diff --git a/automation/canary-prod-test.sh b/automation/canary-prod-test.sh index eaf25664fc..b40c72b34d 100644 --- a/automation/canary-prod-test.sh +++ b/automation/canary-prod-test.sh @@ -5,6 +5,7 @@ set -e set -x ENV=$1 +VAULT_TOKEN=${2:-$(cat $HOME/.vault-token)} WORKING_DIR=${3:-$PWD} NEED_TOKEN=false @@ -16,16 +17,7 @@ else echo "Starting canary test in Production" fi -DOCKER_ARGS=( - "run" - "--rm" - "-v ${HOME}/.config/gcloud:/root/.config/gcloud" - "google/cloud-sdk" -) - -SECRET_ACCESS_ACCOUNT=jenkins-firecloud@broad-dsp-techops.iam.gserviceaccount.com -# Expand the array of args and pass them to `docker` -JSON_CREDS=$(docker ${DOCKER_ARGS[*]} /bin/bash -c "gcloud config set account ${SECRET_ACCESS_ACCOUNT} && gcloud secrets versions access latest --project broad-dsde-dev --secret firecloud-sa") +JSON_CREDS=`docker run --rm -e VAULT_TOKEN=$VAULT_TOKEN -e VAULT_ADDR=https://clotho.broadinstitute.org:8200 broadinstitute/dsde-toolbox vault read -format=json secret/dsde/firecloud/prod/common/canary/firecloud-account.json | jq '.data'` users=( dumbledore.admin@test.firecloud.org @@ -66,7 +58,7 @@ if [ $ENV = "prod" ]; then do echo $i - sleep 60 + sleep 1m monitorSubmission dumbledore.admin@test.firecloud.org broad-firecloud-dsde CanaryTest $submissionId ((i++)) done diff --git a/automation/canary_events.json b/automation/canary_events.json deleted file mode 100644 index e04292bd6e..0000000000 --- a/automation/canary_events.json +++ /dev/null @@ -1 +0,0 @@ -[{"eventType":"CanaryTestProd","type":"Workflow","status": "Succeeded","timeToComplete (sec)":"253"}] diff --git a/automation/complex-prod-workflow-test.sh b/automation/complex-prod-workflow-test.sh index c6ab90a73c..053a746f79 100644 --- a/automation/complex-prod-workflow-test.sh +++ b/automation/complex-prod-workflow-test.sh @@ -6,6 +6,7 @@ set -e set -x ENV=$1 +VAULT_TOKEN=${2:-$(cat $HOME/.vault-token)} WORKING_DIR=${3:-$PWD} NEED_TOKEN=false @@ -17,17 +18,7 @@ else echo "Starting complex workflow test in Production" fi - -DOCKER_ARGS=( - "run" - "--rm" - "-v ${HOME}/.config/gcloud:/root/.config/gcloud" - "google/cloud-sdk" -) - -SECRET_ACCESS_ACCOUNT=jenkins-firecloud@broad-dsp-techops.iam.gserviceaccount.com -# Expand the array of args and pass them to `docker` -JSON_CREDS=$(docker ${DOCKER_ARGS[*]} /bin/bash -c "gcloud config set account ${SECRET_ACCESS_ACCOUNT} && gcloud secrets versions access latest --project broad-dsde-dev --secret firecloud-sa") +JSON_CREDS=`docker run --rm -e VAULT_TOKEN=$VAULT_TOKEN -e VAULT_ADDR=https://clotho.broadinstitute.org:8200 broadinstitute/dsde-toolbox vault read -format=json secret/dsde/firecloud/prod/common/canary/firecloud-account.json | jq '.data'` users=( dumbledore.admin@test.firecloud.org @@ -68,7 +59,7 @@ if [ $ENV = "prod" ]; then do echo $i - sleep 300 + sleep 5m monitorSubmission dumbledore.admin@test.firecloud.org broad-firecloud-dsde complex-featured-workflow $submissionId ((i++)) done diff --git a/jenkins/jenkins_build.sh b/jenkins/jenkins_build.sh index 5d6710dcae..ef7e2a1589 100755 --- a/jenkins/jenkins_build.sh +++ b/jenkins/jenkins_build.sh @@ -4,21 +4,11 @@ set -eux GCR_SVCACCT_VAULT="secret/dsde/dsp-techops/common/dspci-wb-gcr-service-account.json" GCR_REPO_PROJ="broad-dsp-gcr-public" +VAULT_TOKEN=${VAULT_TOKEN:-$(cat /etc/vault-token-dsde)} -gcloud auth activate-service-account --key-file=${DSP_TECHOPS_SVC_ACCT} - -DOCKER_ARGS=( - "run" - "--rm" - "-v ${HOME}/.config/gcloud:/root/.config/gcloud" - "google/cloud-sdk" -) - -SECRET_ACCESS_ACCOUNT=jenkins-firecloud@broad-dsp-techops.iam.gserviceaccount.com -# Expand the array of args and pass them to `docker` -JSON_CREDS=$(docker ${DOCKER_ARGS[*]} /bin/bash -c "gcloud config set account ${SECRET_ACCESS_ACCOUNT} && gcloud secrets versions access latest --project broad-dsp-techops --secret dspci-wb-gcr-service-account") - -echo ${JSON_CREDS} | jq . > dspci-wb-gcr-service-account.json +docker run --rm -e VAULT_TOKEN=$VAULT_TOKEN \ + broadinstitute/dsde-toolbox:latest vault read --format=json ${GCR_SVCACCT_VAULT} \ + | jq .data > dspci-wb-gcr-service-account.json ./scripts/build.sh compile -d push -g gcr.io/broad-dsp-gcr-public/${PROJECT} -k "dspci-wb-gcr-service-account.json"