From e31d67ec2d48082796b9d82c0e59e1045bb9d7b6 Mon Sep 17 00:00:00 2001 From: Nico Weisenauer <137267159+nweisenauer-sap@users.noreply.github.com> Date: Wed, 30 Oct 2024 16:19:53 +0100 Subject: [PATCH 1/2] call tool binaries from prepared path 00-setup-kind downloads kubectl, helm and kind to ./bin folder upstream-authority-ejbca test now calls the binaries from this prepared bin folder Signed-off-by: Nico Weisenauer <137267159+nweisenauer-sap@users.noreply.github.com> --- Dockerfile | 1 - .../upstream-authority-ejbca/02-deploy-spire | 4 +- .../upstream-authority-ejbca/03-verify-ca | 2 +- .../upstream-authority-ejbca/conf/deploy.sh | 56 +++++++++---------- 4 files changed, 31 insertions(+), 32 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0b40d0bb20..eac8fc4f61 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,6 @@ # Build stage ARG goversion -# Use alpine3.18 until go-sqlite works in 3.19 FROM --platform=${BUILDPLATFORM} golang:${goversion}-alpine3.20 as base WORKDIR /spire RUN apk --no-cache --update add file bash clang lld pkgconfig git make diff --git a/test/integration/suites/upstream-authority-ejbca/02-deploy-spire b/test/integration/suites/upstream-authority-ejbca/02-deploy-spire index 8bb4fc3e8c..5766471fd6 100755 --- a/test/integration/suites/upstream-authority-ejbca/02-deploy-spire +++ b/test/integration/suites/upstream-authority-ejbca/02-deploy-spire @@ -17,8 +17,8 @@ secrets=( for secret in "${secrets[@]}"; do ./bin/kubectl --namespace "$EJBCA_NAMESPACE" get secret "$secret" -o yaml \ | sed 's/namespace: .*/namespace: spire/' \ - | kubectl apply -f - + | ./bin/kubectl apply -f - done -kubectl -n spire apply -k conf/server +./bin/kubectl -n spire apply -k conf/server ./bin/kubectl wait pods -n spire -l app=spire-server --for condition=Ready --timeout=60s diff --git a/test/integration/suites/upstream-authority-ejbca/03-verify-ca b/test/integration/suites/upstream-authority-ejbca/03-verify-ca index 1487fbabd4..535b3b2d11 100755 --- a/test/integration/suites/upstream-authority-ejbca/03-verify-ca +++ b/test/integration/suites/upstream-authority-ejbca/03-verify-ca @@ -27,7 +27,7 @@ while read -r line; do elif [[ $in_cert -eq 1 ]]; then cert+="$line"$'\n' fi -done < <(kubectl --namespace "$EJBCA_NAMESPACE" get secret "$EJBCA_SUBCA_SECRET_NAME" -o jsonpath='{.data.ca\.crt}' | base64 -d) +done < <(./bin/kubectl --namespace "$EJBCA_NAMESPACE" get secret "$EJBCA_SUBCA_SECRET_NAME" -o jsonpath='{.data.ca\.crt}' | base64 -d) log-debug "the issuing ca in EJBCA has a chain length of ${#chain[@]} certificates (including the root)" diff --git a/test/integration/suites/upstream-authority-ejbca/conf/deploy.sh b/test/integration/suites/upstream-authority-ejbca/conf/deploy.sh index 113f21eb26..0c6c5397b6 100755 --- a/test/integration/suites/upstream-authority-ejbca/conf/deploy.sh +++ b/test/integration/suites/upstream-authority-ejbca/conf/deploy.sh @@ -15,8 +15,8 @@ EJBCA_SUB_CA_NAME="Sub-CA" # Verify that required tools are installed verifySupported() { - HAS_HELM="$(type "helm" &>/dev/null && echo true || echo false)" - HAS_KUBECTL="$(type "kubectl" &>/dev/null && echo true || echo false)" + HAS_HELM="$(type "./bin/helm" &>/dev/null && echo true || echo false)" + HAS_KUBECTL="$(type "./bin/kubectl" &>/dev/null && echo true || echo false)" HAS_JQ="$(type "jq" &>/dev/null && echo true || echo false)" HAS_CURL="$(type "curl" &>/dev/null && echo true || echo false)" HAS_OPENSSL="$(type "openssl" &>/dev/null && echo true || echo false)" @@ -56,9 +56,9 @@ createConfigmapFromFile() { local configmap_name=$2 local filepath=$3 - if [ $(kubectl get configmap -n "$cluster_namespace" -o json | jq -c ".items | any(.[] | .metadata; .name == \"$configmap_name\")") == "false" ]; then + if [ $(./bin/kubectl get configmap -n "$cluster_namespace" -o json | jq -c ".items | any(.[] | .metadata; .name == \"$configmap_name\")") == "false" ]; then echo "Creating "$configmap_name" configmap" - kubectl create configmap -n "$cluster_namespace" "$configmap_name" --from-file="$filepath" + ./bin/kubectl create configmap -n "$cluster_namespace" "$configmap_name" --from-file="$filepath" else echo "$configmap_name exists" fi @@ -67,22 +67,22 @@ createConfigmapFromFile() { # Figure out if the cluster is already initialized for EJBCA isEjbcaAlreadyDeployed() { deployed=false - if [ ! "$(kubectl --namespace "$EJBCA_NAMESPACE" get pods -l app.kubernetes.io/name=ejbca -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name" == "ejbca") | .metadata.name' | tr -d '"')" != "" ]; then + if [ ! "$(./bin/kubectl --namespace "$EJBCA_NAMESPACE" get pods -l app.kubernetes.io/name=ejbca -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name" == "ejbca") | .metadata.name' | tr -d '"')" != "" ]; then echo "EJBCA is not deployed - EJBCA pod is not present" return 1 fi - if [[ ! $(kubectl get secret --namespace "$EJBCA_NAMESPACE" -o json | jq --arg "name" "$EJBCA_SUPERADMIN_SECRET_NAME" -e '.items[] | select(.metadata.name == $name)') ]]; then + if [[ ! $(./bin/kubectl get secret --namespace "$EJBCA_NAMESPACE" -o json | jq --arg "name" "$EJBCA_SUPERADMIN_SECRET_NAME" -e '.items[] | select(.metadata.name == $name)') ]]; then echo "EJBCA is not deployed - SuperAdmin secret is not present" return 1 fi - if [[ ! $(kubectl get secret --namespace "$EJBCA_NAMESPACE" -o json | jq --arg "name" "$EJBCA_SUPERADMIN_SECRET_NAME" -e '.items[] | select(.metadata.name == $name)') ]]; then + if [[ ! $(./bin/kubectl get secret --namespace "$EJBCA_NAMESPACE" -o json | jq --arg "name" "$EJBCA_SUPERADMIN_SECRET_NAME" -e '.items[] | select(.metadata.name == $name)') ]]; then echo "EJBCA is not deployed - ManagementCA secret is not present" return 1 fi - if [[ ! $(kubectl get secret --namespace "$EJBCA_NAMESPACE" -o json | jq --arg "name" "$EJBCA_SUPERADMIN_SECRET_NAME" -e '.items[] | select(.metadata.name == $name)') ]]; then + if [[ ! $(./bin/kubectl get secret --namespace "$EJBCA_NAMESPACE" -o json | jq --arg "name" "$EJBCA_SUPERADMIN_SECRET_NAME" -e '.items[] | select(.metadata.name == $name)') ]]; then echo "EJBCA is not deployed - SubCA secret is not present" return 1 fi @@ -91,7 +91,7 @@ isEjbcaAlreadyDeployed() { } certificate_exists() { - if [[ $(kubectl get certificate -o json | jq -r '.items.[] | select(.metadata.name == "ejbca-certificate")') == "" ]]; then + if [[ $(./bin/kubectl get certificate -o json | jq -r '.items.[] | select(.metadata.name == "ejbca-certificate")') == "" ]]; then return 1 else return 0 @@ -106,7 +106,7 @@ waitForEJBCANode() { local ejbca_pod_name=$2 echo "Waiting for EJBCA node to be ready" - until ! kubectl -n "$cluster_namespace" exec "$ejbca_pod_name" -- /opt/keyfactor/bin/ejbca.sh 2>&1 | grep -q "could not contact EJBCA"; do + until ! ./bin/kubectl -n "$cluster_namespace" exec "$ejbca_pod_name" -- /opt/keyfactor/bin/ejbca.sh 2>&1 | grep -q "could not contact EJBCA"; do echo "EJBCA node not ready yet, retrying in 5 seconds..." sleep 5 done @@ -121,8 +121,8 @@ configmapNameFromFilename() { # Initialize the cluster for EJBCA initClusterForEJBCA() { # Create the EJBCA namespace if it doesn't already exist - if [ "$(kubectl get namespace -o json | jq -e '.items[] | select(.metadata.name == "'"$EJBCA_NAMESPACE"'") | .metadata.name')" == "" ]; then - kubectl create namespace "$EJBCA_NAMESPACE" + if [ "$(./bin/kubectl get namespace -o json | jq -e '.items[] | select(.metadata.name == "'"$EJBCA_NAMESPACE"'") | .metadata.name')" == "" ]; then + ./bin/kubectl create namespace "$EJBCA_NAMESPACE" fi # Mount the staged EEPs & CPs to Kubernetes with ConfigMaps @@ -139,7 +139,7 @@ initClusterForEJBCA() { cleanupEJBCAConfigMaps() { for file in $(find ./ejbca/staging -maxdepth 1 -mindepth 1); do configMapName="$(configmapNameFromFilename "$file")" - kubectl delete configmap --namespace "$EJBCA_NAMESPACE" "$configMapName" + ./bin/kubectl delete configmap --namespace "$EJBCA_NAMESPACE" "$configMapName" done } @@ -202,24 +202,24 @@ initEJBCADatabase() { helm_install_args+=("--set" "ejbca.image.pullSecrets[0].name=$IMAGE_PULL_SECRET_NAME") fi - if ! helm "${helm_install_args[@]}" ; then + if ! ./bin/helm "${helm_install_args[@]}" ; then echo "Failed to install EJBCA" - kubectl delete namespace "$EJBCA_NAMESPACE" + ./bin/kubectl delete namespace "$EJBCA_NAMESPACE" exit 1 fi # Wait for the EJBCA Pod to be ready echo "Waiting for EJBCA Pod to be ready" - kubectl --namespace "$EJBCA_NAMESPACE" wait --for=condition=Available deployment -l app.kubernetes.io/name=ejbca --timeout=300s - kubectl --namespace "$EJBCA_NAMESPACE" wait --for=condition=Ready pod -l app.kubernetes.io/name=ejbca --timeout=300s + ./bin/kubectl --namespace "$EJBCA_NAMESPACE" wait --for=condition=Available deployment -l app.kubernetes.io/name=ejbca --timeout=300s + ./bin/kubectl --namespace "$EJBCA_NAMESPACE" wait --for=condition=Ready pod -l app.kubernetes.io/name=ejbca --timeout=300s # Get the name of the EJBCA Pod local ejbca_pod_name - ejbca_pod_name=$(kubectl --namespace "$EJBCA_NAMESPACE" get pods -l app.kubernetes.io/name=ejbca -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name" == "ejbca") | .metadata.name' | tr -d '"') + ejbca_pod_name=$(./bin/kubectl --namespace "$EJBCA_NAMESPACE" get pods -l app.kubernetes.io/name=ejbca -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name" == "ejbca") | .metadata.name' | tr -d '"') if [ "$ejbca_pod_name" == "" ]; then echo "Failed to get the name of the EJBCA Pod" - kubectl delete ns "$EJBCA_NAMESPACE" + ./bin/kubectl delete ns "$EJBCA_NAMESPACE" exit 1 fi @@ -231,14 +231,14 @@ initEJBCADatabase() { --namespace "$EJBCA_NAMESPACE" exec "$ejbca_pod_name" -- bash -c 'cp /tmp/ejbca-init.sh /opt/keyfactor/bin/ejbca-init.sh && chmod +x /opt/keyfactor/bin/ejbca-init.sh && /opt/keyfactor/bin/ejbca-init.sh' ) - if ! kubectl "${args[@]}" ; then + if ! ./bin/kubectl "${args[@]}" ; then echo "Failed to execute the EJBCA init script" - kubectl delete ns "$EJBCA_NAMESPACE" + ./bin/kubectl delete ns "$EJBCA_NAMESPACE" exit 1 fi # Uninstall the EJBCA helm chart - database is peristent - helm --namespace "$EJBCA_NAMESPACE" uninstall ejbca-test + ./bin/helm --namespace "$EJBCA_NAMESPACE" uninstall ejbca-test cleanupEJBCAConfigMaps } @@ -262,7 +262,7 @@ deployEJBCA() { helm_install_args+=("--set" "ejbca.image.pullSecrets[0].name=$IMAGE_PULL_SECRET_NAME") fi - if ! helm "${helm_install_args[@]}" ; then + if ! ./bin/helm "${helm_install_args[@]}" ; then echo "Failed to install EJBCA" exit 1 fi @@ -271,11 +271,11 @@ deployEJBCA() { # Wait for the EJBCA Pod to be ready echo "Waiting for EJBCA Pod to be ready" - kubectl --namespace "$EJBCA_NAMESPACE" wait --for=condition=ready pod -l app.kubernetes.io/instance=ejbca-test --timeout=300s + ./bin/kubectl --namespace "$EJBCA_NAMESPACE" wait --for=condition=ready pod -l app.kubernetes.io/instance=ejbca-test --timeout=300s # Get the name of the EJBCA Pod local ejbca_pod_name - ejbca_pod_name=$(kubectl --namespace "$EJBCA_NAMESPACE" get pods -l app.kubernetes.io/name=ejbca -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name" == "ejbca") | .metadata.name' | tr -d '"') + ejbca_pod_name=$(./bin/kubectl --namespace "$EJBCA_NAMESPACE" get pods -l app.kubernetes.io/name=ejbca -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name" == "ejbca") | .metadata.name' | tr -d '"') # Wait for the EJBCA node to be ready waitForEJBCANode "$EJBCA_NAMESPACE" "$ejbca_pod_name" @@ -289,9 +289,9 @@ uninstallEJBCA() { return 1 fi - helm --namespace "$EJBCA_NAMESPACE" uninstall ejbca-test + ./bin/helm --namespace "$EJBCA_NAMESPACE" uninstall ejbca-test - kubectl delete namespace "$EJBCA_NAMESPACE" + ./bin/kubectl delete namespace "$EJBCA_NAMESPACE" } ############################################### @@ -301,7 +301,7 @@ uninstallEJBCA() { mariadbPvcExists() { local namespace=$1 - if [ "$(kubectl --namespace "$namespace" get pvc -l app.kubernetes.io/name=mariadb -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name" == "mariadb") | .metadata.name' | tr -d '"')" != "" ]; then + if [ "$(./bin/kubectl --namespace "$namespace" get pvc -l app.kubernetes.io/name=mariadb -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name" == "mariadb") | .metadata.name' | tr -d '"')" != "" ]; then return 0 else return 1 From 60e16d8e9d63e3f401706e8dfa58ee1c7a4bdf66 Mon Sep 17 00:00:00 2001 From: Nico Weisenauer <137267159+nweisenauer-sap@users.noreply.github.com> Date: Wed, 30 Oct 2024 16:58:36 +0100 Subject: [PATCH 2/2] fixes bin path inside conf folder Signed-off-by: Nico Weisenauer <137267159+nweisenauer-sap@users.noreply.github.com> --- .../upstream-authority-ejbca/conf/deploy.sh | 56 +++++++++---------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/test/integration/suites/upstream-authority-ejbca/conf/deploy.sh b/test/integration/suites/upstream-authority-ejbca/conf/deploy.sh index 0c6c5397b6..e12673a15e 100755 --- a/test/integration/suites/upstream-authority-ejbca/conf/deploy.sh +++ b/test/integration/suites/upstream-authority-ejbca/conf/deploy.sh @@ -15,8 +15,8 @@ EJBCA_SUB_CA_NAME="Sub-CA" # Verify that required tools are installed verifySupported() { - HAS_HELM="$(type "./bin/helm" &>/dev/null && echo true || echo false)" - HAS_KUBECTL="$(type "./bin/kubectl" &>/dev/null && echo true || echo false)" + HAS_HELM="$(type "../bin/helm" &>/dev/null && echo true || echo false)" + HAS_KUBECTL="$(type "../bin/kubectl" &>/dev/null && echo true || echo false)" HAS_JQ="$(type "jq" &>/dev/null && echo true || echo false)" HAS_CURL="$(type "curl" &>/dev/null && echo true || echo false)" HAS_OPENSSL="$(type "openssl" &>/dev/null && echo true || echo false)" @@ -56,9 +56,9 @@ createConfigmapFromFile() { local configmap_name=$2 local filepath=$3 - if [ $(./bin/kubectl get configmap -n "$cluster_namespace" -o json | jq -c ".items | any(.[] | .metadata; .name == \"$configmap_name\")") == "false" ]; then + if [ $(../bin/kubectl get configmap -n "$cluster_namespace" -o json | jq -c ".items | any(.[] | .metadata; .name == \"$configmap_name\")") == "false" ]; then echo "Creating "$configmap_name" configmap" - ./bin/kubectl create configmap -n "$cluster_namespace" "$configmap_name" --from-file="$filepath" + ../bin/kubectl create configmap -n "$cluster_namespace" "$configmap_name" --from-file="$filepath" else echo "$configmap_name exists" fi @@ -67,22 +67,22 @@ createConfigmapFromFile() { # Figure out if the cluster is already initialized for EJBCA isEjbcaAlreadyDeployed() { deployed=false - if [ ! "$(./bin/kubectl --namespace "$EJBCA_NAMESPACE" get pods -l app.kubernetes.io/name=ejbca -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name" == "ejbca") | .metadata.name' | tr -d '"')" != "" ]; then + if [ ! "$(../bin/kubectl --namespace "$EJBCA_NAMESPACE" get pods -l app.kubernetes.io/name=ejbca -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name" == "ejbca") | .metadata.name' | tr -d '"')" != "" ]; then echo "EJBCA is not deployed - EJBCA pod is not present" return 1 fi - if [[ ! $(./bin/kubectl get secret --namespace "$EJBCA_NAMESPACE" -o json | jq --arg "name" "$EJBCA_SUPERADMIN_SECRET_NAME" -e '.items[] | select(.metadata.name == $name)') ]]; then + if [[ ! $(../bin/kubectl get secret --namespace "$EJBCA_NAMESPACE" -o json | jq --arg "name" "$EJBCA_SUPERADMIN_SECRET_NAME" -e '.items[] | select(.metadata.name == $name)') ]]; then echo "EJBCA is not deployed - SuperAdmin secret is not present" return 1 fi - if [[ ! $(./bin/kubectl get secret --namespace "$EJBCA_NAMESPACE" -o json | jq --arg "name" "$EJBCA_SUPERADMIN_SECRET_NAME" -e '.items[] | select(.metadata.name == $name)') ]]; then + if [[ ! $(../bin/kubectl get secret --namespace "$EJBCA_NAMESPACE" -o json | jq --arg "name" "$EJBCA_SUPERADMIN_SECRET_NAME" -e '.items[] | select(.metadata.name == $name)') ]]; then echo "EJBCA is not deployed - ManagementCA secret is not present" return 1 fi - if [[ ! $(./bin/kubectl get secret --namespace "$EJBCA_NAMESPACE" -o json | jq --arg "name" "$EJBCA_SUPERADMIN_SECRET_NAME" -e '.items[] | select(.metadata.name == $name)') ]]; then + if [[ ! $(../bin/kubectl get secret --namespace "$EJBCA_NAMESPACE" -o json | jq --arg "name" "$EJBCA_SUPERADMIN_SECRET_NAME" -e '.items[] | select(.metadata.name == $name)') ]]; then echo "EJBCA is not deployed - SubCA secret is not present" return 1 fi @@ -91,7 +91,7 @@ isEjbcaAlreadyDeployed() { } certificate_exists() { - if [[ $(./bin/kubectl get certificate -o json | jq -r '.items.[] | select(.metadata.name == "ejbca-certificate")') == "" ]]; then + if [[ $(../bin/kubectl get certificate -o json | jq -r '.items.[] | select(.metadata.name == "ejbca-certificate")') == "" ]]; then return 1 else return 0 @@ -106,7 +106,7 @@ waitForEJBCANode() { local ejbca_pod_name=$2 echo "Waiting for EJBCA node to be ready" - until ! ./bin/kubectl -n "$cluster_namespace" exec "$ejbca_pod_name" -- /opt/keyfactor/bin/ejbca.sh 2>&1 | grep -q "could not contact EJBCA"; do + until ! ../bin/kubectl -n "$cluster_namespace" exec "$ejbca_pod_name" -- /opt/keyfactor/bin/ejbca.sh 2>&1 | grep -q "could not contact EJBCA"; do echo "EJBCA node not ready yet, retrying in 5 seconds..." sleep 5 done @@ -121,8 +121,8 @@ configmapNameFromFilename() { # Initialize the cluster for EJBCA initClusterForEJBCA() { # Create the EJBCA namespace if it doesn't already exist - if [ "$(./bin/kubectl get namespace -o json | jq -e '.items[] | select(.metadata.name == "'"$EJBCA_NAMESPACE"'") | .metadata.name')" == "" ]; then - ./bin/kubectl create namespace "$EJBCA_NAMESPACE" + if [ "$(../bin/kubectl get namespace -o json | jq -e '.items[] | select(.metadata.name == "'"$EJBCA_NAMESPACE"'") | .metadata.name')" == "" ]; then + ../bin/kubectl create namespace "$EJBCA_NAMESPACE" fi # Mount the staged EEPs & CPs to Kubernetes with ConfigMaps @@ -139,7 +139,7 @@ initClusterForEJBCA() { cleanupEJBCAConfigMaps() { for file in $(find ./ejbca/staging -maxdepth 1 -mindepth 1); do configMapName="$(configmapNameFromFilename "$file")" - ./bin/kubectl delete configmap --namespace "$EJBCA_NAMESPACE" "$configMapName" + ../bin/kubectl delete configmap --namespace "$EJBCA_NAMESPACE" "$configMapName" done } @@ -202,24 +202,24 @@ initEJBCADatabase() { helm_install_args+=("--set" "ejbca.image.pullSecrets[0].name=$IMAGE_PULL_SECRET_NAME") fi - if ! ./bin/helm "${helm_install_args[@]}" ; then + if ! ../bin/helm "${helm_install_args[@]}" ; then echo "Failed to install EJBCA" - ./bin/kubectl delete namespace "$EJBCA_NAMESPACE" + ../bin/kubectl delete namespace "$EJBCA_NAMESPACE" exit 1 fi # Wait for the EJBCA Pod to be ready echo "Waiting for EJBCA Pod to be ready" - ./bin/kubectl --namespace "$EJBCA_NAMESPACE" wait --for=condition=Available deployment -l app.kubernetes.io/name=ejbca --timeout=300s - ./bin/kubectl --namespace "$EJBCA_NAMESPACE" wait --for=condition=Ready pod -l app.kubernetes.io/name=ejbca --timeout=300s + ../bin/kubectl --namespace "$EJBCA_NAMESPACE" wait --for=condition=Available deployment -l app.kubernetes.io/name=ejbca --timeout=300s + ../bin/kubectl --namespace "$EJBCA_NAMESPACE" wait --for=condition=Ready pod -l app.kubernetes.io/name=ejbca --timeout=300s # Get the name of the EJBCA Pod local ejbca_pod_name - ejbca_pod_name=$(./bin/kubectl --namespace "$EJBCA_NAMESPACE" get pods -l app.kubernetes.io/name=ejbca -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name" == "ejbca") | .metadata.name' | tr -d '"') + ejbca_pod_name=$(../bin/kubectl --namespace "$EJBCA_NAMESPACE" get pods -l app.kubernetes.io/name=ejbca -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name" == "ejbca") | .metadata.name' | tr -d '"') if [ "$ejbca_pod_name" == "" ]; then echo "Failed to get the name of the EJBCA Pod" - ./bin/kubectl delete ns "$EJBCA_NAMESPACE" + ../bin/kubectl delete ns "$EJBCA_NAMESPACE" exit 1 fi @@ -231,14 +231,14 @@ initEJBCADatabase() { --namespace "$EJBCA_NAMESPACE" exec "$ejbca_pod_name" -- bash -c 'cp /tmp/ejbca-init.sh /opt/keyfactor/bin/ejbca-init.sh && chmod +x /opt/keyfactor/bin/ejbca-init.sh && /opt/keyfactor/bin/ejbca-init.sh' ) - if ! ./bin/kubectl "${args[@]}" ; then + if ! ../bin/kubectl "${args[@]}" ; then echo "Failed to execute the EJBCA init script" - ./bin/kubectl delete ns "$EJBCA_NAMESPACE" + ../bin/kubectl delete ns "$EJBCA_NAMESPACE" exit 1 fi # Uninstall the EJBCA helm chart - database is peristent - ./bin/helm --namespace "$EJBCA_NAMESPACE" uninstall ejbca-test + ../bin/helm --namespace "$EJBCA_NAMESPACE" uninstall ejbca-test cleanupEJBCAConfigMaps } @@ -262,7 +262,7 @@ deployEJBCA() { helm_install_args+=("--set" "ejbca.image.pullSecrets[0].name=$IMAGE_PULL_SECRET_NAME") fi - if ! ./bin/helm "${helm_install_args[@]}" ; then + if ! ../bin/helm "${helm_install_args[@]}" ; then echo "Failed to install EJBCA" exit 1 fi @@ -271,11 +271,11 @@ deployEJBCA() { # Wait for the EJBCA Pod to be ready echo "Waiting for EJBCA Pod to be ready" - ./bin/kubectl --namespace "$EJBCA_NAMESPACE" wait --for=condition=ready pod -l app.kubernetes.io/instance=ejbca-test --timeout=300s + ../bin/kubectl --namespace "$EJBCA_NAMESPACE" wait --for=condition=ready pod -l app.kubernetes.io/instance=ejbca-test --timeout=300s # Get the name of the EJBCA Pod local ejbca_pod_name - ejbca_pod_name=$(./bin/kubectl --namespace "$EJBCA_NAMESPACE" get pods -l app.kubernetes.io/name=ejbca -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name" == "ejbca") | .metadata.name' | tr -d '"') + ejbca_pod_name=$(../bin/kubectl --namespace "$EJBCA_NAMESPACE" get pods -l app.kubernetes.io/name=ejbca -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name" == "ejbca") | .metadata.name' | tr -d '"') # Wait for the EJBCA node to be ready waitForEJBCANode "$EJBCA_NAMESPACE" "$ejbca_pod_name" @@ -289,9 +289,9 @@ uninstallEJBCA() { return 1 fi - ./bin/helm --namespace "$EJBCA_NAMESPACE" uninstall ejbca-test + ../bin/helm --namespace "$EJBCA_NAMESPACE" uninstall ejbca-test - ./bin/kubectl delete namespace "$EJBCA_NAMESPACE" + ../bin/kubectl delete namespace "$EJBCA_NAMESPACE" } ############################################### @@ -301,7 +301,7 @@ uninstallEJBCA() { mariadbPvcExists() { local namespace=$1 - if [ "$(./bin/kubectl --namespace "$namespace" get pvc -l app.kubernetes.io/name=mariadb -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name" == "mariadb") | .metadata.name' | tr -d '"')" != "" ]; then + if [ "$(../bin/kubectl --namespace "$namespace" get pvc -l app.kubernetes.io/name=mariadb -o json | jq '.items[] | select(.metadata.labels."app.kubernetes.io/name" == "mariadb") | .metadata.name' | tr -d '"')" != "" ]; then return 0 else return 1