev/null
+
+# Load variable values
+conjur variable values add conjur/authn-k8s/$AUTHENTICATOR_ID/ca/key "$(cat ca.key)"
+conjur variable values add conjur/authn-k8s/$AUTHENTICATOR_ID/ca/cert "$(cat ca.cert)"
+

demos/openshift-install/docker-compose.yml

@@ -0,0 +1,16 @@
+version: '2'
+services:
+
+  database:
+    image: postgres:9.4
+    container_name: postgres_database
+
+  conjur:
+    image: cyberark/conjur
+    container_name: conjur_server
+    command: server
+    environment:
+      DATABASE_URL: postgres://postgres@database/postgres
+      CONJUR_DATA_KEY:
+    depends_on: [ database ]
+