summaryrefslogtreecommitdiffstats
path: root/ansible_collections/cyberark/conjur/dev/start.sh
diff options
context:
space:
mode:
Diffstat (limited to 'ansible_collections/cyberark/conjur/dev/start.sh')
-rwxr-xr-xansible_collections/cyberark/conjur/dev/start.sh113
1 files changed, 113 insertions, 0 deletions
diff --git a/ansible_collections/cyberark/conjur/dev/start.sh b/ansible_collections/cyberark/conjur/dev/start.sh
new file mode 100755
index 00000000..f9ba8b52
--- /dev/null
+++ b/ansible_collections/cyberark/conjur/dev/start.sh
@@ -0,0 +1,113 @@
+#!/bin/bash
+set -ex
+
+
+declare -x ANSIBLE_CONJUR_AUTHN_API_KEY=''
+declare -x CLI_CONJUR_AUTHN_API_KEY=''
+declare cli_cid=''
+declare conjur_cid=''
+declare ansible_cid=''
+# normalises project name by filtering non alphanumeric characters and transforming to lowercase
+declare -x COMPOSE_PROJECT_NAME
+
+COMPOSE_PROJECT_NAME=$(echo "${BUILD_TAG:-ansible-pluging-testing}-conjur-host-identity" | sed -e 's/[^[:alnum:]]//g' | tr '[:upper:]' '[:lower:]')
+export COMPOSE_PROJECT_NAME
+
+# get conjur client auth api key
+function api_key_for {
+ local role_id=$1
+ if [ -n "$role_id" ]
+ then
+ docker exec "${conjur_cid}" rails r "print Credentials['${role_id}'].api_key"
+ else
+ echo ERROR: api_key_for called with no argument 1>&2
+ exit 1
+ fi
+}
+
+function hf_token {
+ docker exec "${cli_cid}" bash -c 'conjur hostfactory tokens create --duration-days=5 ansible/ansible-factory | jq -r ".[0].token"'
+}
+
+function setup_conjur {
+ echo "---- setting up conjur ----"
+ # run policy
+ docker exec "${cli_cid}" conjur policy load root /policy/root.yml
+ # set secret values
+ docker exec "${cli_cid}" bash -ec 'conjur variable values add ansible/target-password target_secret_password'
+}
+
+function setup_conjur_identities {
+ echo "---scale up inventory nodes and setup the conjur identity there---"
+ teardown_and_setup
+ docker exec "${ansible_cid}" env HFTOKEN="$(hf_token)" bash -ec "
+ cd dev
+ ansible-playbook playbooks/conjur-identity-setup/conjur_role_playbook.yml"
+}
+
+ # Scale up inventory nodes
+function teardown_and_setup {
+ docker-compose up -d --force-recreate --scale test_app_ubuntu=2 test_app_ubuntu
+ docker-compose up -d --force-recreate --scale test_app_centos=2 test_app_centos
+}
+
+function wait_for_server {
+ # shellcheck disable=SC2016
+ docker exec "${cli_cid}" bash -ec '
+ for i in $( seq 20 ); do
+ curl -o /dev/null -fs -X OPTIONS ${CONJUR_APPLIANCE_URL} > /dev/null && echo "server is up" && break
+ echo "."
+ sleep 2
+ done
+ '
+}
+
+function fetch_ssl_cert {
+ (docker-compose exec -T conjur-proxy-nginx cat cert.crt) > conjur.pem
+}
+
+function generate_inventory {
+ # Use a different inventory file for docker-compose v1 and v2 or later
+ playbook_file="inventory-playbook-v2.yml"
+ compose_ver=$(docker-compose version --short)
+ if [[ $compose_ver == "1"* ]]; then
+ playbook_file="inventory-playbook.yml"
+ fi
+
+ # uses .j2 template to generate inventory prepended with COMPOSE_PROJECT_NAME
+ docker-compose exec -T ansible bash -ec "
+ cd dev
+ ansible-playbook playbooks/inventory-setup/$playbook_file
+ "
+}
+
+function clean {
+ echo 'Removing dev environment'
+ echo '---'
+ docker-compose down -v
+ rm -rf inventory.tmp
+}
+
+function main() {
+ clean
+ docker-compose up -d --build
+ generate_inventory
+
+ conjur_cid=$(docker-compose ps -q conjur)
+ cli_cid=$(docker-compose ps -q conjur_cli)
+ fetch_ssl_cert
+ wait_for_server
+
+ CLI_CONJUR_AUTHN_API_KEY=$(api_key_for 'cucumber:user:admin')
+ docker-compose up -d conjur_cli
+
+ cli_cid=$(docker-compose ps -q conjur_cli)
+ setup_conjur
+
+ ANSIBLE_CONJUR_AUTHN_API_KEY=$(api_key_for 'cucumber:host:ansible/ansible-master')
+ docker-compose up -d ansible
+
+ ansible_cid=$(docker-compose ps -q ansible)
+ setup_conjur_identities
+}
+ main \ No newline at end of file