Add script to enable authn-jwt flow

Can be used in automation that uses this helm chart
cyberark · Jan 10, 2022 · a1e9c1c · a1e9c1c
1 parent 6a9c8b4
commit a1e9c1c
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 4 deletions.
diff --git a/ci/jenkins_build.sh b/ci/jenkins_build.sh
@@ -34,6 +34,7 @@ export HELM_VERSION="${HELM_VERSION:-3.1.3}"
 export KUBECTL_VERSION="${KUBECTL_VERSION:-1.16.9}"
 export RELEASE_NAME="$CONJUR_NAMESPACE"
 export SKIP_GCLOUD_LOGIN="${SKIP_GCLOUD_LOGIN:-false}"
+export AUTHN_STRATEGY="${AUTHN_STRATEGY:authn-k8s}"
 
 announce "Building gcloud/kubectl/helm client image..."
 # Build the gcloud/kubectl/helm client container image

diff --git a/examples/common/2_helm_install_or_upgrade_conjur.sh b/examples/common/2_helm_install_or_upgrade_conjur.sh
@@ -40,7 +40,7 @@ fi
 args+=("-n" "$CONJUR_NAMESPACE" \
       "--set" "account.name=$CONJUR_ACCOUNT" \
       "--set" "account.create=true" \
-      "--set" "authenticators=authn\,authn-k8s/$AUTHENTICATOR_ID" \
+      "--set" "authenticators=authn\,$AUTHN_STRATEGY/$AUTHENTICATOR_ID" \
       "--set" "logLevel=$CONJUR_LOG_LEVEL" \
       "--set" "service.external.enabled=$CONJUR_LOADBALANCER_SVCS" \
       "--wait" \

diff --git a/examples/common/4_ensure_authn_k8s_enabled.sh b/examples/common/4_ensure_authn_k8s_enabled.sh
@@ -10,11 +10,11 @@ authenticators="$(kubectl get secret \
                   $HELM_RELEASE-conjur-authenticators \
                   --template={{.data.key}} | base64 -d)"
 if grep -q "$authenticators" <<< "$AUTHENTICATOR_ID"; then
-  echo "Enabling authenticator ID $AUTHENTICATOR_ID for authn-k8s"
+  echo "Enabling authenticator ID $AUTHENTICATOR_ID for $AUTHN_STRATEGY"
   helm upgrade \
        -n "$CONJUR_NAMESPACE" \
        --reuse-values \
-       --set authenticators="authn\,authn-k8s/$AUTHENTICATOR_ID" \
+       --set authenticators="authn\,$AUTHN_STRATEGY/$AUTHENTICATOR_ID" \
        --set logLevel="$CONJUR_LOG_LEVEL" \
        --wait \
        --timeout 300s \
@@ -25,5 +25,5 @@ if grep -q "$authenticators" <<< "$AUTHENTICATOR_ID"; then
   wait_for_conjur_ready
 
 else
-  echo "Authenticator ID $AUTHENTICATOR_ID is already enabled for authn-k8s"
+  echo "Authenticator ID $AUTHENTICATOR_ID is already enabled for $AUTHN_STRATEGY"
 fi
diff --git a/examples/common/customize.env b/examples/common/customize.env
@@ -45,3 +45,6 @@
 # Configuration for Conjur authn-k8s
 #export ANNOTATION_BASED_AUTHN="<true-or-false-defaults-to-true>"
 #export AUTHENTICATOR_ID="<authenticator-id-string-defaults-to-my-authenticator-id>"
+
+# Default authn strategy is authn-k8s. But we want to support ad of authn-jwt
+#export AUTNH_STRATEGY="authn-k8s"
diff --git a/examples/kubernetes-in-docker/0_export_env_vars.sh b/examples/kubernetes-in-docker/0_export_env_vars.sh
@@ -44,3 +44,5 @@ if [[ "USE_DOCKER_LOCAL_REGISTRY" == "false" ]]; then
   check_env_var "DOCKER_PASSWORD"
   check_env_var "DOCKER_EMAIL"
 fi
+
+export AUTNH_STRATEGY="authn-k8s"
diff --git a/examples/openshift/0_export_env_vars.sh b/examples/openshift/0_export_env_vars.sh
@@ -56,3 +56,5 @@ if [[ "USE_DOCKER_LOCAL_REGISTRY" == "false" ]]; then
   check_env_var "DOCKER_PASSWORD"
   check_env_var "DOCKER_EMAIL"
 fi
+
+export AUTNH_STRATEGY="authn-k8s"