Skip to content

Commit

Permalink
Merge pull request #204 from cyberark/test-windows
Browse files Browse the repository at this point in the history
Integration test against Windows environment
  • Loading branch information
sgnn7 authored Sep 17, 2020
2 parents b9bbb7a + 2ec9a27 commit 15278dc
Show file tree
Hide file tree
Showing 5 changed files with 444 additions and 40 deletions.
97 changes: 73 additions & 24 deletions Jenkinsfile
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ pipeline {

options {
timestamps()
parallelsAlwaysFailFast()
}

triggers {
Expand All @@ -28,31 +29,87 @@ pipeline {
}
}

// workaround for Jenkins not fetching tags
stage('Fetch tags') {
steps {
withCredentials(
[usernameColonPassword(credentialsId: 'conjur-jenkins-api', variable: 'GITCREDS')]
) {
sh '''
git fetch --tags `git remote get-url origin | sed -e "s|https://|https://$GITCREDS@|"`
git tag # just print them out to make sure, can remove when this is robust
'''
}
}
}

stage('Build') {
steps {
sh './build.sh'
archiveArtifacts 'pkg/'
}
}


stage('Tests') {
parallel {
stage('Linting and unit tests') {
stage('Setup & Hold Win2016 Node') {
steps {
script {
// Node used instead of agent to avoid the automatic git checkout that agent provides.
// This is because git checkout is unreliable on windows agents
node('executor-windows-2016-containers'){
// because the repo is not auto checked out, fetch the configure script via http
powershell """
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/cyberark/conjur-puppet/${BRANCH_NAME}/expose-daemon.ps1" -OutFile "expose-daemon.ps1"
"""
powershell '.\\expose-daemon.ps1'
env.WINDOWS_IP = powershell(returnStdout: true, script: '(curl http://169.254.169.254/latest/meta-data/local-ipv4).Content').trim()
env.WINDOWS_DOCKER_CERT_CA = powershell(returnStdout: true, script: 'cat $env:USERPROFILE\\.docker\\ca.pem')
env.WINDOWS_DOCKER_CERT_CERT = powershell(returnStdout: true, script: 'cat $env:USERPROFILE\\.docker\\cert.pem')
env.WINDOWS_DOCKER_CERT_KEY = powershell(returnStdout: true, script: 'cat $env:USERPROFILE\\.docker\\key.pem')
env.WINDOWS_READY = true

// The windows node is terminated when the containing node block ends, so we wait until the tests are finished
// before letting this block complete.
waitUntil {
return (env.MAIN_NODE_DONE == "true");
}
}
}
}
}

stage('Test Win2016') {
stages {
stage("Wait for Windows node") {
steps {
waitUntil {
script {
return (env.WINDOWS_READY == "true");
}
}
script {
env.WINDOWS_DOCKER_CERT_DIR = "${pwd()}/tmp-docker"
}

sh "mkdir ${env.WINDOWS_DOCKER_CERT_DIR}"
writeFile file: "${env.WINDOWS_DOCKER_CERT_DIR}/ca.pem", text: env.WINDOWS_DOCKER_CERT_CA
writeFile file: "${env.WINDOWS_DOCKER_CERT_DIR}/cert.pem", text: env.WINDOWS_DOCKER_CERT_CERT
writeFile file: "${env.WINDOWS_DOCKER_CERT_DIR}/key.pem", text: env.WINDOWS_DOCKER_CERT_KEY
}
}

stage('Puppet 6 & Conjur 5 Integration Tests') {
steps {
dir('examples/puppetmaster') {
sh '''
MAIN_HOST_IP="$(curl http://169.254.169.254/latest/meta-data/local-ipv4)" \
WINDOWS_DOCKER_HOST="tcp://${WINDOWS_IP}:2376" \
WINDOWS_DOCKER_CERT_PATH="${WINDOWS_DOCKER_CERT_DIR}" \
WINDOWS_DOCKER_TLS_VERIFY=1 \
./test.sh
'''
}
}
}
}

post {
always {
script {
env.MAIN_NODE_DONE = true
}
}
}
}

stage('Linting & Unit Tests') {
steps {
sh './test.sh'
}
Expand All @@ -69,14 +126,6 @@ pipeline {
}
}
}

stage('E2E - Puppet 6 - Conjur 5') {
steps {
dir('examples/puppetmaster') {
sh './test.sh'
}
}
}
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,18 @@

node default {
if $facts['os']['family'] == 'Windows' {
$cred_file_prefix = 'c:/tmp'
# There's a double backslash at the end of $cred_file_prefix because:
# When a backslash occurs at the very end of a single-quoted string, a double
# backslash must be used instead of a single backslash. For example:
# path => 'C:\Program Files(x86)\\'
$cred_file_prefix = 'c:\tmp\\'
$win_cmd_exe = 'C:\Windows\System32\cmd.exe'
} else {
$cred_file_prefix = '/tmp'
$cred_file_prefix = '/tmp/'
}

$output_file1 = "${cred_file_prefix}/creds1.txt"
$output_file2 = "${cred_file_prefix}/creds2.txt"
$output_file1 = "${cred_file_prefix}creds1.txt"
$output_file2 = "${cred_file_prefix}creds2.txt"

# If using server-supplied identity for the agent's Conjur / DAP connection,
# you would use the optional parameters to the `conjur::secret` function as
Expand All @@ -24,28 +29,42 @@

notify { "Writing regular secret to ${output_file1}...": }
file { $output_file1:
ensure => file,
ensure => file,
content => Sensitive(Deferred(conjur::secret, ['inventory/db-password'])),
}

notify { "Writing funky secret to ${output_file2}...": }
file { $output_file2:
ensure => file,
ensure => file,
content => Sensitive(Deferred(conjur::secret, [
'inventory/funky/special @#$%^&*(){}[].,+/variable'
])),
}

exec { "cat ${output_file1}":
path => '/usr/bin:/usr/sbin:/bin',
provider => shell,
logoutput => true,
if $facts['os']['family'] == 'Windows' {
exec { "Read secret from ${output_file1}...":
command => "${win_cmd_exe} /c type ${output_file1}",
logoutput => true,
}
} else {
exec { "cat ${output_file1}":
path => '/usr/bin:/usr/sbin:/bin',
provider => shell,
logoutput => true,
}
}

exec { "cat ${output_file2}":
path => '/usr/bin:/usr/sbin:/bin',
provider => shell,
logoutput => true,
if $facts['os']['family'] == 'Windows' {
exec { "Read secret from ${output_file2}...":
command => "${win_cmd_exe} /c type ${output_file2}",
logoutput => true,
}
} else {
exec { "cat ${output_file2}":
path => '/usr/bin:/usr/sbin:/bin',
provider => shell,
logoutput => true,
}
}

notify { 'Done!': }
Expand Down
Loading

0 comments on commit 15278dc

Please sign in to comment.