djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

make prepare-supervisor-on-kind.sh work with older versions of bash

Browse Source
This commit is contained in:
Ryan Richard 2023-09-12 10:24:55 -07:00
parent 84498d5a55
commit c52ed93bf8
1 changed files with 18 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
hack/prepare-supervisor-on-kind.sh
View File

@ -238,13 +238,23 @@ fi
kubectl create secret tls -n "$PINNIPED_TEST_SUPERVISOR_NAMESPACE" my-federation-domain-tls --cert "$tls_crt_path" --key "$tls_key_path" \ kubectl create secret tls -n "$PINNIPED_TEST_SUPERVISOR_NAMESPACE" my-federation-domain-tls --cert "$tls_crt_path" --key "$tls_key_path" \
--dry-run=client --output yaml | kubectl apply -f - --dry-run=client --output yaml | kubectl apply -f -
# Variable that will be used to build up the "identityProviders" yaml for the FederationDomain. # Make a FederationDomain using the TLS Secret and identity providers from above in a temp file.
fd_idps="" fd_file="/tmp/federationdomain.yaml"
cat << EOF > $fd_file
apiVersion: config.supervisor.pinniped.dev/v1alpha1
kind: FederationDomain
metadata:
name: my-federation-domain
spec:
issuer: $issuer
tls:
secretName: my-federation-domain-tls
identityProviders:
EOF
if [[ "$use_oidc_upstream" == "yes" ]]; then if [[ "$use_oidc_upstream" == "yes" ]]; then
# Indenting the heredoc by 4 spaces to make it indented the correct amount in the FederationDomain below. # Indenting the heredoc by 4 spaces to make it indented the correct amount in the FederationDomain below.
fd_idps="${fd_idps}$( cat << EOF >> $fd_file
cat <<EOF
- displayName: "My OIDC IDP 🚀" - displayName: "My OIDC IDP 🚀"
objectRef: objectRef:
@ -264,13 +274,11 @@ if [[ "$use_oidc_upstream" == "yes" ]]; then
username: oidc:ryan@example.com username: oidc:ryan@example.com
groups: [ oidc:a, oidc:b ] groups: [ oidc:a, oidc:b ]
EOF EOF
)"
fi fi
if [[ "$use_ldap_upstream" == "yes" ]]; then if [[ "$use_ldap_upstream" == "yes" ]]; then
# Indenting the heredoc by 4 spaces to make it indented the correct amount in the FederationDomain below. # Indenting the heredoc by 4 spaces to make it indented the correct amount in the FederationDomain below.
fd_idps="${fd_idps}$( cat << EOF >> $fd_file
cat <<EOF
- displayName: "My LDAP IDP 🚀" - displayName: "My LDAP IDP 🚀"
objectRef: objectRef:
@ -320,13 +328,11 @@ if [[ "$use_ldap_upstream" == "yes" ]]; then
rejected: true rejected: true
message: "Only users in certain kube groups are allowed to authenticate" message: "Only users in certain kube groups are allowed to authenticate"
EOF EOF
)"
fi fi
if [[ "$use_ad_upstream" == "yes" ]]; then if [[ "$use_ad_upstream" == "yes" ]]; then
# Indenting the heredoc by 4 spaces to make it indented the correct amount in the FederationDomain below. # Indenting the heredoc by 4 spaces to make it indented the correct amount in the FederationDomain below.
fd_idps="${fd_idps}$( cat << EOF >> $fd_file
cat <<EOF
- displayName: "My AD IDP" - displayName: "My AD IDP"
objectRef: objectRef:
@ -334,21 +340,10 @@ if [[ "$use_ad_upstream" == "yes" ]]; then
kind: ActiveDirectoryIdentityProvider kind: ActiveDirectoryIdentityProvider
name: my-ad-provider name: my-ad-provider
EOF EOF
)"
fi fi
# Make a FederationDomain using the TLS Secret and identity providers from above. # Apply the FederationDomain from the file created above.
cat <<EOF | kubectl apply --namespace "$PINNIPED_TEST_SUPERVISOR_NAMESPACE" -f - kubectl apply --namespace "$PINNIPED_TEST_SUPERVISOR_NAMESPACE" -f "$fd_file"
apiVersion: config.supervisor.pinniped.dev/v1alpha1
kind: FederationDomain
metadata:
name: my-federation-domain
spec:
issuer: $issuer
tls:
secretName: my-federation-domain-tls
identityProviders:${fd_idps}
EOF
echo "Waiting for FederationDomain to initialize or update..." echo "Waiting for FederationDomain to initialize or update..."
kubectl wait --for=condition=Ready FederationDomain/my-federation-domain -n "$PINNIPED_TEST_SUPERVISOR_NAMESPACE" kubectl wait --for=condition=Ready FederationDomain/my-federation-domain -n "$PINNIPED_TEST_SUPERVISOR_NAMESPACE"