mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-08 15:21:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
0caeb7b8417d60dd0841119d4772b07d88a2406d
pinniped/pipelines/shared-tasks/deploy-to-integration/task.yml
Ryan Richard 0caeb7b841 Use Okta LDAP instead of Jumpcloud LDAP
2025-07-25 11:59:37 -07:00

126 lines
4.0 KiB
YAML
Raw Blame History

# Copyright 2020-2025 the Pinniped contributors. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
---
platform: linux
inputs:
- name: pinniped
- name: pinniped-ci
- name: ci-build-image
- name: cluster-pool
- name: pinniped-password
optional: true
outputs:
- name: integration-test-env-vars
- name: kubeconfig
params:
USE_LOAD_BALANCERS_FOR_DEX_AND_SUPERVISOR:
# one of these should be set
CLUSTER_CAPABILITIES:
CLUSTER_CAPABILITIES_PATH:
# only needed for unusual test cases involving multiple Pinnipeds or custom API groups
PINNIPED_API_GROUP_SUFFIX:
SECONDARY_DEPLOY:
PINNIPED_SUPERVISOR_APP_NAME:
PINNIPED_CONCIERGE_APP_NAME:
SECONDARY_SUPERVISOR_APP_NAME:
SECONDARY_SUPERVISOR_NAMESPACE:
PINNIPED_SUPERVISOR_HTTP_NODEPORT:
PINNIPED_SUPERVISOR_HTTPS_NODEPORT:
# only needed for unusual case of wanting to test the HTTPS_PROXY settings
FIREWALL_IDPS:
# needed when we are testing against active directory.
TEST_ACTIVE_DIRECTORY:
AWS_AD_HOST:
AWS_AD_DOMAIN:
AWS_AD_BIND_ACCOUNT_USERNAME:
AWS_AD_BIND_ACCOUNT_PASSWORD:
AWS_AD_USER_USER_PRINCIPAL_NAME:
AWS_AD_USER_PASSWORD:
AWS_AD_USER_UNIQUE_ID_ATTRIBUTE_NAME:
AWS_AD_USER_UNIQUE_ID_ATTRIBUTE_VALUE:
AWS_AD_USER_EXPECTED_GROUPS_DN:
AWS_AD_USER_EXPECTED_GROUPS_CN:
AWS_AD_LDAPS_CA_BUNDLE:
AWS_AD_DEACTIVATED_USER_SAMACCOUNTNAME:
AWS_AD_DEACTIVATED_USER_PASSWORD:
AWS_AD_USER_EMAIL_ATTRIBUTE_VALUE:
AWS_AD_USER_DEFAULTNAMINGCONTEXT_DN:
AWS_AD_USERS_DN:
# Only needed when wanting to test using Okta instead of Dex.
# Note that this task does not accept OKTA_SUPERVISOR_CALLBACK. Not needed because
# the value of that variable can be determined from other variables. This task always
# deploys the tools namespace, so the Supervisor callback URL will use the
# squid proxy to access the Supervisor's callback endpoint.
OKTA_CLI_CALLBACK:
OKTA_CLI_CLIENT_ID:
OKTA_ADDITIONAL_SCOPES:
OKTA_USERNAME_CLAIM:
OKTA_GROUPS_CLAIM:
OKTA_ISSUER:
OKTA_PASSWORD:
OKTA_SUPERVISOR_CLIENT_ID:
OKTA_SUPERVISOR_CLIENT_SECRET:
OKTA_USERNAME:
OKTA_GROUPS:
# only needed when wanting to test using Jumpcloud instead of OpenLDAP.
JUMPCLOUD_LDAP_HOST:
JUMPCLOUD_LDAP_STARTTLS_ONLY_HOST:
JUMPCLOUD_LDAP_BIND_ACCOUNT_USERNAME:
JUMPCLOUD_LDAP_BIND_ACCOUNT_PASSWORD:
JUMPCLOUD_LDAP_USERS_SEARCH_BASE:
JUMPCLOUD_LDAP_GROUPS_SEARCH_FILTER:
JUMPCLOUD_LDAP_GROUPS_SEARCH_BASE:
JUMPCLOUD_LDAP_USER_DN:
JUMPCLOUD_LDAP_USER_CN:
JUMPCLOUD_LDAP_USER_PASSWORD:
JUMPCLOUD_LDAP_USER_UNIQUE_ID_ATTRIBUTE_NAME:
JUMPCLOUD_LDAP_USER_UNIQUE_ID_ATTRIBUTE_VALUE:
JUMPCLOUD_LDAP_USER_EMAIL_ATTRIBUTE_NAME:
JUMPCLOUD_LDAP_USER_EMAIL_ATTRIBUTE_VALUE:
JUMPCLOUD_LDAP_EXPECTED_DIRECT_GROUPS_DN:
JUMPCLOUD_LDAP_EXPECTED_DIRECT_GROUPS_CN:
JUMPCLOUD_LDAP_EXPECTED_DIRECT_POSIX_GROUPS_CN:
# only needed when wanting to test using Okta LDAP instead of OpenLDAP.
OKTA_LDAP_HOST:
OKTA_LDAP_STARTTLS_ONLY_HOST:
OKTA_LDAP_BIND_ACCOUNT_USERNAME:
OKTA_LDAP_BIND_ACCOUNT_PASSWORD:
OKTA_LDAP_USERS_SEARCH_BASE:
OKTA_LDAP_GROUPS_SEARCH_BASE:
OKTA_LDAP_GROUPS_SEARCH_FILTER:
OKTA_LDAP_USER_DN:
OKTA_LDAP_USER_CN:
OKTA_LDAP_USER_PASSWORD:
OKTA_LDAP_USER_UNIQUE_ID_ATTRIBUTE_NAME:
OKTA_LDAP_USER_UNIQUE_ID_ATTRIBUTE_VALUE:
OKTA_LDAP_USER_EMAIL_ATTRIBUTE_NAME:
OKTA_LDAP_USER_EMAIL_ATTRIBUTE_VALUE:
OKTA_LDAP_EXPECTED_DIRECT_GROUPS_DN:
OKTA_LDAP_EXPECTED_DIRECT_GROUPS_CN:
OKTA_LDAP_EXPECTED_DIRECT_POSIX_GROUPS_CN:
# only needed when wanting to test using GitHub as an identity provider
PINNIPED_TEST_GITHUB_APP_CLIENT_ID:
PINNIPED_TEST_GITHUB_APP_CLIENT_SECRET:
PINNIPED_TEST_GITHUB_OAUTH_APP_CLIENT_ID:
PINNIPED_TEST_GITHUB_OAUTH_APP_CLIENT_SECRET:
PINNIPED_TEST_GITHUB_OAUTH_APP_ALLOWED_CALLBACK_URL:
PINNIPED_TEST_GITHUB_USER_USERNAME:
PINNIPED_TEST_GITHUB_USER_PASSWORD:
PINNIPED_TEST_GITHUB_USER_OTP_SECRET:
PINNIPED_TEST_GITHUB_USERID:
PINNIPED_TEST_GITHUB_ORG:
PINNIPED_TEST_GITHUB_EXPECTED_TEAM_NAMES:
PINNIPED_TEST_GITHUB_EXPECTED_TEAM_SLUGS:
run:
path: pinniped-ci/pipelines/shared-tasks/deploy-to-integration/task.sh
Reference in New Issue View Git Blame Copy Permalink