conjurdemos · jonahx · Mar 26, 2019 · Mar 15, 2019 · Mar 17, 2019 · Mar 18, 2019
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,12 @@
 policy/generated/*
-pg/schema.sql
+openshift/*.postgres.yml
+openshift/*.mysql.yml
+kubernetes/*.postgres.yml
+kubernetes/*.mysql.yml
 openshift/postgres.yml
-test_app_summon/secrets.yml
+openshift/mysql.yml
+kubernetes/postgres.yml
+kubernetes/mysql.yml
+test_app_summon/*.secrets.yml
 test_app_summon/summon*
 output/
diff --git a/0_check_dependencies.sh b/0_check_dependencies.sh
@@ -11,3 +11,5 @@ check_env_var "DOCKER_REGISTRY_PATH"
 check_env_var "CONJUR_ACCOUNT"
 check_env_var "CONJUR_ADMIN_PASSWORD"
 check_env_var "AUTHENTICATOR_ID"
+check_env_var "TEST_APP_DATABASE"
+ensure_env_database
diff --git a/2_load_conjur_policies.sh b/2_load_conjur_policies.sh
@@ -8,13 +8,15 @@ announce "Generating Conjur policy."
 pushd policy
   mkdir -p ./generated
 
-  sed -e "s#{{ AUTHENTICATOR_ID }}#$AUTHENTICATOR_ID#g" ./templates/cluster-authn-svc-def.template.yml > ./generated/cluster-authn-svc.yml
+  # NOTE: generated files are prefixed with the test app namespace to allow for parallel CI
+
+  sed -e "s#{{ AUTHENTICATOR_ID }}#$AUTHENTICATOR_ID#g" ./templates/cluster-authn-svc-def.template.yml > ./generated/$TEST_APP_NAMESPACE_NAME.cluster-authn-svc.yml
 
   sed -e "s#{{ AUTHENTICATOR_ID }}#$AUTHENTICATOR_ID#g" ./templates/project-authn-def.template.yml |
-    sed -e "s#{{ TEST_APP_NAMESPACE_NAME }}#$TEST_APP_NAMESPACE_NAME#g" > ./generated/project-authn.yml
+    sed -e "s#{{ TEST_APP_NAMESPACE_NAME }}#$TEST_APP_NAMESPACE_NAME#g" > ./generated/$TEST_APP_NAMESPACE_NAME.project-authn.yml
 
   sed -e "s#{{ AUTHENTICATOR_ID }}#$AUTHENTICATOR_ID#g" ./templates/app-identity-def.template.yml |
-    sed -e "s#{{ TEST_APP_NAMESPACE_NAME }}#$TEST_APP_NAMESPACE_NAME#g" > ./generated/app-identity.yml
+    sed -e "s#{{ TEST_APP_NAMESPACE_NAME }}#$TEST_APP_NAMESPACE_NAME#g" > ./generated/$TEST_APP_NAMESPACE_NAME.app-identity.yml
 popd
 
 # Create the random database password
@@ -35,6 +37,7 @@ if [[ "${DEPLOY_MASTER_CLUSTER}" == "true" ]]; then
       CONJUR_ADMIN_PASSWORD=${CONJUR_ADMIN_PASSWORD} \
       DB_PASSWORD=${password} \
       TEST_APP_NAMESPACE_NAME=${TEST_APP_NAMESPACE_NAME} \
+      TEST_APP_DATABASE=${TEST_APP_DATABASE} \
       CONJUR_VERSION=${CONJUR_VERSION} \
       /policy/load_policies.sh
     "
@@ -46,14 +49,18 @@ if [[ "${DEPLOY_MASTER_CLUSTER}" == "true" ]]; then
   set_namespace "$TEST_APP_NAMESPACE_NAME"
 fi
 
-# Set DB password in DB schema
-pushd pg
-  sed -e "s#{{ TEST_APP_PG_PASSWORD }}#$password#g" ./schema.template.sql > ./schema.sql
+# Set DB password in Kubernetes manifests
+# NOTE: generated files are prefixed with the test app namespace to allow for parallel CI
+pushd kubernetes
+  sed -e "s#{{ TEST_APP_DB_PASSWORD }}#$password#g" ./postgres.template.yml > ./${TEST_APP_NAMESPACE_NAME}.postgres.yml
+  sed -e "s#{{ TEST_APP_DB_PASSWORD }}#$password#g" ./mysql.template.yml > ./${TEST_APP_NAMESPACE_NAME}.mysql.yml
 popd
 
-# Set DB password in OC deployment manifest
+# Set DB password in OC manifests
+# NOTE: generated files are prefixed with the test app namespace to allow for parallel CI
 pushd openshift
-  sed -e "s#{{ TEST_APP_PG_PASSWORD }}#$password#g" ./postgres.template.yml > ./postgres.yml
+  sed -e "s#{{ TEST_APP_DB_PASSWORD }}#$password#g" ./postgres.template.yml > ./${TEST_APP_NAMESPACE_NAME}.postgres.yml
+  sed -e "s#{{ TEST_APP_DB_PASSWORD }}#$password#g" ./mysql.template.yml > ./${TEST_APP_NAMESPACE_NAME}.mysql.yml
 popd
 
 announce "Added DB password value: $password"
diff --git a/5_build_and_push_containers.sh b/5_build_and_push_containers.sh
@@ -26,9 +26,11 @@ pushd test_app_summon
     docker rm -v $id
   fi
 
+
   for app_type in "${APPS[@]}"; do
     # prep secrets.yml
-    sed -e "s#{{ TEST_APP_NAME }}#test-summon-$app_type-app#g" ./secrets.template.yml > secrets.yml
+    # NOTE: generated files are prefixed with the test app namespace to allow for parallel CI
+    sed -e "s#{{ TEST_APP_NAME }}#test-summon-$app_type-app#g" ./secrets.template.yml > "$TEST_APP_NAMESPACE_NAME.secrets.yml"
 
     dockerfile="Dockerfile"
     if [[ "$PLATFORM" == "openshift" ]]; then
@@ -37,6 +39,7 @@ pushd test_app_summon
 
     echo "Building test app image"
     docker build \
+      --build-arg namespace=$TEST_APP_NAMESPACE_NAME\
       -t test-app:$CONJUR_NAMESPACE_NAME \
       -f $dockerfile .
 

diff --git a/6_deploy_test_app.sh b/6_deploy_test_app.sh
@@ -27,7 +27,7 @@ init_registry_creds() {
   if [[ "$PLATFORM" == "kubernetes" ]]; then
     if [[ "${DOCKER_EMAIL}" != "" ]]; then
       announce "Creating image pull secret."
-    
+
       kubectl delete --ignore-not-found secret dockerpullsecret
 
       kubectl create secret docker-registry dockerpullsecret \
@@ -38,16 +38,16 @@ init_registry_creds() {
     fi
   elif [[ "$PLATFORM" == "openshift" ]]; then
     announce "Creating image pull secret."
-    
+
     $cli delete --ignore-not-found secrets dockerpullsecret
-  
+
     $cli secrets new-dockercfg dockerpullsecret \
       --docker-server=${DOCKER_REGISTRY_PATH} \
       --docker-username=_ \
       --docker-password=$($cli whoami -t) \
       --docker-email=_
-  
-    $cli secrets add serviceaccount/default secrets/dockerpullsecret --for=pull    
+
+    $cli secrets add serviceaccount/default secrets/dockerpullsecret --for=pull
   fi
 }
 
@@ -84,20 +84,34 @@ deploy_app_backend() {
      statefulset/summon-init-pg \
      statefulset/summon-sidecar-pg \
      statefulset/secretless-pg \
+     statefulset/summon-init-mysql \
+     statefulset/summon-sidecar-mysql \
+     statefulset/secretless-mysql \
      secret/test-app-backend-certs
 
-  echo "Create secrets for test app backend"
-  $cli --namespace $TEST_APP_NAMESPACE_NAME \
-    create secret generic \
-    test-app-backend-certs \
-    --from-file=server.crt=./etc/ca.pem \
-    --from-file=server.key=./etc/ca-key.pem
-
-  echo "Deploying test app backend"
-  test_app_pg_docker_image=$(platform_image test-app-pg)
-  sed -e "s#{{ TEST_APP_PG_DOCKER_IMAGE }}#$test_app_pg_docker_image#g" ./$PLATFORM/postgres.yml |
+  ensure_env_database
+  case "${TEST_APP_DATABASE}" in
+  postgres)
+    echo "Create secrets for test app backend"
+    $cli --namespace $TEST_APP_NAMESPACE_NAME \
+      create secret generic \
+      test-app-backend-certs \
+      --from-file=server.crt=./etc/ca.pem \
+      --from-file=server.key=./etc/ca-key.pem
+
+    echo "Deploying test app backend"
+    test_app_pg_docker_image=$(platform_image test-app-pg)
+    sed -e "s#{{ TEST_APP_PG_DOCKER_IMAGE }}#$test_app_pg_docker_image#g" ./$PLATFORM/${TEST_APP_NAMESPACE_NAME}.postgres.yml |
     sed -e "s#{{ TEST_APP_NAMESPACE_NAME }}#$TEST_APP_NAMESPACE_NAME#g" |
     $cli create -f -
+    ;;
+  mysql)
+    echo "Deploying test app backend"
+    test_app_mysql_docker_image="mysql/mysql-server:5.7"
+    sed -e "s#{{ TEST_APP_DATABASE_DOCKER_IMAGE }}#$test_app_mysql_docker_image#g" ./$PLATFORM/${TEST_APP_NAMESPACE_NAME}.mysql.yml | sed -e "s#{{ TEST_APP_NAMESPACE_NAME }}#$TEST_APP_NAMESPACE_NAME#g" | $cli create -f -
+    ;;
+  esac
+
 }
 
 ###########################
@@ -194,8 +208,22 @@ deploy_secretless_app() {
 
   sleep 5
 
+  ensure_env_database
+  case "$TEST_APP_DATABASE" in
+  postgres)
+    PORT=5432
+    PROTOCOL=postgresql
+    ;;
+  mysql)
+    PORT=3306
+    PROTOCOL=mysql
+    ;;
+  esac
+  secretless_db_url="$PROTOCOL://localhost:$PORT/test_app"
+
   sed -e "s#{{ CONJUR_VERSION }}#$CONJUR_VERSION#g" ./$PLATFORM/test-app-secretless.yml |
     sed -e "s#{{ SECRETLESS_IMAGE }}#$secretless_image#g" |
+    sed -e "s#{{ SECRETLESS_DB_URL }}#$secretless_db_url#g" |
     sed -e "s#{{ CONJUR_AUTHN_URL }}#$conjur_authenticator_url#g" |
     sed -e "s#{{ CONJUR_AUTHN_LOGIN_PREFIX }}#$conjur_authn_login_prefix#g" |
     sed -e "s#{{ CONFIG_MAP_NAME }}#$TEST_APP_NAMESPACE_NAME#g" |

diff --git a/7_verify_authentication.sh b/7_verify_authentication.sh
@@ -26,6 +26,16 @@ announce "Validating that the deployments are functioning as expected."
 
 set_namespace $TEST_APP_NAMESPACE_NAME
 
+echo "Waiting for pods to become available"
+
+while [[ $(pods_not_ready "test-app-summon-init") ]] ||
+      [[ $(pods_not_ready "test-app-summon-sidecar") ]] ||
+      [[ $(pods_not_ready "test-app-secretless") ]]; do
+  printf "."
+  sleep 1
+done
+echo ""
+
 if [[ "$PLATFORM" == "openshift" ]]; then
   echo "Waiting for deployments to become available"
 
@@ -51,23 +61,28 @@ if [[ "$PLATFORM" == "openshift" ]]; then
   init_url="localhost:8081"
   sidecar_url="localhost:8082"
   secretless_url="localhost:8083"
-
-  # Pause for the port-forwarding to complete setup
-  sleep 10
 else
   echo "Waiting for services to become available"
   while [ -z "$(service_ip "test-app-summon-init")" ] ||
         [ -z "$(service_ip "test-app-summon-sidecar")" ] ||
         [ -z "$(service_ip "test-app-secretless")" ]; do
     printf "."
-    sleep 1
+    sleep 3
   done
 
   init_url=$(service_ip test-app-summon-init):8080
   sidecar_url=$(service_ip test-app-summon-sidecar):8080
   secretless_url=$(service_ip test-app-secretless):8080
 fi
 
+echo "Waiting for urls to be ready"
+while ! $(curl -s --connect-timeout 3 $init_url > /dev/null) ||
+      ! $(curl -s --connect-timeout 3 $sidecar_url > /dev/null) ||
+      ! $(curl -s --connect-timeout 3 $secretless_url > /dev/null); do
+  printf "."
+  sleep 3
+done
+
 echo -e "\nAdding entry to the init app\n"
 curl \
   -d '{"name": "Mr. Init"}' \

diff --git a/Jenkinsfile b/Jenkinsfile
@@ -9,29 +9,59 @@ pipeline {
   }
 
   stages {
-    stage('Deploy Demos') {
+// Postgres Tests
+    stage('Deploy Demos Postgres') {
       parallel {
-        stage('GKE and v4 Conjur') {
+        stage('GKE, v4 Conjur, Postgres') {
           steps {
-            sh 'cd ci && summon -e gke ./test gke 4'
+            sh 'cd ci && summon -e gke ./test gke 4 postgres'
           }
         }
 
-        stage('GKE and v5 Conjur') {
+        stage('GKE, v5 Conjur, Postgres') {
           steps {
-            sh 'cd ci && summon -e gke ./test gke 5'
+            sh 'cd ci && summon -e gke ./test gke 5 postgres'
           }
         }
 
-        stage('OpenShift v3.9 and v4 Conjur') {
+        stage('OpenShift v3.9, v4 Conjur, Postgres') {
           steps {
-            sh 'cd ci && summon -e oc ./test oc 4'
+            sh 'cd ci && summon -e oc ./test oc 4 postgres'
           }
         }
 
-        stage('OpenShift v3.9 and v5 Conjur') {
+        stage('OpenShift v3.9, v5 Conjur, Postgres') {
           steps {
-            sh 'cd ci && summon -e oc ./test oc 5'
+            sh 'cd ci && summon -e oc ./test oc 5 postgres'
+          }
+        }
+      }
+    }
+
+// MySQL Tests
+    stage('Deploy Demos MySQL') {
+      parallel {
+        stage('GKE, v4 Conjur, MySQL') {
+          steps {
+            sh 'cd ci && summon -e gke ./test gke 4 mysql'
+          }
+        }
+
+        stage('GKE, v5 Conjur, MySQL') {
+          steps {
+            sh 'cd ci && summon -e gke ./test gke 5 mysql'
+          }
+        }
+
+        stage('OpenShift v3.9, v4 Conjur, MySQL') {
+          steps {
+            sh 'cd ci && summon -e oc ./test oc 4 mysql'
+          }
+        }
+
+        stage('OpenShift v3.9, v5 Conjur, MySQL') {
+          steps {
+            sh 'cd ci && summon -e oc ./test oc 5 mysql'
           }
         }
       }

diff --git a/ci/test b/ci/test
@@ -1,9 +1,10 @@
 #!/bin/bash
 
 # Usage:
-# summon -e [platform] ./test [platform] [conjur version]
+# summon -e [platform] ./test [platform] [conjur version] [database]
 # platform: gke or oc
 # conjur version: 4 or 5
+# database: postgres or mysql
 
 set -euo pipefail
 IFS=$'\n\t'
@@ -31,30 +32,14 @@ trap finish EXIT
 function printUsage() {
   echo "---"
   echo "Usage:"
-  echo "summon -e [platform] ./test [platform] [conjur version]"
+  echo "summon -e [platform] ./test [platform] [conjur version] [database]"
   echo "platform: gke or oc"
   echo "conjur version: 4 or 5"
+  echo "database: postgres or mysql"
 
   exit 1
 }
 
-# Parse input arguments
-if [ $# -ne 2 ]; then
-  echo "Invalid number of arguments."
-  printUsage
-fi
-
-TEST_PLATFORM="$1"
-CONJUR_VERSION="$2"
-
-export TEST_PLATFORM
-export CONJUR_VERSION
-
-# sensible default for OPENSHIFT_URL port
-if [[ ! -z "${OPENSHIFT_URL}" ]] && [[ "${OPENSHIFT_URL}" != *: ]]; then
- OPENSHIFT_URL="${OPENSHIFT_URL}:8443"
-fi
-
 function main() {
   announce 'Checking arguments'
   checkArguments
@@ -71,7 +56,7 @@ function main() {
 
 function deployConjur() {
   pushd ..
-    git clone [email protected]:cyberark/kubernetes-conjur-deploy kubernetes-conjur-deploy-$UNIQUE_TEST_ID
+    git clone --single-branch --branch kt/hot-fixes [email protected]:cyberark/kubernetes-conjur-deploy kubernetes-conjur-deploy-$UNIQUE_TEST_ID
   popd
 
   runDockerCommand "cd kubernetes-conjur-deploy-$UNIQUE_TEST_ID && ./start"
@@ -143,6 +128,7 @@ function runDockerCommand() {
     -e CONJUR_ADMIN_PASSWORD \
     -e AUTHENTICATOR_ID \
     -e TEST_APP_NAMESPACE_NAME \
+    -e TEST_APP_DATABASE \
     -e PLATFORM \
     -e DOCKER_REGISTRY_URL \
     -e DOCKER_REGISTRY_PATH \
@@ -190,4 +176,23 @@ function checkArguments() {
   printUsage
 }
 
+# Parse input arguments
+if [ $# -ne 3 ]; then
+  echo "Invalid number of arguments."
+  printUsage
+fi
+
+TEST_PLATFORM="$1"
+CONJUR_VERSION="$2"
+TEST_APP_DATABASE="$3"
+
+export TEST_PLATFORM
+export CONJUR_VERSION
+export TEST_APP_DATABASE
+
+# sensible default for OPENSHIFT_URL port
+if [[ ! -z "${OPENSHIFT_URL}" ]] && [[ "${OPENSHIFT_URL}" != *: ]]; then
+ OPENSHIFT_URL="${OPENSHIFT_URL}:8443"
+fi
+
 main