diff --git a/ci/tasks/credhub.yml b/ci/tasks/credhub.yml index b957444ab..cfd6b9126 100644 --- a/ci/tasks/credhub.yml +++ b/ci/tasks/credhub.yml @@ -12,6 +12,12 @@ jobs: run: path: bash args: - - -c + - -exc - | [[ "$PASSWORD" = "c1oudc0w" ]] + apt-get update 2>&1 > /dev/null + apt-get install -y --no-install-recommends curl 2>&1 > /dev/null + credhub_status=$(curl --max-time 5 -kLso/dev/null -w "%{http_code}" https://((domain)):8844) + uaa_status=$(curl --max-time 5 -kLso/dev/null -w "%{http_code}" https://((domain)):8443) + [[ "$credhub_status" = 401 ]] + [[ "$uaa_status" = 200 ]] diff --git a/ci/tasks/lib/credhub.sh b/ci/tasks/lib/credhub.sh index 98b26dcc7..cb303b2e0 100644 --- a/ci/tasks/lib/credhub.sh +++ b/ci/tasks/lib/credhub.sh @@ -21,8 +21,12 @@ function assertPipelinesCanReadFromCredhub() { credhub api credhub set -n /concourse/main/password -t password -w c1oudc0w + bosh interpolate "$(dirname "$0")/credhub.yml" \ + --var domain="$domain" \ + > "$(dirname "$0")/credhub_interpolated.yml" + # shellcheck disable=SC2034 - manifest="$(dirname "$0")/credhub.yml" + manifest="$(dirname "$0")/credhub_interpolated.yml" # shellcheck disable=SC2034 job="credhub" # shellcheck disable=SC2034 diff --git a/resource/assets/gcp/infrastructure.tf b/resource/assets/gcp/infrastructure.tf index 8be8f39cc..7eae554d7 100644 --- a/resource/assets/gcp/infrastructure.tf +++ b/resource/assets/gcp/infrastructure.tf @@ -253,7 +253,7 @@ resource "google_compute_firewall" "from-private" { source_ranges = ["${var.private_cidr}"] allow { protocol = "tcp" - ports = ["6868","4222", "25250", "25555", "25777", "5555", "2222", "7777", "7788", "7799", "22", "3307"] + ports = ["6868","4222", "25250", "25555", "25777", "5555", "2222", "7777", "7788", "7799", "22", "3307", "8844", "8443"] } allow { protocol = "udp"