dap-service.config

# Local config variables - EDIT AS NEEDED

# absolute (not relative) path to config file for cluster connection
export KUBECONFIG=/Users/josephhunt/Conjur/ocp4-workshop/ocp4-workshop-setup/kubeconfig

# path to oc CLI (uncomment if needed)
#export PATH=$PATH:/usr/local/bin/oc

# CLUSTER_DOMAIN is the domain name for cluster API server,
# e.g. if the server is at:
#     https://api.foo.bar.com:6443
# then CLUSTER_DOMAIN is foo.bar.com

#export CLUSTER_DOMAIN=cluster-8j8dn.8j8dn.example.opentlc.com
#export CLUSTER_DOMAIN=dapoc4.cyberarkdemo.com
export CLUSTER_DOMAIN=cyberlab.cyberark-ocp4.com
export NUM_ATTENDEES=10
export CLUSTER_ADMIN=jodyhunt
export CYBERARK_NAMESPACE_ADMIN=jodyhunt

######################
# Docker images for lab setup
export REGISTRY_APPLIANCE_IMAGE=jodyhuntatx/dap:11.7.0
export REGISTRY_SEED_FETCHER_IMAGE=cyberark/dap-seedfetcher:latest
export REGISTRY_MYSQL_IMAGE=mysql:5.7.32
#export REGISTRY_LABADMIN_IMAGE=jodyhuntatx/labadmin:latest
export REGISTRY_LABADMIN_IMAGE=jodyhuntatx/labadmin:norsrcs
export REGISTRY_AUTHENTICATOR_IMAGE=cyberark/conjur-authn-k8s-client:latest
		# this value must be equal to APP_IMAGE env var used in labs
export REGISTRY_LABAPP_IMAGE=jodyhuntatx/lab-app:alpine

if [[ "$KUBECONFIG" == "" ]]; then
  echo "Edit .../ocp4-workshop-setup/dap-service.config w/ kubeconfig path."
  exit -1
fi

if [[ "$CLUSTER_DOMAIN" == "" ]]; then
  echo "Edit .../ocp4-workshop-setup/dap-service.config w/ cluster domain."
  exit -1
fi

if [[ "$CLUSTER_ADMIN" == "" ]]; then
  echo "Edit .../ocp4-workshop-setup/dap-service.config w/ cluster admin name."
  exit -1
fi

if [[ "$CYBERARK_NAMESPACE_ADMIN" == "" ]]; then
  echo "Edit .../ocp4-workshop-setup/dap-service.config w/ CyberArk namespace admin name."
  exit -1
fi

export CYBERARK_NAMESPACE_NAME=cyberlab
export CONJUR_ACCOUNT=lab
export CLUSTER_AUTHN_ID=$CYBERARK_NAMESPACE_NAME

######################
# Vault policy parameters & secrets. Account is a simulation of structure
# created by the Vault-Conjur Synchronizer. Some of these variable names are hard-coded
# in the user labs. Do not change unless you also update those references (see
# labadmin and labapp build directories under 2-user-lab-setup).
export VAULT_NAME=LabVault
export LOB_NAME=Labs
export SAFE_NAME=LabSafe1
export ACCOUNT_NAME=MySQL
export MYSQL_USERNAME=test_app
export MYSQL_PASSWORD=UhGfMk5L

############################################
# VALUES BELOW SHOULD NOT NEED EDITING
############################################

######################
# Lab-specific parameters
export LAB_HTPASS_PROVIDER=htpasswd
export LAB_HTPASS_SECRET=htpasswd-secret

# URL of cluster api
export LAB_CLUSTER=https://api.$CLUSTER_DOMAIN:6443

# URL of cluster console UI
export CONSOLE_URL=https://console-openshift-console.apps.$CLUSTER_DOMAIN

######################
# DAP service configuration
export DAP_MASTER_NODE_LABEL=dap-master-host

if [[ "$(which keyring)" == "" ]]; then
  read -sp "Enter Conjur admin password: " DAP_ADMIN_PASSWORD 
else
  if [[ "$(keyring get conjur adminpwd)" == "" ]]; then
    keyring set conjur adminpwd
  fi
  export DAP_ADMIN_PASSWORD=$(keyring get conjur adminpwd)
fi
export AUTHN_USERNAME=admin
export AUTHN_PASSWORD=$DAP_ADMIN_PASSWORD
export CONJUR_MASTER_HOSTNAME=dap-service-node-$CYBERARK_NAMESPACE_NAME.apps.$CLUSTER_DOMAIN
export CONJUR_MASTER_PORT=443

export CONJUR_APPLIANCE_URL=https://$CONJUR_MASTER_HOSTNAME:$CONJUR_MASTER_PORT
export CONJUR_FOLLOWER_SERVICE_NAME=dap-service-node.$CYBERARK_NAMESPACE_NAME.svc.cluster.local
export CONJUR_AUTHENTICATORS=authn-k8s/$CLUSTER_AUTHN_ID
export CONJUR_AUTHENTICATOR_URL=https://$CONJUR_FOLLOWER_SERVICE_NAME/api/authn-k8s/$CLUSTER_AUTHN_ID

######################
# Portability stuff
# Use a cap-D for base64 decoding on Macs
if [[ "$(uname -s)" == "Linux" ]]; then
  BASE64D="base64 -d"
else
  BASE64D="base64 -D"
fi