Open h-artzi opened 4 years ago
do we already have integration tests like this in this project? I would not have known to look here when trying to understand integration test coverage, and I'm not sure @andytinkham would either.
is there a better place for these kinds of e2e tests to live? we're running into similar questions for k8s e2e tests too - in that case, we've decided a demo repo is definitely not the place for these tests, but we haven't decided on next steps yet.
We currently do not have integration tests like this in dap-intro. When I talked to Jason we decided it would be best to assign these tickets to dap-intro (in the meantime). However, we did not discuss where the tests would end up.
It's worth noting also that the Jenkins plugin is in the process of migrating to be an official Jenkins plugin here: https://github.com/jenkinsci/conjur-credentials-plugin
In addition:
Is your feature request related to a problem? Please describe.
I would like to see automated tests for the Jenkins conjur plugin because it will ensure that as the appliance is upgraded, the plugin continues to work.
Describe the solution you would like
Describe alternatives you have considered
N/A
Steps taken to test manually
1. Reference jenkins_plugin branch
./start
in jenkins_plugin_testdocker-compose up Jenkins
Note: I recommend having the UI open in a browser. DAP: https://localhost, username: admin, password: MySecretP@ss1 Jenkins: http://localhost:8080, admin_password will be found in the logsFollow the prompts in the UI to create a new user or continue as admin.
2. Upload policies to DAP
Save the api_key from
Setting a Variable
3. Download the plugin from jenkin-conjur-plugin
OR
This must be uploaded into the Jenkins container:
Option 1:
Option 2:
docker cp ./conjur-credentials.hpi jenkins_plugin_test_conjur_1:/var/jenkins_home/plugins
(not tested)Restart Jenkins by going to
http://localhost:8080/restart
and press yes4. Enter the Jenkins container and download the SSL certificates from DAP
Note: The next steps must be executed by root in the Jenkins container. One way to log in to the Jenkins container as root is by executing
docker exec --user 0 -it <docker_id> /bin/bash
from your hostopenssl s_client -showcerts -connect jenkins_plugin_test_conjur_1:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > conjur.pem
cat conjur.pem
to ensure certificate was retrievedkeytool -import -alias conjur -keystore /usr/local/openjdk-8/jre/lib/security/cacerts -file ./conjur.pem
. There will be a prompt:do you trust this certificate?
entery
and then it will prompt for a password. The password for the keystore ischangeit
5. Setup Jenkins
Set Conjur Appliance Go to
http://localhost:8080/configure
and then scroll down till you reach the section titledConjur Appliance
Set Conjur Secret by adding credential (Credential Kind: "Conjur Secret Credential")
6. Create a Freestyle job
http://localhost:8080/view/all/newJob
Choose your Conjur Authn Credential Check theUse secret text(s) or file(s)
box in Build Environment and add aConjur Secret Credential
Binding Add build step (shell) Then Save the job7. Run the job and go to Console Output