remove old unused scripts

2023-08-29 16:01:18 -04:00 · 2023-08-29 16:01:18 -04:00 · 965da4085c
commit 965da4085c
parent c9cd89f8b7
2 changed files with 101 additions and 104 deletions
--- a/deploy_carvel/deploy_concierge.sh
+++ b/deploy_carvel/deploy_concierge.sh
@ -1,41 +0,0 @@
-#!/bin/bash
-
-
-APP="pinn-conci"
-
-kapp deploy --app "${APP}" --diff-changes --file <(ytt \
-  --file concierge/config/authentication.concierge.pinniped.dev_jwtauthenticators.yaml
-  --file concierge/config/authentication.concierge.pinniped.dev_webhookauthenticcators.yaml
-  --file concierge/config/config.concierge.pinniped.dev_credential_issuers.yaml
-  --file concierge/config/deployment-HACKED.yaml \
-  --file concierge/config/helpers.lib.yaml \
-  --file concierge/config/rbac.yaml \
-  --file concierge/config/z0_crd_overlay.yaml \
-  --file concierge/config/values.yaml \
-  --data-value app_name=pinn-conci \
-  --data-value namespace=pinn-conci \
-  --data-value-yaml 'custom_labels={"foo": bar}' \
-  --data-value replicas=3)
-
-
-## template the thing
-#RENDER_OUTPUT_FILE=$(
-#ytt \
-#  --file concierge/config/helpers.lib.yaml \
-#  --file concierge/config/deployment.yaml \
-#  --file concierge/config/service.yaml \
-#  --file concierge/config/values.yaml \
-#  --data-value app_name=pinn-super \
-#  --data-value namespace=pinn-super \
-#  --data-value-yaml 'custom_labels={"foo": bar}' \
-#  --data-value replicas=3
-#)
-#
-## view it
-#echo "$RENDER_OUTPUT_FILE"
-#
-## give it to kapp
-#kapp deploy \
-#  --app pinn-super \
-#  --diff-changes \
-#  --file <( "${RENDER_OUTPUT_FILE}" )
--- a/deploy_carvel/deploy_supervisor.sh
+++ b/deploy_carvel/deploy_supervisor.sh
@ -1,66 +1,104 @@
-#!/bin/bash
+#!/usr/bin/env bash

-# need to maintain this if used.
-# but there must be a way to get ytt to read a directory of files.
-#RENDERED_OUTPUT_FILES=$(
-#ytt \
-#  --file supervisor/config/helpers.lib.yaml \
-#  --file supervisor/config/config.supervisor.pinniped.dev_federationdomains.yaml \
-#  --file supervisor/config/config.supervisor.pinniped.dev_oidcclients.yaml \
-#  --file supervisor/config/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml \
-#  --file supervisor/config/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml \
-#  --file supervisor/config/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml \
-#  --file supervisor/config/z0_crd_overlay.yaml \
-#  --file supervisor/config/rbac.yaml \
-#  --file supervisor/config/service.yaml \
-#  --file supervisor/config/deployment.yaml \
-#  --file supervisor/config/values.yaml \
-#  --data-value app_name=pinn-super \
-#  --data-value namespace=pinn-super \
-#  --data-value-yaml 'custom_labels={"foo": bar}' \
-#  --data-value replicas=3
-#)
-#
-#echo "${RENDERED_OUTPUT_FILES}"
-
-APP="pinn-super"
-
-kapp deploy --app  "${APP}" --diff-changes --file <(ytt \
-  --file supervisor/config/helpers.lib.yaml \
-  --file supervisor/config/config.supervisor.pinniped.dev_federationdomains.yaml \
-  --file supervisor/config/config.supervisor.pinniped.dev_oidcclients.yaml \
-  --file supervisor/config/idp.supervisor.pinniped.dev_activedirectoryidentityproviders.yaml \
-  --file supervisor/config/idp.supervisor.pinniped.dev_ldapidentityproviders.yaml \
-  --file supervisor/config/idp.supervisor.pinniped.dev_oidcidentityproviders.yaml \
-  --file supervisor/config/z0_crd_overlay.yaml \
-  --file supervisor/config/rbac.yaml \
-  --file supervisor/config/service.yaml \
-  --file supervisor/config/deployment-HACKED.yaml \
-  --file supervisor/config/values.yaml \
-  --data-value app_name=pinn-super \
-  --data-value namespace=pinn-super \
-  --data-value-yaml 'custom_labels={"foo": bar}' \
-  --data-value replicas=3)
+# https://gist.github.com/mohanpedala/1e2ff5661761d3abd0385e8223e16425
+set -e # immediately exit
+set -u # error if variables undefined
+set -o pipefail # prevent masking errors in a pipeline
+# set -x # print all executed commands to terminal


-## template the thing
-#RENDER_OUTPUT_FILE=$(
-#ytt \
-#  --file supervisor/config/helpers.lib.yaml \
-#  --file supervisor/config/deployment.yaml \
-#  --file supervisor/config/service.yaml \
-#  --file supervisor/config/values.yaml \
-#  --data-value app_name=pinn-super \
-#  --data-value namespace=pinn-super \
-#  --data-value-yaml 'custom_labels={"foo": bar}' \
-#  --data-value replicas=3
-#)
-#
-## view it
-#echo "$RENDER_OUTPUT_FILE"
-#
-## give it to kapp
-#kapp deploy \
-#  --app pinn-super \
-#  --diff-changes \
-#  --file <( "${RENDER_OUTPUT_FILE}" )
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+DEFAULT='\033[0m'
+
+echo_yellow() {
+    echo -e "${YELLOW}>> $@${DEFAULT}\n"
+    # printf "${GREEN}$@${DEFAULT}"
+}
+
+echo_green() {
+    echo -e "${GREEN}>> $@${DEFAULT}\n"
+    # printf "${BLUE}$@${DEFAULT}"
+}
+echo_red() {
+    echo -e "${RED}>> $@${DEFAULT}\n"
+    # printf "${BLUE}$@${DEFAULT}"
+}
+echo_blue() {
+    echo -e "${BLUE}>> $@${DEFAULT}\n"
+    # printf "${BLUE}$@${DEFAULT}"
+}
+
+# borrowed from /tmp/integration-test-env
+# TODO: make new scripts work with the old script?
+# or how to ensure we can install both
+# - the old way, ytt or plain yamls
+# - the new way, with the PackageRepository and Packages
+# export PINNIPED_TEST_SUPERVISOR_NAMESPACE=supervisor
+PINNIPED_TEST_SUPERVISOR_NAMESPACE=default
+# export PINNIPED_TEST_PROXY=http://127.0.0.1:12346
+PINNIPED_TEST_PROXY=http://127.0.0.1:12346
+
+# from here forward borrowed from ${repo_root}/hack/prepare-supervisor-on-kind.sh
+
+# NOPE! Not running this script, so we have to pull the env vars ourselves
+# however, we can run it against another kind cluster and take a look at it to make sure
+# we understand what the contents are
+# Read the env vars output by hack/prepare-for-integration-tests.sh
+# source /tmp/integration-test-env
+
+# Choose some filenames.
+root_ca_crt_path=root_ca.crt
+root_ca_key_path=root_ca.key
+tls_crt_path=tls.crt
+tls_key_path=tls.key
+
+# Choose an audience name for the Concierge.
+audience="my-workload-cluster-$(openssl rand -hex 4)"
+
+# These settings align with how the Dex redirect URI is configured by hack/prepare-for-integration-tests.sh.
+# Note that this hostname can only be resolved inside the cluster, so we will use a web proxy running inside
+# the cluster whenever we want to be able to connect to it.
+issuer_host="pinniped-supervisor-clusterip.supervisor.svc.cluster.local"
+issuer="https://$issuer_host/some/path"
+
+
+# Create a CA and TLS serving certificates for the Supervisor.
+step certificate create \
+  "Supervisor CA" "$root_ca_crt_path" "$root_ca_key_path" \
+  --profile root-ca \
+  --no-password --insecure --force
+step certificate create \
+  "$issuer_host" "$tls_crt_path" "$tls_key_path" \
+  --profile leaf \
+  --not-after 8760h \
+  --ca "$root_ca_crt_path" --ca-key "$root_ca_key_path" \
+  --no-password --insecure --force
+
+# Put the TLS certificate into a Secret for the Supervisor.
+kubectl create secret tls -n "$PINNIPED_TEST_SUPERVISOR_NAMESPACE" my-federation-domain-tls --cert "$tls_crt_path" --key "$tls_key_path" \
+  --dry-run=client --output yaml | kubectl apply -f -
+
+
+# Make a FederationDomain using the TLS Secret from above.
+cat <<EOF | kubectl apply --namespace "$PINNIPED_TEST_SUPERVISOR_NAMESPACE" -f -
+apiVersion: config.supervisor.pinniped.dev/v1alpha1
+kind: FederationDomain
+metadata:
+  name: my-federation-domain
+spec:
+  issuer: $issuer
+  tls:
+    secretName: my-federation-domain-tls
+EOF
+
+echo "Waiting for FederationDomain to initialize..."
+# Sleeping is a race, but that's probably good enough for the purposes of this script.
+sleep 5
+
+# Test that the federation domain is working before we proceed.
+echo "Fetching FederationDomain discovery info..."
+echo "$PINNIPED_TEST_PROXY - curl -fLsS --cacert $root_ca_crt_path $issuer/.well-known/openid-configuration"
+https_proxy="$PINNIPED_TEST_PROXY" curl -fLsS --cacert "$root_ca_crt_path" "$issuer/.well-known/openid-configuration" | jq .