Is your feature request related to a problem? Please describe.
In the current Conjur Puppet smoketests, the hostname conjur-https
is used as a hostname for accessing Conjur. However, which IP/interface
that conjur-https refers to is inconsistent, leading to a lot of confusion
as to which ports (docker container vs. host ports) are being used in
different test cases:
The Linux agent tests use the conjur-https docker compose service name,
so the associated port would be the conjur-https container port.
The Windows agent tests use the conjur-https hostname, but these tests
require access that is external with respect to the docker compose cluster
that instantiates Conjur. In this case, the required port for Conjur access
is a host port.
Note that both of these cases use the same HTTPS certificates, so they
need to use the same SANS hostname. Currently, the SANS hostname is
conjur-https, but it would be cleaner and clearer to use a name that is
distinct from the docker compose service.
Describe the solution you would like
For the Conjur HTTPS certificates, use an HTTPS SANS hostname
that is unambiguous, e.g. conjur.cyberark.com.
For the Linux agent smoketests, use external access for Conjur
accesses (i.e. a [host name]:[host port]) rather than using
the docker-compose service name conjur-https. This will
require an /etc/hosts entry for the SANS hostname
(conjur.cyberark.com) to point to the docker-compose
gateway IP (which is a host IP).
For Windows agent tests, use the SANS hostname (conjur.cyberark.com)
for Conjur accesses, and use an /etc/hosts entry for that hostname
that points to the well known IP address of 10.0.2.2 for VirtualBox.
Is your feature request related to a problem? Please describe.
In the current Conjur Puppet smoketests, the hostname
conjur-https
is used as a hostname for accessing Conjur. However, which IP/interface thatconjur-https
refers to is inconsistent, leading to a lot of confusion as to which ports (docker container vs. host ports) are being used in different test cases:conjur-https
docker compose service name, so the associated port would be the conjur-https container port.conjur-https
hostname, but these tests require access that is external with respect to the docker compose cluster that instantiates Conjur. In this case, the required port for Conjur access is a host port.Note that both of these cases use the same HTTPS certificates, so they need to use the same SANS hostname. Currently, the SANS hostname is
conjur-https
, but it would be cleaner and clearer to use a name that is distinct from the docker compose service.Describe the solution you would like
For the Conjur HTTPS certificates, use an HTTPS SANS hostname that is unambiguous, e.g.
conjur.cyberark.com
.For the Linux agent smoketests, use external access for Conjur accesses (i.e. a [host name]:[host port]) rather than using the docker-compose service name
conjur-https
. This will require an /etc/hosts entry for the SANS hostname (conjur.cyberark.com
) to point to the docker-compose gateway IP (which is a host IP).For Windows agent tests, use the SANS hostname (
conjur.cyberark.com
) for Conjur accesses, and use an /etc/hosts entry for that hostname that points to the well known IP address of 10.0.2.2 for VirtualBox.Describe alternatives you have considered
Additional context