# Copyright 2020-2025 the Pinniped contributors. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 --- platform: linux inputs: - name: pinniped - name: pinniped-ci - name: ci-build-image - name: cluster-pool - name: pinniped-password optional: true outputs: - name: integration-test-env-vars - name: kubeconfig params: USE_LOAD_BALANCERS_FOR_DEX_AND_SUPERVISOR: # one of these should be set CLUSTER_CAPABILITIES: CLUSTER_CAPABILITIES_PATH: # only needed for unusual test cases involving multiple Pinnipeds or custom API groups PINNIPED_API_GROUP_SUFFIX: SECONDARY_DEPLOY: PINNIPED_SUPERVISOR_APP_NAME: PINNIPED_CONCIERGE_APP_NAME: SECONDARY_SUPERVISOR_APP_NAME: SECONDARY_SUPERVISOR_NAMESPACE: PINNIPED_SUPERVISOR_HTTP_NODEPORT: PINNIPED_SUPERVISOR_HTTPS_NODEPORT: # only needed for unusual case of wanting to test the HTTPS_PROXY settings FIREWALL_IDPS: # needed when we are testing against active directory. TEST_ACTIVE_DIRECTORY: AWS_AD_HOST: AWS_AD_DOMAIN: AWS_AD_BIND_ACCOUNT_USERNAME: AWS_AD_BIND_ACCOUNT_PASSWORD: AWS_AD_USER_USER_PRINCIPAL_NAME: AWS_AD_USER_PASSWORD: AWS_AD_USER_UNIQUE_ID_ATTRIBUTE_NAME: AWS_AD_USER_UNIQUE_ID_ATTRIBUTE_VALUE: AWS_AD_USER_EXPECTED_GROUPS_DN: AWS_AD_USER_EXPECTED_GROUPS_CN: AWS_AD_LDAPS_CA_BUNDLE: AWS_AD_DEACTIVATED_USER_SAMACCOUNTNAME: AWS_AD_DEACTIVATED_USER_PASSWORD: AWS_AD_USER_EMAIL_ATTRIBUTE_VALUE: AWS_AD_USER_DEFAULTNAMINGCONTEXT_DN: AWS_AD_USERS_DN: # Only needed when wanting to test using Okta instead of Dex. # Note that this task does not accept OKTA_SUPERVISOR_CALLBACK. Not needed because # the value of that variable can be determined from other variables. This task always # deploys the tools namespace, so the Supervisor callback URL will use the # squid proxy to access the Supervisor's callback endpoint. OKTA_CLI_CALLBACK: OKTA_CLI_CLIENT_ID: OKTA_ADDITIONAL_SCOPES: OKTA_USERNAME_CLAIM: OKTA_GROUPS_CLAIM: OKTA_ISSUER: OKTA_PASSWORD: OKTA_SUPERVISOR_CLIENT_ID: OKTA_SUPERVISOR_CLIENT_SECRET: OKTA_USERNAME: OKTA_GROUPS: # only needed when wanting to test using Jumpcloud instead of OpenLDAP. JUMPCLOUD_LDAP_HOST: JUMPCLOUD_LDAP_STARTTLS_ONLY_HOST: JUMPCLOUD_LDAP_BIND_ACCOUNT_USERNAME: JUMPCLOUD_LDAP_BIND_ACCOUNT_PASSWORD: JUMPCLOUD_LDAP_USERS_SEARCH_BASE: JUMPCLOUD_LDAP_GROUPS_SEARCH_FILTER: JUMPCLOUD_LDAP_GROUPS_SEARCH_BASE: JUMPCLOUD_LDAP_USER_DN: JUMPCLOUD_LDAP_USER_CN: JUMPCLOUD_LDAP_USER_PASSWORD: JUMPCLOUD_LDAP_USER_UNIQUE_ID_ATTRIBUTE_NAME: JUMPCLOUD_LDAP_USER_UNIQUE_ID_ATTRIBUTE_VALUE: JUMPCLOUD_LDAP_USER_EMAIL_ATTRIBUTE_NAME: JUMPCLOUD_LDAP_USER_EMAIL_ATTRIBUTE_VALUE: JUMPCLOUD_LDAP_EXPECTED_DIRECT_GROUPS_DN: JUMPCLOUD_LDAP_EXPECTED_DIRECT_GROUPS_CN: JUMPCLOUD_LDAP_EXPECTED_DIRECT_POSIX_GROUPS_CN: # only needed when wanting to test using Okta LDAP instead of OpenLDAP. OKTA_LDAP_HOST: OKTA_LDAP_STARTTLS_ONLY_HOST: OKTA_LDAP_BIND_ACCOUNT_USERNAME: OKTA_LDAP_BIND_ACCOUNT_PASSWORD: OKTA_LDAP_USERS_SEARCH_BASE: OKTA_LDAP_GROUPS_SEARCH_BASE: OKTA_LDAP_GROUPS_SEARCH_FILTER: OKTA_LDAP_USER_DN: OKTA_LDAP_USER_CN: OKTA_LDAP_USER_PASSWORD: OKTA_LDAP_USER_UNIQUE_ID_ATTRIBUTE_NAME: OKTA_LDAP_USER_UNIQUE_ID_ATTRIBUTE_VALUE: OKTA_LDAP_USER_EMAIL_ATTRIBUTE_NAME: OKTA_LDAP_USER_EMAIL_ATTRIBUTE_VALUE: OKTA_LDAP_EXPECTED_DIRECT_GROUPS_DN: OKTA_LDAP_EXPECTED_DIRECT_GROUPS_CN: OKTA_LDAP_EXPECTED_DIRECT_POSIX_GROUPS_CN: # only needed when wanting to test using GitHub as an identity provider PINNIPED_TEST_GITHUB_APP_CLIENT_ID: PINNIPED_TEST_GITHUB_APP_CLIENT_SECRET: PINNIPED_TEST_GITHUB_OAUTH_APP_CLIENT_ID: PINNIPED_TEST_GITHUB_OAUTH_APP_CLIENT_SECRET: PINNIPED_TEST_GITHUB_OAUTH_APP_ALLOWED_CALLBACK_URL: PINNIPED_TEST_GITHUB_USER_USERNAME: PINNIPED_TEST_GITHUB_USER_PASSWORD: PINNIPED_TEST_GITHUB_USER_OTP_SECRET: PINNIPED_TEST_GITHUB_USERID: PINNIPED_TEST_GITHUB_ORG: PINNIPED_TEST_GITHUB_EXPECTED_TEAM_NAMES: PINNIPED_TEST_GITHUB_EXPECTED_TEAM_SLUGS: run: path: pinniped-ci/pipelines/shared-tasks/deploy-to-integration/task.sh