diff --git a/jobs/web/spec b/jobs/web/spec index dad83e861..a68ea1d23 100644 --- a/jobs/web/spec +++ b/jobs/web/spec @@ -1237,7 +1237,7 @@ properties: description: | The maximum time between retries when logging in or re-authing a secret. - conjur.appliance_interval: + conjur.appliance_url: env: CONCOURSE_CONJUR_APPLIANCE_URL description: | URL of the Conjur instance. @@ -1245,10 +1245,11 @@ properties: env: CONCOURSE_CONJUR_ACCOUNT description: | Conjur account name. - conjur.cert_file: - env: CONCOURSE_CONJUR_CERT_FILE + conjur.tls.ca_cert: + type: certificate + env_fields: {certificate: {env_file: CONCOURSE_CONJUR_CERT_FILE}} description: | - Path to cert file used if conjur instance is using a self-signed cert. + A PEM-encoded CA cert to use to verify the Conjur server SSL cert. conjur.auth.login: env: CONCOURSE_CONJUR_AUTHN_LOGIN description: | diff --git a/jobs/web/templates/bpm.yml.erb b/jobs/web/templates/bpm.yml.erb index 378270eea..a387828ee 100644 --- a/jobs/web/templates/bpm.yml.erb +++ b/jobs/web/templates/bpm.yml.erb @@ -287,7 +287,7 @@ processes: CONCOURSE_CONJUR_ACCOUNT: <%= env_flag(v).to_json %> <% end -%> -<% if_p("conjur.appliance_interval") do |v| -%> +<% if_p("conjur.appliance_url") do |v| -%> CONCOURSE_CONJUR_APPLIANCE_URL: <%= env_flag(v).to_json %> <% end -%> @@ -303,10 +303,6 @@ processes: CONCOURSE_CONJUR_AUTHN_TOKEN_FILE: <%= env_flag(v).to_json %> <% end -%> -<% if_p("conjur.cert_file") do |v| -%> - CONCOURSE_CONJUR_CERT_FILE: <%= env_flag(v).to_json %> -<% end -%> - <% if_p("conjur.pipeline_secret_template") do |v| -%> CONCOURSE_CONJUR_PIPELINE_SECRET_TEMPLATE: <%= env_flag(v).to_json %> <% end -%> @@ -319,6 +315,10 @@ processes: CONCOURSE_CONJUR_TEAM_SECRET_TEMPLATE: <%= env_flag(v).to_json %> <% end -%> +<% if_p("conjur.tls.ca_cert.certificate") do |v| -%> + CONCOURSE_CONJUR_CERT_FILE: <%= env_file_flag(v, "CONCOURSE_CONJUR_CERT_FILE").to_json %> +<% end -%> + <% if_p("container_placement_strategy") do |v| -%> CONCOURSE_CONTAINER_PLACEMENT_STRATEGY: <%= env_flag(v).to_json %> <% end -%> @@ -855,10 +855,6 @@ processes: CONCOURSE_NEWRELIC_API_KEY: <%= env_flag(v).to_json %> <% end -%> -<% if_p("newrelic.url") do |v| -%> - CONCOURSE_NEWRELIC_INSIGHTS_API_URL: <%= env_flag(v).to_json %> -<% end -%> - <% if_p("newrelic.batch_duration") do |v| -%> CONCOURSE_NEWRELIC_BATCH_DURATION: <%= env_flag(v).to_json %> <% end -%> @@ -875,6 +871,10 @@ processes: CONCOURSE_NEWRELIC_SERVICE_PREFIX: <%= env_flag(v).to_json %> <% end -%> +<% if_p("newrelic.url") do |v| -%> + CONCOURSE_NEWRELIC_INSIGHTS_API_URL: <%= env_flag(v).to_json %> +<% end -%> + <% if_p("old_encryption_key") do |v| -%> CONCOURSE_OLD_ENCRYPTION_KEY: <%= env_flag(v).to_json %> <% end -%> diff --git a/jobs/web/templates/pre_start.erb b/jobs/web/templates/pre_start.erb index a99b4c48a..befcfb0af 100644 --- a/jobs/web/templates/pre_start.erb +++ b/jobs/web/templates/pre_start.erb @@ -51,6 +51,9 @@ mkdir -p /var/vcap/jobs/web/config/env <% if_p("config_rbac") do |v| -%> <%= env_file_writer(v, "CONCOURSE_CONFIG_RBAC") %> <% end -%> +<% if_p("conjur.tls.ca_cert.certificate") do |v| -%> +<%= env_file_writer(v, "CONCOURSE_CONJUR_CERT_FILE") %> +<% end -%> <% if_p("credhub.tls.ca_cert.certificate") do |v| -%> <%= env_file_writer(v, "CONCOURSE_CREDHUB_CA_CERT") %> <% end -%>