Merge pull request #505 from cyberark/cli8

Use Conjur CLI v8.0

deploy/3_load_conjur_policies.sh

@@ -33,7 +33,7 @@ if [[ "${DEPLOY_MASTER_CLUSTER}" == "true" ]]; then
   $cli_with_timeout "cp ./policy $conjur_cli_pod:/policy"
 
   $cli_with_timeout "exec $conjur_cli_pod -- \
-    bash -c \"
+    sh -c \"
       CONJUR_ADMIN_PASSWORD=${CONJUR_ADMIN_PASSWORD} \
       APP_NAMESPACE_NAME=${APP_NAMESPACE_NAME} \
       /policy/load_policies.sh

deploy/dev/reload.sh

@@ -32,7 +32,7 @@ main() {
     cert_location="/opt/conjur/etc/ssl/conjur.pem"
     if [ "$CONJUR_DEPLOYMENT" = "oss" ]; then
       selector="app=conjur-cli"
-      cert_location="/root/conjur-${CONJUR_ACCOUNT}.pem"
+      cert_location="/root/conjur-server.pem"
     fi
 
     conjur_pod_name="$(get_pod_name "$CONJUR_NAMESPACE_NAME" "$selector")"

deploy/policy/load_policies.sh

@@ -1,43 +1,41 @@
-#!/bin/bash
+#!/bin/sh
 set -eo pipefail
 
 if [ "$CONJUR_APPLIANCE_URL" != "" ]; then
   echo "Running conjur init with $CONJUR_APPLIANCE_URL"
-  conjur init -u $CONJUR_APPLIANCE_URL -a $CONJUR_ACCOUNT
+  conjur init -u $CONJUR_APPLIANCE_URL -a $CONJUR_ACCOUNT --self-signed --force
 fi
 
 # check for unset vars after checking for appliance url
 set -u
 
 echo "Login to Conjur with the conjur-cli"
-conjur authn login -u admin -p $CONJUR_ADMIN_PASSWORD
+conjur login -i admin -p $CONJUR_ADMIN_PASSWORD
 
 readonly POLICY_DIR="/policy"
 
 # NOTE: generated files are prefixed with the test app namespace to allow for parallel CI
-readonly POLICY_FILES=(
-  "$POLICY_DIR/users.yml"
-  "$POLICY_DIR/generated/$APP_NAMESPACE_NAME.project-authn.yml"
-  "$POLICY_DIR/generated/$APP_NAMESPACE_NAME.cluster-authn-svc.yml"
-  "$POLICY_DIR/generated/$APP_NAMESPACE_NAME.app-identity.yml"
-  "$POLICY_DIR/generated/$APP_NAMESPACE_NAME.conjur-secrets.yml"
+set -- "$POLICY_DIR/users.yml" \
+  "$POLICY_DIR/generated/$APP_NAMESPACE_NAME.project-authn.yml" \
+  "$POLICY_DIR/generated/$APP_NAMESPACE_NAME.cluster-authn-svc.yml" \
+  "$POLICY_DIR/generated/$APP_NAMESPACE_NAME.app-identity.yml" \
+  "$POLICY_DIR/generated/$APP_NAMESPACE_NAME.conjur-secrets.yml" \
   "$POLICY_DIR/generated/$APP_NAMESPACE_NAME.authn-any-policy-branch.yml"
-)
 
-for policy_file in "${POLICY_FILES[@]}"; do
+for policy_file in "$@"; do
   echo "Loading policy $policy_file..."
-  conjur policy load root "$policy_file"
+  conjur policy load -b root -f "$policy_file"
 done
 
 # the values of these secrets aren't important as we populate the secret that we
 # are testing in each test. We need them to have some value as both are required
 # in the pod
-conjur variable values add secrets/test_secret "some-secret"
-conjur variable values add "secrets/var with spaces" "some-secret"
-conjur variable values add "secrets/var+with+pluses" "some-secret"
-conjur variable values add "secrets/umlaut" "some-secret"
-conjur variable values add secrets/url "postgresql://test-app-backend.app-test.svc.cluster.local:5432"
-conjur variable values add secrets/username "some-user"
-conjur variable values add secrets/password "7H1SiSmYp@5Sw0rd"
-
-conjur authn logout
+conjur variable set -i secrets/test_secret -v "some-secret"
+conjur variable set -i "secrets/var with spaces" -v "some-secret"
+conjur variable set -i "secrets/var+with+pluses" -v "some-secret"
+conjur variable set -i "secrets/umlaut" -v "some-secret"
+conjur variable set -i secrets/url -v "postgresql://test-app-backend.app-test.svc.cluster.local:5432"
+conjur variable set -i secrets/username -v "some-user"
+conjur variable set -i secrets/password -v "7H1SiSmYp@5Sw0rd"
+
+conjur logout

deploy/run.sh

@@ -11,7 +11,9 @@ main() {
 
 deployConjur() {
   pushd ..
-    git clone [email protected]:cyberark/kubernetes-conjur-deploy kubernetes-conjur-deploy-$UNIQUE_TEST_ID
+    git clone --single-branch --branch master \
+        [email protected]:cyberark/kubernetes-conjur-deploy \
+        kubernetes-conjur-deploy-$UNIQUE_TEST_ID
 
     cmd="./start"
     if [ $CONJUR_DEPLOYMENT = "oss" ]; then

deploy/run_with_summon.sh

@@ -64,7 +64,7 @@ selector="role=follower"
 cert_location="/opt/conjur/etc/ssl/conjur.pem"
 if [ "$CONJUR_DEPLOYMENT" = "oss" ]; then
     selector="app=conjur-cli"
-    cert_location="/root/conjur-${CONJUR_ACCOUNT}.pem"
+    cert_location="/root/conjur-server.pem"
 fi
 conjur_pod_name="$(get_pod_name "$CONJUR_NAMESPACE_NAME" "$selector")"
 ssl_cert=$($cli_with_timeout "exec ${conjur_pod_name} --namespace $CONJUR_NAMESPACE_NAME -- cat $cert_location")

deploy/teardown_resources.sh

@@ -25,7 +25,7 @@ fi
 
 set_namespace $CONJUR_NAMESPACE_NAME
 
-$cli_with_timeout "exec $(get_conjur_cli_pod_name) -- conjur variable values add secrets/test_secret \"supersecret\""
+$cli_with_timeout "exec $(get_conjur_cli_pod_name) -- conjur variable set -i secrets/test_secret -v \"supersecret\""
 
 set_namespace $APP_NAMESPACE_NAME
 

deploy/test/test_cases/TEST_ID_17_helm_job_deploys_successfully.sh

@@ -8,7 +8,7 @@ pushd ../../
   fill_helm_chart
   helm install -f "../helm/secrets-provider/ci/test-values-$UNIQUE_TEST_ID.yaml" \
     secrets-provider ../helm/secrets-provider \
-    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-$UNIQUE_TEST_ID.pem"
+    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-server.pem"
 popd
 
 # Deploy app to test against

deploy/test/test_cases/TEST_ID_18_helm_multiple_provider_multiple_secrets.sh

@@ -13,7 +13,7 @@ pushd ../../
   fill_helm_chart
   helm install -f "../helm/secrets-provider/ci/test-values-$UNIQUE_TEST_ID.yaml" \
     secrets-provider ../helm/secrets-provider \
-    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-$UNIQUE_TEST_ID.pem"
+    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-server.pem"
 popd
 
 helm_chart_name="secrets-provider"
@@ -33,7 +33,7 @@ pushd ../../
   fill_helm_chart "another-"
   helm install -f "../helm/secrets-provider/ci/another-test-values-$UNIQUE_TEST_ID.yaml" \
     another-secrets-provider ../helm/secrets-provider \
-    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-$UNIQUE_TEST_ID.pem"
+    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-server.pem"
 popd
 
 # Wait for Job completion

deploy/test/test_cases/TEST_ID_19_helm_multiple_provider_same_secret.sh

@@ -8,7 +8,7 @@ pushd ../../
   fill_helm_chart
   helm install -f "../helm/secrets-provider/ci/test-values-$UNIQUE_TEST_ID.yaml" \
     secrets-provider ../helm/secrets-provider \
-    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-$UNIQUE_TEST_ID.pem"
+    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-server.pem"
 popd
 
 # Check for Job completion
@@ -24,7 +24,7 @@ pushd ../../
   fill_helm_chart "another-"
   helm install -f "../helm/secrets-provider/ci/another-test-values-$UNIQUE_TEST_ID.yaml" \
     another-secrets-provider ../helm/secrets-provider \
-    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-$UNIQUE_TEST_ID.pem"
+    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-server.pem"
 popd
 
 helm_chart_name="another-secrets-provider"

deploy/test/test_cases/TEST_ID_20_helm_multiple_provider_same_serviceaccount.sh

@@ -8,7 +8,7 @@ pushd ../../
   fill_helm_chart
   helm install -f "../helm/secrets-provider/ci/test-values-$UNIQUE_TEST_ID.yaml" \
     secrets-provider ../helm/secrets-provider \
-    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-$UNIQUE_TEST_ID.pem"
+    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-server.pem"
 popd
 
 # Check for Job completion
@@ -26,7 +26,7 @@ pushd ../../
   fill_helm_chart "another-"
   helm install -f "../helm/secrets-provider/ci/another-test-values-$UNIQUE_TEST_ID.yaml" \
     another-secrets-provider ../helm/secrets-provider \
-    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-$UNIQUE_TEST_ID.pem"
+    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-server.pem"
 popd
 
 helm_chart_name="another-secrets-provider"

deploy/test/test_cases/TEST_ID_22_helm_rbac_defaults_taken_successfully.sh

@@ -16,7 +16,7 @@ pushd ../../
   fill_helm_chart_no_override_defaults
   helm install -f "../helm/secrets-provider/ci/take-default-test-values-$UNIQUE_TEST_ID.yaml" \
     secrets-provider ../helm/secrets-provider \
-    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-$UNIQUE_TEST_ID.pem"
+    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-server.pem"
 popd
 
 # Validate that known defaults were taken if not supplied

deploy/test/test_cases/TEST_ID_23_helm_service_account_exists.sh

@@ -17,7 +17,7 @@ pushd ../../
   fill_helm_chart
   helm install -f "../helm/secrets-provider/ci/test-values-$UNIQUE_TEST_ID.yaml" \
     secrets-provider ../helm/secrets-provider \
-    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-$UNIQUE_TEST_ID.pem"
+    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-server.pem"
 popd
 
 ## Validate that resources were not created

deploy/test/test_cases/TEST_ID_24_helm_validate_K8S_SECRETS_env_var_incorrect_value.sh

@@ -13,7 +13,7 @@ pushd ../../
   fill_helm_chart
   helm install -f "../helm/secrets-provider/ci/test-values-$UNIQUE_TEST_ID.yaml" \
     secrets-provider ../helm/secrets-provider \
-    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-$UNIQUE_TEST_ID.pem"
+    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-server.pem"
 popd
 
 echo "Expecting Secrets Provider to fail with debug message 'CSPFK004D Failed to retrieve k8s secret. Reason: secrets K8S_SECRET-non-existent-secret not found'"

deploy/test/test_cases/TEST_ID_25_helm_default_retry_successful.sh

@@ -31,7 +31,7 @@ pushd ../../
   helm install -f "../helm/secrets-provider/ci/take-default-test-values-$UNIQUE_TEST_ID.yaml" \
     -f "../helm/secrets-provider/ci/take-image-values-$UNIQUE_TEST_ID.yaml" \
     secrets-provider ../helm/secrets-provider \
-    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-$UNIQUE_TEST_ID.pem"
+    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-server.pem"
 popd
 
 pod_name="$(get_pod_name "$APP_NAMESPACE_NAME" 'app=test-helm')"

deploy/test/test_cases/TEST_ID_26_helm_override_default_retry_successful.sh

@@ -14,7 +14,7 @@ pushd ../../
   fill_helm_chart
   helm install -f "../helm/secrets-provider/ci/test-values-$UNIQUE_TEST_ID.yaml" \
     secrets-provider ../helm/secrets-provider \
-    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-$UNIQUE_TEST_ID.pem"
+    --set-file environment.conjur.sslCertificate.value="test/test_cases/conjur-server.pem"
 popd
 
 pod_name="$(get_pod_name "$APP_NAMESPACE_NAME" 'app=test-helm')"

deploy/test/test_in_docker.sh

@@ -37,7 +37,8 @@ deployConjur() {
   # from inside the container
   docker pull $CONJUR_APPLIANCE_IMAGE
 
-  git clone [email protected]:cyberark/kubernetes-conjur-deploy \
+  git clone --single-branch --branch master \
+      [email protected]:cyberark/kubernetes-conjur-deploy \
       kubernetes-conjur-deploy-$UNIQUE_TEST_ID
 
   cmd="./start"

deploy/utils.sh

@@ -191,9 +191,9 @@ configure_cli_pod() {
 
   conjur_cli_pod=$(get_conjur_cli_pod_name)
 
-  $cli_with_timeout "exec $conjur_cli_pod -- bash -c \"yes yes | conjur init -a $CONJUR_ACCOUNT -u $conjur_url\""
+  $cli_with_timeout "exec $conjur_cli_pod -- sh -c \"echo y | conjur init -a $CONJUR_ACCOUNT -u $conjur_url --self-signed --force\""
 
-  $cli_with_timeout exec $conjur_cli_pod -- conjur authn login -u admin -p $CONJUR_ADMIN_PASSWORD
+  $cli_with_timeout exec $conjur_cli_pod -- conjur login -i admin -p $CONJUR_ADMIN_PASSWORD
 }
 
 configure_conjur_url() {
@@ -216,7 +216,7 @@ fetch_ssl_from_conjur() {
   cert_location="/opt/conjur/etc/ssl/conjur.pem"
   if [ "$CONJUR_DEPLOYMENT" = "oss" ]; then
     selector="app=conjur-cli"
-    export cert_location="/root/conjur-${CONJUR_ACCOUNT}.pem"
+    export cert_location="/root/conjur-server.pem"
   fi
 
   export conjur_pod_name="$(get_pod_name "$CONJUR_NAMESPACE_NAME" "$selector")"
@@ -227,9 +227,9 @@ setup_helm_environment() {
 
   configure_conjur_url
 
-  ssl_location="conjur-$UNIQUE_TEST_ID.pem"
+  ssl_location="conjur-server.pem"
   if [ "${DEV}" = "true" ]; then
-    ssl_location="../conjur-$UNIQUE_TEST_ID.pem"
+    ssl_location="../conjur-server.pem"
   fi
 
   fetch_ssl_from_conjur
@@ -327,7 +327,7 @@ deploy_chart() {
     fill_helm_chart
     helm install -f "helm/secrets-provider/ci/test-values-$UNIQUE_TEST_ID.yaml" \
       secrets-provider ./helm/secrets-provider \
-      --set-file environment.conjur.sslCertificate.value="conjur-$UNIQUE_TEST_ID.pem"
+      --set-file environment.conjur.sslCertificate.value="conjur-server.pem"
   popd
 }
 
@@ -444,7 +444,7 @@ set_conjur_secret() {
   echo "Set secret '$SECRET_NAME' to '$SECRET_VALUE'"
   set_namespace "$CONJUR_NAMESPACE_NAME"
   configure_cli_pod
-  $cli_with_timeout "exec $(get_conjur_cli_pod_name) -- conjur variable values add $SECRET_NAME $SECRET_VALUE"
+  $cli_with_timeout "exec $(get_conjur_cli_pod_name) -- conjur variable set -i $SECRET_NAME -v $SECRET_VALUE"
   set_namespace $APP_NAMESPACE_NAME
 }
 
@@ -471,7 +471,7 @@ load_policy() {
   $cli_with_timeout "cp ../../policy $conjur_cli_pod:/policy"
 
   $cli_with_timeout "exec $(get_conjur_cli_pod_name) -- \
-    conjur policy load --delete root \"/policy/generated/$APP_NAMESPACE_NAME.$filename.yml\""
+    conjur policy update -b root -f \"/policy/generated/$APP_NAMESPACE_NAME.$filename.yml\""
 
   $cli_with_timeout "exec $conjur_cli_pod -- rm -rf ./policy"
 
@@ -504,7 +504,7 @@ test_secret_is_provided() {
 
   set_namespace "$CONJUR_NAMESPACE_NAME"
   conjur_cli_pod=$(get_conjur_cli_pod_name)
-  $cli_with_timeout "exec $conjur_cli_pod -- conjur variable values add \"$variable_name\" $secret_value"
+  $cli_with_timeout "exec $conjur_cli_pod -- conjur variable set -i \"$variable_name\" -v $secret_value"
 
   set_namespace "$APP_NAMESPACE_NAME"
   deploy_init_env