test

#!/bin/bash
set -exo pipefail

TARGET="${1:-oss}"  # can also be set to 'enterprise'

export CONJUR_DATA_KEY='iFra75qdvsLENSV+qXYFMkv7KJS3t+82Po4mmjZLxZc='

CONJUR_ACCOUNT='myaccount'
CONJUR_AUTHN_PASSWORD='SEcret12!!!!'

# These variables are set after configuring conjur
api_key=""
ssl_cert=""

function finish() {
  case "$TARGET" in
    "oss"|"enterprise")
  if [[ -z "$KEEP_CONTAINERS" ]]; then
    echo "> Terminating local Conjur environment"
    dockerCompose down -v
  else
    echo "> KEEP_CONTAINERS is set, not terminating local Conjur environment"
  fi
 ;;
 esac

}

trap finish EXIT

function main() {
  checkTarget
  case "$TARGET" in
  "oss"| "enterprise")
  loadUtils
  launchConjur
  configureConjur
  ;;
  esac
  runIAMAWS
}

function checkTarget() {
  case "$TARGET" in
  "oss")
    export DOCKER_COMPOSE_ARGS="-f docker-compose.oss.yml -f docker-compose.yml"
    export CONJUR_WAIT_COMMAND="conjurctl wait"
    ;;
  "enterprise")
    export DOCKER_COMPOSE_ARGS="-f docker-compose.enterprise.yml -f docker-compose.yml"
    export CONJUR_WAIT_COMMAND="/opt/conjur/evoke/bin/wait_for_conjur"
    ;;
    "cloud")
    ;;
  *)
    echo "> '$TARGET' is not a supported target"
    exit 1
    ;;
  esac
}

function loadUtils() {
  cwd="$(dirname "$0")"
  # shellcheck source=utils.sh
  . "$cwd/utils.sh"
}

function launchConjur() {
  echo "> Launching local Conjur environment"

  echo ">> Pulling images (this may take a long time)"
  dockerCompose pull -q

  echo ">> Starting Conjur/DAP server"
  dockerCompose up -d conjur-server
  echo ">> Creating account '$CONJUR_ACCOUNT'"
  if [[ "$TARGET" == "enterprise" ]]; then
    conjurExec evoke configure master \
      --accept-eula \
      -h conjur-server \
      -p "$CONJUR_AUTHN_PASSWORD" \
      "$CONJUR_ACCOUNT"
  else
    # We need to wait for Conjur OSS to establish a DB connection before
    # attempting to create the account
    conjurExec $CONJUR_WAIT_COMMAND
    conjurExec conjurctl account create "$CONJUR_ACCOUNT"
  fi

  echo ">> Waiting on conjur..."
  conjurExec $CONJUR_WAIT_COMMAND
}

function configureConjur() {
  echo "> Configuring local Conjur environment"

  export CONJUR_APPLIANCE_URL=https://conjur-server
  export CONJUR_ACCOUNT="$CONJUR_ACCOUNT"
  export CONJUR_AUTHN_LOGIN="admin"

  if [[ "$TARGET" == "enterprise" ]]; then
    ssl_cert=$(conjurExec cat /opt/conjur/etc/ssl/conjur.pem)
  else
    ssl_cert=$(cat "src/test/https_config/ca.crt")
  fi
  export CONJUR_SSL_CERTIFICATE="$ssl_cert"

  echo "$ssl_cert" > "src/test/conjur.pem"

  if [[ "$TARGET" == "oss" ]]; then
    api_key=$(conjurExec conjurctl role retrieve-key \
      "$CONJUR_ACCOUNT:user:admin" | tr -d '\r')
    export CONJUR_AUTHN_API_KEY="$api_key"
  fi

  echo ">> Starting CLI"
  dockerCompose up -d client

  if [[ "$TARGET" == "enterprise" ]]; then
    echo ">> Logging in CLI to the server"
    clientExec conjur authn login -u admin -p "$CONJUR_AUTHN_PASSWORD"
    api_key=$(clientExec conjur user rotate_api_key)
    export CONJUR_AUTHN_API_KEY="$api_key"
  fi

  echo ">> Applying policies"

  # Policy files are mounted in docker-compose
  clientExec conjur policy load --replace root policy/policy.root.yml
  clientExec ps -a
  clientExec conjur policy load root policy/policy.example.yml
  clientExec conjur list
  clientExec conjur variable values add database/username SECRETXcLhn23MJcimV
}

function runIAMAWS() {
    case "$TARGET" in
    "oss"| "enterprise")
      export CONJUR_APPLIANCE_URL='https://conjur-server'
      export  AUTHN_IAM_SERVICE_ID='prod'
      export  CONJUR_AUTHN_LOGIN='host/myspace/601277729239/InstanceReadJenkinsExecutorHostFactoryToken'
      export  CONJUR_CERT_FILE='test/conjur.pem'
      export  CONJUR_ACCOUNT='myaccount'
      export TARGET="$TARGET"
    ;;
    *)
    # Conjur configuration parameters
      export CONJUR_APPLIANCE_URL='https://conjurcloudint.secretsmgr.cyberark.cloud/api/'
      export AUTHN_IAM_SERVICE_ID='prod'
      export CONJUR_AUTHN_LOGIN='host/data/myspace/601277729239/InstanceReadJenkinsExecutorHostFactoryToken'
      export TARGET="$TARGET"
      export CONJUR_ACCOUNT='conjur'
    ;;
    esac

  echo ">> Planning and applying aws  manifest"
    docker-compose -f docker-compose.yml build conjur_aws
    docker-compose -f docker-compose.yml run conjur_aws

  docker-compose rm --force \
    --stop \
    -v \
    conjur_aws

}
main