-
Notifications
You must be signed in to change notification settings - Fork 37
/
Copy pathtest_workflow.sh
executable file
·122 lines (95 loc) · 3.33 KB
/
test_workflow.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#!/bin/bash
set -euo pipefail
function announce() {
echo "++++++++++++++++++++++++++++++++++++++"
echo ""
echo "$@"
echo ""
echo "++++++++++++++++++++++++++++++++++++++"
}
function cleanup() {
exit_status=$?
exit_command=$BASH_COMMAND
# exit on error should collapse the docker compose system
# otherwise, leaving the system running
if [[ exit_status -ne 0 ]]; then
echo
echo "WORKFLOW FAILED."
echo
echo "Cleanup"
rm -f data_key admin_data my_app_data my_api_keys
echo "Stopping and Removing Container System"
docker compose down
fi
exit $exit_status
}
trap cleanup EXIT ABRT QUIT
if [[ -n "$(docker compose ps -q)" ]]; then
echo "Conjur Quickstart OSS already built!"
echo "Testing Quickstart workflow requires a fresh build."
echo "Use 'docker compose down' to remove current Quickstart build."
exit 0
fi
announce "UNIT 1. Set Up a Conjur OSS Environment"
echo "Step 1: Pull the Docker image"
docker compose pull
echo
echo "Step 2: Generate the data key"
docker compose run --no-deps --rm conjur data-key generate > data_key
echo
echo "Step 3: Load data key as environment variable"
export CONJUR_DATA_KEY="$(< data_key)"
echo
echo "Step 4: Start the Conjur OSS environment"
docker compose up -d
echo
docker compose exec -T conjur conjurctl wait -r 30 -p 80
echo
echo "Step 5: Create admin account"
docker compose exec -T conjur conjurctl account create myConjurAccount > admin_data
echo
echo "Step 6: Connect the Conjur client to the Conjur server"
# `echo "Y"` is used to accept the self-signed certificate
echo "Y" | docker container exec -i conjur_client conjur init -u https://proxy -a myConjurAccount --self-signed
echo
announce "UNIT 2. Define Policy"
echo "Step 1: Log in to Conjur as admin"
admin_api_key="$(cat admin_data | awk '/API key for admin/{print $NF}' | tr -d '\r')"
docker compose exec -T client conjur login -i admin -p ${admin_api_key}
echo
echo "Step 2: Load the Sample Policy"
docker compose exec -T client conjur policy load -b root -f policy/BotApp.yml > my_app_data
echo
echo "Step 3: Log out of Conjur as admin"
docker compose exec -T client conjur logout
echo
announce "UNIT 3. Store a Secret in Conjur"
echo "Step 1: Log in as Dave"
cat my_app_data | awk '/"api_key":/{print $NF}' | tr -d '"' > my_api_keys
dave_api_key="$(cat my_api_keys | awk 'NR==2')"
docker compose exec -T client conjur login -i Dave@BotApp -p ${dave_api_key}
echo
echo "Step 2: Generate Secret"
secretVal=$(openssl rand -hex 12 | tr -d '\r\n')
echo
echo "Step 3: Store Secret"
docker compose exec -T client conjur variable set -i BotApp/secretVar -v ${secretVal}
echo
announce "UNIT 4. Run the Demo App"
echo "Step 2: Generate Conjur Token in Bot App"
bot_api_key="$(cat my_api_keys | awk 'NR==1' | tr -d '\r')"
docker compose exec -T bot_app bash -c "curl -d "${bot_api_key}" -k https://proxy/authn/myConjurAccount/host%2FBotApp%2FmyDemoApp/authenticate > /tmp/conjur_token"
echo
echo "Step 3: Fetch Secret"
fetched=$(docker compose exec -T bot_app bash -c "/tmp/program.sh")
echo
echo "Step 4: Compare Generated and Fetched Secrets"
printf "Generated:\t${secretVal}\n"
printf "Fetched:\t${fetched##*: }\n"
if [[ $fetched =~ ${secretVal} ]]; then
echo "Generated secret matches secret fetched by Bot App"
echo "WORKFLOW PASSED."
else
echo "Generated secret does not match the secret fetched by Bot App"
exit 1
fi