Add integration tests and their associated utils

Add integration tests as per detailed in [solution design](https://github.com/cyberark/secrets-provider-for-k8s/blob/master/design/milestone_1_2_design_doc.md)
Add helper utils for items needed to build the helm charts and get end to end successfully

deploy/2_create_app_namespace.sh

@@ -31,10 +31,7 @@ if [[ "$PLATFORM" = "openshift" ]]; then
     CONFIG_DIR="config/openshift"
 fi
 
-
-if [ "${HELM_TESTS}" = "false" ]; then
-  wait_for_it 600  "./$CONFIG_DIR/app-conjur-authenticator-role-binding.sh.yml | $cli_without_timeout apply -f -"
-fi
+wait_for_it 600  "./$CONFIG_DIR/app-conjur-authenticator-role-binding.sh.yml | $cli_without_timeout apply -f -"
 
 if [[ $PLATFORM == openshift ]]; then
   # add permissions for Conjur admin user

deploy/test/test_cases/TEST_ID_17_helm_job_deploys_successfully.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+set -euxo pipefail
+
+# This test verifies that the Secrets Provider Job deploys successfully and Conjur secret appears in pod
+# TODO verify Job start up and completed logs
+
+set_namespace $CONJUR_NAMESPACE_NAME
+
+# Configure authn and login Conjur urls
+configure_env_url
+
+# Fetch SSL cert from Conjur/DAP
+fetch_ssl
+
+# Save cert for later setting in Helm
+$cli_with_timeout "exec ${conjur_pod_name} --namespace $CONJUR_NAMESPACE_NAME cat $cert_location" > "conjur.pem"
+
+set_namespace $APP_NAMESPACE_NAME
+
+pushd ../../../
+  fill_helm_chart
+  helm install -f "cyberark-secrets-provider-for-kubernetes/ci/test-values.yaml" cyberark-secrets-provider-for-kubernetes ./cyberark-secrets-provider-for-kubernetes --set-file environment.conjur.sslCertificate.value="deploy/test/test_cases/conjur.pem"
+popd
+
+# Check for Job completion
+helm_chart_name="cyberark-secrets-provider-for-kubernetes"
+$cli_with_timeout wait --for=condition=complete job/$helm_chart_name
+
+# Deploy app to test against
+deploy_helm_app
+pod_name=$($cli_with_timeout get pods --namespace=$APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}' )
+verify_secret_value_in_pod $pod_name "TEST_SECRET" "supersecret"
+

deploy/test/test_cases/TEST_ID_18_helm_multiple_provider_multiple_secrets.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+set -euxo pipefail
+
+# This test verifies that two Secrets Provider Jobs deploy successfully in the same namespace
+# TODO verify Job start up and completed logs
+
+set_namespace $CONJUR_NAMESPACE_NAME
+
+# Configure authn and login Conjur urls
+configure_env_url
+
+# Fetch SSL cert from Conjur/DAP
+fetch_ssl
+
+# Save cert for later setting in Helm
+$cli_with_timeout "exec ${conjur_pod_name} --namespace $CONJUR_NAMESPACE_NAME cat $cert_location" > "conjur.pem"
+
+set_namespace $APP_NAMESPACE_NAME
+
+# Create second secret
+echo "Create second secret"
+$cli_with_timeout create -f ../helm-props/k8s_secrets_two.yml
+set_secret secrets/test_secret_two some-secret-2
+
+pushd ../../../
+  fill_helm_chart
+  helm install -f "cyberark-secrets-provider-for-kubernetes/ci/test-values.yaml" cyberark-secrets-provider-for-kubernetes ./cyberark-secrets-provider-for-kubernetes --set-file environment.conjur.sslCertificate.value="deploy/test/test_cases/conjur.pem"
+
+  export SECRETS_PROVIDER_ROLE=secrets-provider-role-two
+  export SECRETS_PROVIDER_ROLE_BINDING=secrets-provider-role-binding-two
+  export SERVICE_ACCOUNT=secrets-provider-service-account-two
+  export K8S_SECRETS=test-k8s-secret-two
+  export SECRETS_PROVIDER_SSL_CONFIG_MAP=secrets-provider-ssl-config-map-two
+  fill_helm_chart "-two"
+  helm install -f "cyberark-secrets-provider-for-kubernetes/ci/test-values-two.yaml" cyberark-secrets-provider-for-kubernetes-two ./cyberark-secrets-provider-for-kubernetes --set-file environment.conjur.sslCertificate.value="deploy/test/test_cases/conjur.pem"
+popd
+
+# Check for Job completion
+helm_chart_name="cyberark-secrets-provider-for-kubernetes"
+$cli_with_timeout wait --for=condition=complete job/$helm_chart_name
+
+helm_chart_name="cyberark-secrets-provider-for-kubernetes-two"
+$cli_with_timeout wait --for=condition=complete job/$helm_chart_name
+
+# Deploy app to test against
+deploy_helm_app
+pod_name=$($cli_with_timeout get pods --namespace=$APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}' | head -1)
+verify_secret_value_in_pod $pod_name "TEST_SECRET" "supersecret"
+
+deploy_helm_app "-two"
+pod_name=$($cli_with_timeout get pods --namespace=$APP_NAMESPACE_NAME --selector app=test-env-two --no-headers | awk '{print $1}' | head -1)
+verify_secret_value_in_pod $pod_name "TEST_SECRET-two" "some-secret-2"

deploy/test/test_cases/TEST_ID_19_helm_multiple_provider_same_secret.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+set -euxo pipefail
+
+# This test verifies that two Secrets Provider Jobs deploy successfully in the same namespace and access the same Conjur secret and update the same K8s Secret
+# TODO verify Job start up and completed logs
+
+set_namespace $CONJUR_NAMESPACE_NAME
+
+# Configure authn and login Conjur urls
+configure_env_url
+
+# Fetch SSL cert from Conjur/DAP
+fetch_ssl
+
+# Save cert for later setting in Helm
+$cli_with_timeout "exec ${conjur_pod_name} --namespace $CONJUR_NAMESPACE_NAME cat $cert_location" > "conjur.pem"
+
+set_namespace $APP_NAMESPACE_NAME
+
+pushd ../../../
+  fill_helm_chart
+  helm install -f "cyberark-secrets-provider-for-kubernetes/ci/test-values.yaml" cyberark-secrets-provider-for-kubernetes ./cyberark-secrets-provider-for-kubernetes --set-file environment.conjur.sslCertificate.value="deploy/test/test_cases/conjur.pem"
+
+  export SECRETS_PROVIDER_ROLE=secrets-provider-role-two
+  export SECRETS_PROVIDER_ROLE_BINDING=secrets-provider-role-binding-two
+  export SERVICE_ACCOUNT=secrets-provider-service-account-two
+  export SECRETS_PROVIDER_SSL_CONFIG_MAP=secrets-provider-ssl-config-map-two
+  fill_helm_chart "-two"
+  helm install -f "cyberark-secrets-provider-for-kubernetes/ci/test-values-two.yaml" cyberark-secrets-provider-for-kubernetes-two ./cyberark-secrets-provider-for-kubernetes --set-file environment.conjur.sslCertificate.value="deploy/test/test_cases/conjur.pem"
+popd
+
+# Check for Job completion
+helm_chart_name="cyberark-secrets-provider-for-kubernetes"
+$cli_with_timeout wait --for=condition=complete job/$helm_chart_name
+
+helm_chart_name="cyberark-secrets-provider-for-kubernetes-two"
+$cli_with_timeout wait --for=condition=complete job/$helm_chart_name
+
+# Deploy app to test against
+deploy_helm_app
+pod_name=$($cli_with_timeout get pods --namespace=$APP_NAMESPACE_NAME --selector app=test-env --no-headers | awk '{print $1}' | head -1)
+verify_secret_value_in_pod $pod_name "TEST_SECRET" "supersecret"

deploy/test/test_cases/TEST_ID_20_helm_service_account_does_not_exist.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+set -euxo pipefail
+
+# This test verifies that when the user declares that they will provide their own Service Account but that Service Account does not exist in their environment that the Job will fail
+# TODO verify Job start up and completed logs
+
+set_namespace $CONJUR_NAMESPACE_NAME
+
+# Configure authn and login Conjur urls
+configure_env_url
+
+# Fetch SSL cert from Conjur/DAP
+fetch_ssl
+
+# Save cert for later setting in Helm
+$cli_with_timeout "exec ${conjur_pod_name} --namespace $CONJUR_NAMESPACE_NAME cat $cert_location" > "conjur.pem"
+
+set_namespace $APP_NAMESPACE_NAME
+
+pushd ../../../
+  export CREATE_SERVICE_ACCOUNT="false"
+
+  fill_helm_chart
+  helm install -f "cyberark-secrets-provider-for-kubernetes/ci/test-values.yaml" cyberark-secrets-provider-for-kubernetes ./cyberark-secrets-provider-for-kubernetes --set-file environment.conjur.sslCertificate.value="deploy/test/test_cases/conjur.pem"
+popd
+
+helm_chart_name="cyberark-secrets-provider-for-kubernetes"
+$cli_with_timeout "describe job $helm_chart_name | grep 'error looking up service account'"

deploy/utils.sh

@@ -1,6 +1,3 @@
-#!/bin/bash
-set -xeuo pipefail
-
 export KEY_VALUE_NOT_EXIST=" "
 
 wait_for_it() {
@@ -144,7 +141,7 @@ configure_cli_pod() {
   $cli_with_timeout exec $conjur_cli_pod -- conjur authn login -u admin -p $CONJUR_ADMIN_PASSWORD
 }
 
-function deploy_env {
+function configure_env_url {
   conjur_node_name="conjur-cluster"
   if [ "$CONJUR_DEPLOYMENT" = "dap" ]; then
       conjur_node_name="conjur-follower"
@@ -157,6 +154,47 @@ function deploy_env {
 
   export CONJUR_APPLIANCE_URL=$conjur_appliance_url
   export CONJUR_AUTHN_URL=$conjur_authenticator_url
+}
+
+function fetch_ssl {
+  selector="role=follower"
+  cert_location="/opt/conjur/etc/ssl/conjur.pem"
+  if [ "$CONJUR_DEPLOYMENT" = "oss" ]; then
+    selector="app=conjur-cli"
+    export cert_location="/root/conjur-${CONJUR_ACCOUNT}.pem"
+  fi
+
+  export conjur_pod_name=$($cli_with_timeout get pods --selector=$selector --namespace $CONJUR_NAMESPACE_NAME --no-headers | awk '{ print $1 }' | head -1)
+}
+
+function fill_helm_chart () {
+  id=${1:-""}
+  sed -e "s#{{ SECRETS_PROVIDER_ROLE }}#${SECRETS_PROVIDER_ROLE:-"secrets-provider-role"}#g" \
+    -e "s#{{ SECRETS_PROVIDER_ROLE_BINDING }}#${SECRETS_PROVIDER_ROLE_BINDING:-"secrets-provider-role-binding"}#g" \
+    -e "s#{{ CREATE_SERVICE_ACCOUNT }}#${CREATE_SERVICE_ACCOUNT:-"true"}#g" \
+    -e "s#{{ SERVICE_ACCOUNT }}#${SERVICE_ACCOUNT:-"secrets-provider-service-account"}#g" \
+    -e "s#{{ K8S_SECRETS }}#${K8S_SECRETS:-"test-k8s-secret"}#g" \
+    -e "s#{{ CONJUR_ACCOUNT }}#${CONJUR_ACCOUNT:-"cucumber"}#g" \
+    -e "s#{{ CONJUR_APPLIANCE_URL }}#${CONJUR_APPLIANCE_URL:-"https://conjur-follower.${CONJUR_NAMESPACE_NAME}.svc.cluster.local/api"}#g" \
+    -e "s#{{ CONJUR_AUTHN_URL }}#${CONJUR_AUTHN_URL:-"https://conjur-follower.${CONJUR_NAMESPACE_NAME}.svc.cluster.local/api/authn-k8s/${AUTHENTICATOR_ID}"}#g" \
+    -e "s#{{ CONJUR_AUTHN_LOGIN }}# ${CONJUR_AUTHN_LOGIN:-"host/conjur/authn-k8s/${AUTHENTICATOR_ID}/apps/${APP_NAMESPACE_NAME}/*/*"}#g"  \
+    -e "s#{{ SECRETS_PROVIDER_SSL_CONFIG_MAP }}# ${SECRETS_PROVIDER_SSL_CONFIG_MAP:-"secrets-provider-ssl-config-map"}#g" \
+    "cyberark-secrets-provider-for-kubernetes/ci/test-values-template.yaml" > "cyberark-secrets-provider-for-kubernetes/ci/test-values${id}.yaml"
+}
+
+function deploy_helm_app() {
+  unset K8S_SECRETS
+  unset SERVICE_ACCOUNT
+
+  id=${1:-""}
+  sed -e "s#{{ SERVICE_ACCOUNT }}#${SERVICE_ACCOUNT:-"secrets-provider-service-account$id"}#g" "../helm-props/k8s/helm-app.yaml" |
+  sed -e "s#{{ K8S_SECRETS }}#${K8S_SECRETS:-"test-k8s-secret$id"}#g" |
+  sed -e "s#{{ ID }}#${id}#g" |
+  $cli_with_timeout create -f -
+}
+
+function deploy_env {
+  configure_env_url
 
   echo "Running Deployment Manifest"