Onyx 16433 #2482
Onyx 16433 #2482
Conversation
foxefj-cyber
force-pushed
the
ONYX-16433
branch
2 times, most recently
from
de1f890
to
a0b075f
Compare
| @@ -0,0 +1,3 @@ | |||
| FROM travix/tinyproxy:latest | |||
|
|
|||
| COPY proxy/tinyproxy.conf /etc/tinyproxy.conf | |||
There was a problem hiding this comment.
Mind adding the final newline?
| @@ -59,7 +59,8 @@ def options | |||
| ssl_options: { | |||
| cert_store: @cert_store, | |||
| verify_ssl: OpenSSL::SSL::VERIFY_PEER | |||
| } | |||
| }, | |||
| http_proxy_uri: ENV['https_proxy'] ? ENV['https_proxy'] : ENV['http_proxy'] | |||
There was a problem hiding this comment.
Since we're treating ENV['https_proxy'] as a truthy value anyway, this can be simplified to:
http_proxy_uri: ENV['https_proxy'] || ENV['http_proxy']
ci/authn-k8s/test_oc_entrypoint.sh
Outdated
| #oc adm policy remove-scc-from-user anyuid -z default | ||
| #oc --ignore-not-found=true delete project $CONJUR_AUTHN_K8S_TEST_NAMESPACE |
There was a problem hiding this comment.
Are these really not needed anymore? (I'm most curious about not deleting the project/namespace)
If not, can we delete the lines rather than commenting them.
There was a problem hiding this comment.
uncommented them
ci/authn-k8s/test_oc_entrypoint.sh
Outdated
|
|
||
| # Rails.logger writes the logs to the environment log file | ||
| oc exec $pod_name -- bash -c "cat /opt/conjur-server/log/test.log" >> "output/$PLATFORM-authn-k8s-logs.txt" | ||
|
|
||
| echo "Printing Logs from Conjur to the console" | ||
| echo "===========================" | ||
| cat "output/$PLATFORM-authn-k8s-logs.txt" | ||
| #cat "output/$PLATFORM-authn-k8s-logs.txt" |
There was a problem hiding this comment.
Should this be uncommented again?
ci/authn-k8s/test_oc_entrypoint.sh
Outdated
| # set test password value | ||
| # password=$(openssl rand -hex 12) | ||
| # conjurcmd conjur variable values add inventory-db/password $password | ||
| #password=$(openssl rand -hex 12) | ||
| #conjurcmd conjur variable values add inventory-db/password $password |
There was a problem hiding this comment.
I realize that you just cleaned up the formatting of these lines, but if they were commented out before you started working on it, we should just remove these lines.
| that is defined in the id and the kubernetes host can be reached through a | ||
| http_proxy | ||
|
|
||
| @http_proxy |
There was a problem hiding this comment.
I'm guessing there must be some sort of behind-the-scenes magic connecting this tag to the ci/authn-k8s/dev/dev_conjur_http_proxy.template.yaml?
It would probably be worth adding a small comment above this test explaining what it does, and perhaps link to the template file for reference in the future.
There was a problem hiding this comment.
comment added :)
![codeclimate[bot]](https://avatars.githubusercontent.com/in/9403?s=60&v=4){kind=small}
foxefj-cyber
force-pushed
the
ONYX-16433
branch
from
1f75628
to
4a6426d
Compare
foxefj-cyber
force-pushed
the
ONYX-16433
branch
from
4a6426d
to
b3b8d6f
Compare
|
Code Climate has analyzed commit b3b8d6f and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 88.0% (-1.4% change). View more on Code Climate. |
Desired Outcome
Please describe the desired outcome for this PR. Said another way, what was
the original request that resulted in these code changes? Feel free to copy
this information from the connected issue.
Implemented Changes
Adding ability for the kubernetes client to use the environment defined http(s)_proxy environment variable when connecting to kubernetes.
Connected Issue/Story
CyberArk internal issue link: ONYX-16433
Definition of Done
At least 1 todo must be completed in the sections below for the PR to be
merged.
Changelog
CHANGELOG update
Test coverage
changes, or
Documentation
READMEs) were updated in this PRBehavior
Security