This is an automated email from the ASF dual-hosted git repository.
jamesnetherton pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
The following commit(s) were added to refs/heads/main by this push:
new 7faf1b22ff Refactor CyberArk Vault container testing
7faf1b22ff is described below
commit 7faf1b22fff2ffc9f0fbca6f171102dd370b247a
Author: James Netherton <[email protected]>
AuthorDate: Wed Jan 21 11:55:53 2026 +0000
Refactor CyberArk Vault container testing
Fixes #8140
---
integration-tests/cyberark-vault/README.adoc | 16 +-
integration-tests/cyberark-vault/pom.xml | 10 +
.../cyberark/vault/it/CyberarkVaultTest.java | 14 +-
.../vault/it/CyberarkVaultTestResource.java | 282 ++++++++++++++++-----
.../src/test/resources/conf/tls/tls.conf | 39 ---
.../src/test/resources/docker-compose.yml | 104 --------
integration-tests/cyberark-vault/startConjur.sh | 82 ------
integration-tests/cyberark-vault/stopConjur.sh | 28 --
pom.xml | 3 +
9 files changed, 239 insertions(+), 339 deletions(-)
diff --git a/integration-tests/cyberark-vault/README.adoc
b/integration-tests/cyberark-vault/README.adoc
index 84c398062e..64d0c8eb55 100644
--- a/integration-tests/cyberark-vault/README.adoc
+++ b/integration-tests/cyberark-vault/README.adoc
@@ -1,23 +1,19 @@
= Cyber Ark Conjur integration tests
-=== Localstack
+== Local container testing
-The tests are able to run against the docker by default.
+The tests are run by default using containers.
-The docker environment is not started when complete configuration is provided
via environmental properties.
+Refer to the section below to test against a real CyberArk instance.
-=== Real CyberArk Vault API
+== Real CyberArk Vault API
To run the tests against the real CyberArk Conjur API, you need to
* Export your CyberArk real configuration
-* Upload policy from the test resources
-* Export usernames and api keys
+* Upload the policy from `src/test/resources/conf/policy/BotApp.yml`
+* Configure environment variables as defined below
-or use docker-compose from
https://github.com/cyberark/conjur-quickstart[conjur quickstart]
-
-* You can use scripts `startConjur.sh` and `stopConjur.sh`
-* Export all environmental properties provided by the start script
[source,shell]
----
export CQ_CONJUR_URL=http://localhost:8080/
diff --git a/integration-tests/cyberark-vault/pom.xml
b/integration-tests/cyberark-vault/pom.xml
index d80bb1b9f9..a1a74f3eba 100644
--- a/integration-tests/cyberark-vault/pom.xml
+++ b/integration-tests/cyberark-vault/pom.xml
@@ -62,6 +62,16 @@
<artifactId>testcontainers</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.testcontainers</groupId>
+ <artifactId>testcontainers-postgresql</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>io.smallrye.certs</groupId>
+ <artifactId>smallrye-certificate-generator-junit5</artifactId>
+ <scope>test</scope>
+ </dependency>
<dependency>
<groupId>org.apache.camel.quarkus</groupId>
<artifactId>camel-quarkus-integration-test-support</artifactId>
diff --git
a/integration-tests/cyberark-vault/src/test/java/org/apache/camel/quarkus/component/cyberark/vault/it/CyberarkVaultTest.java
b/integration-tests/cyberark-vault/src/test/java/org/apache/camel/quarkus/component/cyberark/vault/it/CyberarkVaultTest.java
index 2ee00e868d..e28eca38c8 100644
---
a/integration-tests/cyberark-vault/src/test/java/org/apache/camel/quarkus/component/cyberark/vault/it/CyberarkVaultTest.java
+++
b/integration-tests/cyberark-vault/src/test/java/org/apache/camel/quarkus/component/cyberark/vault/it/CyberarkVaultTest.java
@@ -21,22 +21,22 @@ import java.util.UUID;
import io.quarkus.test.common.QuarkusTestResource;
import io.quarkus.test.junit.QuarkusTest;
import io.restassured.RestAssured;
+import io.smallrye.certs.Format;
+import io.smallrye.certs.junit5.Certificate;
+import io.smallrye.certs.junit5.Certificates;
import org.junit.jupiter.api.Test;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
+@Certificates(baseDir = "target/certs", certificates = {
+ @Certificate(name = "nginx", formats = { Format.PEM }, cn = "proxy",
subjectAlternativeNames = "proxy")
+})
@QuarkusTest
@QuarkusTestResource(CyberarkVaultTestResource.class)
class CyberarkVaultTest {
-
- private static final Logger LOG =
LoggerFactory.getLogger(CyberarkVaultTest.class);
-
@Test
- public void testRetrieveSecret() throws Exception {
-
+ void testRetrieveSecret() {
String secret = UUID.randomUUID().toString();
//create secret
RestAssured.given()
diff --git
a/integration-tests/cyberark-vault/src/test/java/org/apache/camel/quarkus/component/cyberark/vault/it/CyberarkVaultTestResource.java
b/integration-tests/cyberark-vault/src/test/java/org/apache/camel/quarkus/component/cyberark/vault/it/CyberarkVaultTestResource.java
index 4de779245e..6cd46328f3 100644
---
a/integration-tests/cyberark-vault/src/test/java/org/apache/camel/quarkus/component/cyberark/vault/it/CyberarkVaultTestResource.java
+++
b/integration-tests/cyberark-vault/src/test/java/org/apache/camel/quarkus/component/cyberark/vault/it/CyberarkVaultTestResource.java
@@ -17,12 +17,10 @@
package org.apache.camel.quarkus.component.cyberark.vault.it;
-import java.io.File;
-import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
-import java.nio.file.StandardCopyOption;
+import java.time.Duration;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.LinkedList;
@@ -34,23 +32,45 @@ import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.quarkus.test.common.QuarkusTestResourceLifecycleManager;
import org.apache.camel.quarkus.test.mock.backend.MockBackendUtils;
-import org.apache.commons.io.FileUtils;
+import org.eclipse.microprofile.config.ConfigProvider;
import org.junit.jupiter.api.Assertions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.testcontainers.containers.ComposeContainer;
import org.testcontainers.containers.Container;
+import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.containers.Network;
+import org.testcontainers.containers.output.Slf4jLogConsumer;
import org.testcontainers.containers.wait.strategy.Wait;
+import org.testcontainers.postgresql.PostgreSQLContainer;
+import org.testcontainers.utility.DockerImageName;
+import org.testcontainers.utility.MountableFile;
/**
* Test resource is using opensource conjur. See the instructions from
*
https://github.com/cyberark/conjur-quickstart?tab=readme-ov-file#setting-up-an-environment
- *
- * Important note. the docker-compose.yml, from the conjur, has to be stripped
from container_name attributes.
*/
public class CyberarkVaultTestResource implements
QuarkusTestResourceLifecycleManager {
private static final Logger LOGGER =
LoggerFactory.getLogger(CyberarkVaultTestResource.class);
- private ComposeContainer container;
+ private static final String POSTGRES_PASSWORD = "SuperSecretPg";
+ private static final String POSTGRES_USERNAME = "postgres";
+ private static final String CONJUR_DATA_KEY =
"changeitchangeitchangeitchangeitchangeitIhc=";
+ private static final String CONJUR_ACCOUNT = "myConjurAccount";
+ private static final String POSTGRES_CONTAINER_IMAGE =
ConfigProvider.getConfig().getValue("postgres.container.image",
+ String.class);
+ private static final String CONJUR_CONTAINER_IMAGE =
ConfigProvider.getConfig().getValue("cyberark-conjur.container.image",
+ String.class);
+ private static final String CONJUR_CLI_CONTAINER_IMAGE =
ConfigProvider.getConfig()
+ .getValue("cyberark-conjur-cli.container.image", String.class);
+ private static final String NGINX_CONTAINER_IMAGE =
ConfigProvider.getConfig().getValue("cyberark-nginx.container.image",
+ String.class);
+ private static final int CONJUR_PORT = 80;
+ private static final int NGINX_PORT = 443;
+
+ private Network network;
+ private PostgreSQLContainer postgresContainer;
+ private GenericContainer<?> conjurContainer;
+ private GenericContainer<?> nginxContainer;
+ private GenericContainer<?> clientContainer;
@Override
public Map<String, String> start() {
@@ -81,81 +101,205 @@ public class CyberarkVaultTestResource implements
QuarkusTestResourceLifecycleMa
MockBackendUtils.logMockBackendUsed();
try {
- //copy docker-compose to tmp location
- File dockerComposeFile, configFile;
- //create tmp folder in target
- Path targetDir = Paths.get("target");
- Path tempDir = Files.createTempDirectory(targetDir,
"docker-compose-");
- try (InputStream inYaml =
getClass().getClassLoader().getResourceAsStream("docker-compose.yml");) {
- dockerComposeFile = File.createTempFile("docker-compose-",
".yml", tempDir.toFile());
- Files.copy(inYaml, dockerComposeFile.toPath(),
StandardCopyOption.REPLACE_EXISTING);
- }
- FileUtils.copyDirectory(new
File(getClass().getResource("/conf").getFile()),
tempDir.resolve("conf").toFile());
-
- container = new ComposeContainer(dockerComposeFile)
- .withExposedService("conjur", 80)
- .waitingFor("conjur", Wait.forLogMessage(".* Listening on
http.*", 1));
-
- container.start();
-
- Container.ExecResult er =
container.getContainerByServiceName("conjur").get()
- .execInContainer("conjurctl", "account", "create",
"myConjurAccount");
- Assertions.assertEquals(0, er.getExitCode(), "Creation of account
failed with: " + er.getStderr());
- //admin key is the last word from stdout
- String adminKey = new
LinkedList<>(Arrays.asList(er.getStdout().split("\\s"))).getLast();
-
- er = container.getContainerByServiceName("client").get()
- .execInContainer("conjur", "init", "oss", "-u",
"https://proxy";,
- "-a", "myConjurAccount", "--self-signed");
- Assertions.assertEquals(0, er.getExitCode(), "Client init failed
with: " + er.getStderr());
-
- er = container.getContainerByServiceName("client").get()
- .execInContainer("conjur", "login", "-i", "admin", "-p",
adminKey);
- Assertions.assertEquals(0, er.getExitCode(), "Client login failed
with: " + er.getStderr());
-
- er = container.getContainerByServiceName("client").get()
- .execInContainer("conjur", "policy", "load", "-b", "root",
"-f", "policy/BotApp.yml");
- Assertions.assertEquals(0, er.getExitCode(), "Policy load failed
with: " + er.getStderr());
-
- ObjectMapper objectMapper = new ObjectMapper();
- try {
- // Read JSON from a file
- JsonNode jsonNode = objectMapper.readTree(er.getStdout());
-
jsonNode.get("created_roles").get("myConjurAccount:host:BotApp/myDemoApp").get("id");
-
- result.put("conjur.read.username", "host/BotApp/myDemoApp");
- result.put("conjur.read.apiKey",
-
jsonNode.get("created_roles").get("myConjurAccount:host:BotApp/myDemoApp").get("api_key").textValue());
- result.put("conjur.write.username", "user/Dave@BotApp");
- result.put("conjur.write.apiKey",
-
jsonNode.get("created_roles").get("myConjurAccount:user:Dave@BotApp").get("api_key").textValue());
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
+ // Create a shared network for all containers
+ network = Network.newNetwork();
+
+ // Start PostgreSQL container
+ startPostgresContainer();
+
+ // Start Conjur container
+ startConjurContainer();
+
+ // Start Nginx proxy container
+ startNginxContainer();
- container.getContainerByServiceName("client").get()
- .execInContainer("conjur", "logout");
+ // Start Conjur CLI client container
+ startClientContainer();
+ // Initialize Conjur and load policies
+ initializeConjur(result);
} catch (Exception e) {
- throw new RuntimeException(e);
+ throw new RuntimeException("Failed to start Conjur test
environment", e);
}
- result.put("conjur.account", "myConjurAccount");
- result.put("conjur.url", "http://localhost:"; +
container.getServicePort("conjur", 80));
+ result.put("conjur.account", CONJUR_ACCOUNT);
+ result.put("conjur.url", "http://localhost:"; +
conjurContainer.getMappedPort(80));
return result;
}
+ private void startPostgresContainer() {
+ LOGGER.info("Starting PostgreSQL container...");
+
+ DockerImageName postgresImageName =
DockerImageName.parse(POSTGRES_CONTAINER_IMAGE)
+ .asCompatibleSubstituteFor("postgres");
+ postgresContainer = new PostgreSQLContainer(postgresImageName)
+ .withNetwork(network)
+ .withNetworkAliases("database")
+ .withDatabaseName("postgres")
+ .withUsername(POSTGRES_USERNAME)
+ .withPassword(POSTGRES_PASSWORD)
+ .withLogConsumer(new
Slf4jLogConsumer(LOGGER).withPrefix("POSTGRES"));
+
+ postgresContainer.start();
+
+ LOGGER.info("PostgreSQL container started");
+ }
+
+ private void startConjurContainer() {
+ LOGGER.info("Starting Conjur container...");
+
+ String databaseUrl =
String.format("postgres://postgres:%s@database/postgres", POSTGRES_PASSWORD);
+
+ conjurContainer = new
GenericContainer<>(DockerImageName.parse(CONJUR_CONTAINER_IMAGE))
+ .withNetwork(network)
+ .withNetworkAliases("conjur")
+ .withCommand("server")
+ .withEnv("DATABASE_URL", databaseUrl)
+ .withEnv("CONJUR_DATA_KEY", CONJUR_DATA_KEY)
+ .withEnv("CONJUR_AUTHENTICATORS", "")
+ .withEnv("CONJUR_TELEMETRY_ENABLED", "false")
+ .withEnv("CONJUR_API_RESOURCE_LIST_LIMIT_MAX", "5000")
+ .withExposedPorts(CONJUR_PORT)
+ .withLogConsumer(new
Slf4jLogConsumer(LOGGER).withPrefix("CONJUR"))
+ .waitingFor(Wait.forLogMessage(".*Listening on http.*", 1)
+ .withStartupTimeout(Duration.ofMinutes(2)))
+ .dependsOn(postgresContainer);
+
+ conjurContainer.start();
+
+ LOGGER.info("Conjur container started on port {}",
conjurContainer.getMappedPort(80));
+ }
+
+ private void startNginxContainer() throws Exception {
+ LOGGER.info("Starting Nginx proxy container...");
+
+ // Get paths to generated certificates and config files
+ Path certsDir = Paths.get("target/certs");
+ Path nginxCert = certsDir.resolve("nginx.crt");
+ Path nginxKey = certsDir.resolve("nginx.key");
+
+ if (!Files.exists(nginxCert) || !Files.exists(nginxKey)) {
+ throw new RuntimeException("SSL certificates not found in
target/certs.");
+ }
+
+ nginxContainer = new
GenericContainer<>(DockerImageName.parse(NGINX_CONTAINER_IMAGE))
+ .withNetwork(network)
+ .withNetworkAliases("proxy")
+
.withCopyFileToContainer(MountableFile.forClasspathResource("conf/default.conf"),
+ "/etc/nginx/conf.d/default.conf")
+ .withCopyFileToContainer(MountableFile.forHostPath(nginxCert),
"/etc/nginx/tls/nginx.crt")
+ .withCopyFileToContainer(MountableFile.forHostPath(nginxKey),
"/etc/nginx/tls/nginx.key")
+ .withExposedPorts(NGINX_PORT)
+ .withLogConsumer(new
Slf4jLogConsumer(LOGGER).withPrefix("NGINX"))
+
.waitingFor(Wait.forListeningPort().withStartupTimeout(Duration.ofMinutes(1)))
+ .dependsOn(conjurContainer);
+
+ nginxContainer.start();
+
+ LOGGER.info("Nginx proxy container started on port {}",
nginxContainer.getMappedPort(443));
+ }
+
+ private void startClientContainer() throws Exception {
+ LOGGER.info("Starting Conjur CLI client container...");
+
+ clientContainer = new
GenericContainer<>(DockerImageName.parse(CONJUR_CLI_CONTAINER_IMAGE))
+ .withNetwork(network)
+ .withNetworkAliases("client")
+ .withCreateContainerCmdModifier(cmd -> {
+ cmd.withEntrypoint("sleep");
+ })
+ .withCommand("infinity")
+ .withCopyFileToContainer(
+
org.testcontainers.utility.MountableFile.forClasspathResource("conf/policy/BotApp.yml"),
+ "/policy/BotApp.yml")
+ .withLogConsumer(new
Slf4jLogConsumer(LOGGER).withPrefix("CLIENT"))
+ .withStartupTimeout(Duration.ofSeconds(5))
+ .dependsOn(nginxContainer);
+
+ clientContainer.start();
+
+ LOGGER.info("Conjur CLI client container started");
+ }
+
+ private void initializeConjur(Map<String, String> result) throws Exception
{
+ LOGGER.info("Initializing Conjur account...");
+
+ // Verify containers are running
+ if (!conjurContainer.isRunning()) {
+ throw new RuntimeException("Conjur container is not running");
+ }
+
+ if (!clientContainer.isRunning()) {
+ throw new RuntimeException("Client container is not running");
+ }
+
+ LOGGER.info("All containers verified as running");
+
+ // Create Conjur account
+ Container.ExecResult er = conjurContainer.execInContainer(
+ "conjurctl", "account", "create", CONJUR_ACCOUNT);
+ Assertions.assertEquals(0, er.getExitCode(), "Creation of account
failed with: " + er.getStderr());
+
+ // Extract admin API key (last word from stdout)
+ String adminKey = new
LinkedList<>(Arrays.asList(er.getStdout().split("\\s"))).getLast();
+ LOGGER.info("Conjur account created with admin key");
+
+ // Initialize Conjur CLI client
+ er = clientContainer.execInContainer(
+ "conjur", "init", "oss", "-u", "https://proxy";, "-a",
CONJUR_ACCOUNT, "--self-signed");
+ Assertions.assertEquals(0, er.getExitCode(), "Client init failed with:
" + er.getStderr());
+ LOGGER.info("Conjur CLI client initialized");
+
+ // Login as admin
+ er = clientContainer.execInContainer(
+ "conjur", "login", "-i", "admin", "-p", adminKey);
+ Assertions.assertEquals(0, er.getExitCode(), "Client login failed
with: " + er.getStderr());
+ LOGGER.info("Logged in as admin");
+
+ // Load policy
+ er = clientContainer.execInContainer(
+ "conjur", "policy", "load", "-b", "root", "-f",
"/policy/BotApp.yml");
+ Assertions.assertEquals(0, er.getExitCode(), "Policy load failed with:
" + er.getStderr());
+ LOGGER.info("Policy loaded successfully");
+
+ // Parse policy output to extract API keys
+ ObjectMapper objectMapper = new ObjectMapper();
+ JsonNode jsonNode = objectMapper.readTree(er.getStdout());
+
+ result.put("conjur.read.username", "host/BotApp/myDemoApp");
+ result.put("conjur.read.apiKey",
+ jsonNode.get("created_roles").get(CONJUR_ACCOUNT +
":host:BotApp/myDemoApp").get("api_key").textValue());
+ result.put("conjur.write.username", "user/Dave@BotApp");
+ result.put("conjur.write.apiKey",
+ jsonNode.get("created_roles").get(CONJUR_ACCOUNT +
":user:Dave@BotApp").get("api_key").textValue());
+
+ // Logout
+ clientContainer.execInContainer("conjur", "logout");
+
+ LOGGER.info("Conjur initialization complete");
+ }
+
@Override
public void stop() {
try {
-
- if (container != null) {
- container.stop();
+ if (clientContainer != null) {
+ clientContainer.stop();
+ }
+ if (nginxContainer != null) {
+ nginxContainer.stop();
+ }
+ if (conjurContainer != null) {
+ conjurContainer.stop();
+ }
+ if (postgresContainer != null) {
+ postgresContainer.stop();
+ }
+ if (network != null) {
+ network.close();
}
-
} catch (Exception e) {
- // ignored
+ LOGGER.warn("Error during cleanup", e);
}
}
}
diff --git
a/integration-tests/cyberark-vault/src/test/resources/conf/tls/tls.conf
b/integration-tests/cyberark-vault/src/test/resources/conf/tls/tls.conf
deleted file mode 100755
index 21a1870654..0000000000
--- a/integration-tests/cyberark-vault/src/test/resources/conf/tls/tls.conf
+++ /dev/null
@@ -1,39 +0,0 @@
-[req]
-default_bits = 2048
-prompt = no
-default_md = sha256
-req_extensions = req_ext
-distinguished_name = dn
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-req_extensions = v3_req
-x509_extensions = usr_cert
-
-[ dn ]
-C=US
-ST=Wisconsin
-L=Madison
-O=CyberArk
-OU=Onyx
-CN=proxy
-
-[ usr_cert ]
-basicConstraints=CA:FALSE
-nsCertType = client, server, email
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection
-nsComment = "OpenSSL Generated Certificate"
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-[ v3_req ]
-extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-subjectAltName = @alt_names
-
-[ alt_names ]
-DNS.1 = localhost
-DNS.2 = proxy
-IP.1 = 127.0.0.1
diff --git
a/integration-tests/cyberark-vault/src/test/resources/docker-compose.yml
b/integration-tests/cyberark-vault/src/test/resources/docker-compose.yml
deleted file mode 100755
index 5b78bd4e7b..0000000000
--- a/integration-tests/cyberark-vault/src/test/resources/docker-compose.yml
+++ /dev/null
@@ -1,104 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-services:
- openssl:
- image: cyberark/conjur
- entrypoint:
- - openssl
- - req
- - -newkey
- - rsa:2048
- - -days
- - "365"
- - -nodes
- - -x509
- - -config
- - /tmp/conf/tls.conf
- - -extensions
- - v3_ca
- - -keyout
- - /tmp/conf/nginx.key
- - -out
- - /tmp/conf/nginx.crt
- volumes:
- - ./conf/tls/:/tmp/conf:z
-
- bot_app:
- image: cfmanteiga/alpine-bash-curl-jq
- privileged: true
- command: tail -F anything
- volumes:
- - ./program.sh:/tmp/program.sh
- restart: on-failure
-
- database:
- image: postgres:15
- environment:
- POSTGRES_HOST_AUTH_METHOD: password
- POSTGRES_PASSWORD: SuperSecretPg
- ports:
- - "0:5432"
-
- pgadmin:
-# https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html
- image: dpage/pgadmin4
- environment:
- PGADMIN_DEFAULT_EMAIL: [email protected]
- PGADMIN_DEFAULT_PASSWORD: SuperSecret
- ports:
- - "0:80"
-
- conjur:
- image: cyberark/conjur
- command: server
- environment:
- DATABASE_URL: postgres://postgres:SuperSecretPg@database/postgres
- CONJUR_DATA_KEY: changeitchangeitchangeitchangeitchangeitIhc=
- CONJUR_AUTHENTICATORS:
- CONJUR_TELEMETRY_ENABLED: 'false'
- # By default Conjur API only returns 1000 resources (since 1.22.0)
- # However this repo is used in testing scenarios where more than
- # 1000 resources are present, so increase the limit.
- # This is not a DoS risk as this code is not
- # and must not be used for any form of production deployment.
- CONJUR_API_RESOURCE_LIST_LIMIT_MAX: 5000
- depends_on:
- - database
- restart: on-failure
- ports:
- - "0:80"
-
- proxy:
- image: nginx:latest
- ports:
- - "0:443"
- volumes:
- - ./conf/:/etc/nginx/conf.d/:ro,z
- - ./conf/tls/:/etc/nginx/tls/:ro,z
- depends_on:
- - conjur
- - openssl
- restart: on-failure
-
- client:
- image: cyberark/conjur-cli:9
- depends_on: [ proxy ]
- entrypoint: sleep
- command: infinity
- volumes:
- - ./conf/policy:/policy
diff --git a/integration-tests/cyberark-vault/startConjur.sh
b/integration-tests/cyberark-vault/startConjur.sh
deleted file mode 100755
index d1b7d40e8b..0000000000
--- a/integration-tests/cyberark-vault/startConjur.sh
+++ /dev/null
@@ -1,82 +0,0 @@
-#!/bin/bash
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-
-# alternative way of running the tests.
-# script starts the conjur quickstart via docker compose and do all required
configuration
-# after running it, please export all 6 variables and then you can start the
test
-# When asked `Select the environment you want to use:`
-# please choose `Conjur Open Source`
-
-echo "Temporary folder 'tmp' is used"
-mkdir tmp
-cd tmp
-
-echo "************************************************"
-echo "****** SETUP A CONJUR OSS ENVIRONMENT *********"
-echo "************************************************"
-
-echo "Cloning conjur quickstart"
-git clone https://github.com/cyberark/conjur-quickstart.git
-
-cd conjur-quickstart
-echo "Removing previous instances"
-docker-compose rm -fsv
-
-echo "Step 1: Pull the Docker image"
-docker-compose pull
-
-echo "Step 2: Generate the master key"
-docker-compose run --no-deps --rm conjur data-key generate > data_key
-
-echo "Step 3: Load master key as an environment variable"
-export CONJUR_DATA_KEY="$(< data_key)"
-
-echo "Step 4: Start the Conjur OSS environment"
-docker-compose up -d
-
-echo "Step 5: Create admin account"
-docker-compose exec conjur conjurctl account create myConjurAccount >
admin_data
-
-echo "Step 6: Connect the Conjur client to the Conjur server"
-docker-compose exec client conjur init -u https://proxy -a myConjurAccount
--self-signed
-
-echo "************************************************"
-echo "****************** 2. DEFINE POLICY ************"
-echo "************************************************"
-
-echo "Step 1: Login in to Conjur as admin"
-docker-compose exec client conjur login -i admin -p $(awk 'END {print $NF}'
admin_data)
-
-echo "Step 2: Load the sample policy"
-docker-compose exec client conjur policy load -b root -f policy/BotApp.yml >
my_app_data
-
-echo "Step 3: Logout of Conjur"
-docker-compose exec client conjur logout
-
-echo
-echo ------------ please export following properties ------------------------
-echo export CQ_CONJUR_URL=http://localhost:8080/
-echo export CQ_CONJUR_ACCOUNT=myConjurAccount
-echo export CQ_CONJUR_READ_USER=host/BotApp/myDemoApp
-echo export CQ_CONJUR_READ_USER_API_KEY=$(jq -r
'.created_roles."myConjurAccount:host:BotApp/myDemoApp".api_key' my_app_data)
-echo export CQ_CONJUR_READ_WRITE_USER=user/Dave@BotApp
-echo export CQ_CONJUR_READ_WRITE_USER_API_KEY=$(jq -r
'.created_roles."myConjurAccount:user:Dave@BotApp".api_key' my_app_data)
-echo "# to avoid port conflict with quarkus (against opensource conjur)"
-echo export QUARKUS_HTTP_PORT=0
-echo export QUARKUS_HTTPS_PORT=0
diff --git a/integration-tests/cyberark-vault/stopConjur.sh
b/integration-tests/cyberark-vault/stopConjur.sh
deleted file mode 100755
index e00bf3b6c1..0000000000
--- a/integration-tests/cyberark-vault/stopConjur.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/bash
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-
-# alternative way of running the tests.
-# script starts the conjur quickstart via docker compose and do all required
configuration
-# after running it, please export all 6 variables and then you can start the
test
-
-echo "Temporary folder 'tmp' is used"
-cd tmp
-cd conjur-quickstart
-echo "Removing previous instances"
-docker-compose rm -fsv
diff --git a/pom.xml b/pom.xml
index 56afa1d5bf..d99092a8aa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -238,6 +238,9 @@
<consul.container.image>mirror.gcr.io/hashicorp/consul:1.21</consul.container.image>
<couchbase.container.image>mirror.gcr.io/couchbase/server:7.6.2</couchbase.container.image>
<couchdb.container.image>mirror.gcr.io/couchdb:3.5.0</couchdb.container.image>
+
<cyberark-conjur.container.image>mirror.gcr.io/cyberark/conjur:1.24.0</cyberark-conjur.container.image>
+
<cyberark-conjur-cli.container.image>mirror.gcr.io/cyberark/conjur-cli:9</cyberark-conjur-cli.container.image>
+
<cyberark-nginx.container.image>mirror.gcr.io/nginx:1.29.4-alpine3.23-perl</cyberark-nginx.container.image>
<db2.container.image>icr.io/db2_community/db2:12.1.0.0</db2.container.image>
<docling.container.image>quay.io/docling-project/docling-serve:v1.9.0</docling.container.image>
<eclipse-mosquitto.container.image>mirror.gcr.io/eclipse-mosquitto:2.0.18</eclipse-mosquitto.container.image>
