From 624cd448f80d7d662b79c936931a38ee2a84c01a Mon Sep 17 00:00:00 2001
From: AndrewCopeland <andcope1995@gmail.com>
Date: Thu, 11 Jun 2020 09:54:06 -0400
Subject: [PATCH] Conjur use environment file of type certificate

Signed-off-by: AndrewCopeland <andcope1995@gmail.com>
---
 jobs/web/spec                    | 11 ++++-------
 jobs/web/templates/bpm.yml.erb   | 12 ++++--------
 jobs/web/templates/pre_start.erb |  3 +++
 3 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/jobs/web/spec b/jobs/web/spec
index 36e3f217c..a68ea1d23 100644
--- a/jobs/web/spec
+++ b/jobs/web/spec
@@ -1245,14 +1245,11 @@ properties:
     env: CONCOURSE_CONJUR_ACCOUNT
     description: |
       Conjur account name.
-  conjur.cert_file:
-    env: CONCOURSE_CONJUR_CERT_FILE
-    description: |
-      Path to cert file used if conjur instance is using a self-signed cert.
-  conjur.ssl_certificate:
-    env: CONCOURSE_CONJUR_SSL_CERTIFICATE
+  conjur.tls.ca_cert:
+    type: certificate
+    env_fields: {certificate: {env_file: CONCOURSE_CONJUR_CERT_FILE}}
     description: |
-      Content of the SSL cert used if conjur instance is using a self-signed cert.
+      A PEM-encoded CA cert to use to verify the Conjur server SSL cert. 
   conjur.auth.login:
     env: CONCOURSE_CONJUR_AUTHN_LOGIN
     description: |
diff --git a/jobs/web/templates/bpm.yml.erb b/jobs/web/templates/bpm.yml.erb
index a7582c8f5..a387828ee 100644
--- a/jobs/web/templates/bpm.yml.erb
+++ b/jobs/web/templates/bpm.yml.erb
@@ -303,10 +303,6 @@ processes:
     CONCOURSE_CONJUR_AUTHN_TOKEN_FILE: <%= env_flag(v).to_json %>
 <% end -%>
 
-<% if_p("conjur.cert_file") do |v| -%>
-    CONCOURSE_CONJUR_CERT_FILE: <%= env_flag(v).to_json %>
-<% end -%>
-
 <% if_p("conjur.pipeline_secret_template") do |v| -%>
     CONCOURSE_CONJUR_PIPELINE_SECRET_TEMPLATE: <%= env_flag(v).to_json %>
 <% end -%>
@@ -315,14 +311,14 @@ processes:
     CONCOURSE_CONJUR_SECRET_TEMPLATE: <%= env_flag(v).to_json %>
 <% end -%>
 
-<% if_p("conjur.ssl_certificate") do |v| -%>
-    CONCOURSE_CONJUR_SSL_CERTIFICATE: <%= env_flag(v).to_json %>
-<% end -%>
-
 <% if_p("conjur.team_secret_template") do |v| -%>
     CONCOURSE_CONJUR_TEAM_SECRET_TEMPLATE: <%= env_flag(v).to_json %>
 <% end -%>
 
+<% if_p("conjur.tls.ca_cert.certificate") do |v| -%>
+    CONCOURSE_CONJUR_CERT_FILE: <%= env_file_flag(v, "CONCOURSE_CONJUR_CERT_FILE").to_json %>
+<% end -%>
+
 <% if_p("container_placement_strategy") do |v| -%>
     CONCOURSE_CONTAINER_PLACEMENT_STRATEGY: <%= env_flag(v).to_json %>
 <% end -%>
diff --git a/jobs/web/templates/pre_start.erb b/jobs/web/templates/pre_start.erb
index a99b4c48a..befcfb0af 100644
--- a/jobs/web/templates/pre_start.erb
+++ b/jobs/web/templates/pre_start.erb
@@ -51,6 +51,9 @@ mkdir -p /var/vcap/jobs/web/config/env
 <% if_p("config_rbac") do |v| -%>
 <%= env_file_writer(v, "CONCOURSE_CONFIG_RBAC") %>
 <% end -%>
+<% if_p("conjur.tls.ca_cert.certificate") do |v| -%>
+<%= env_file_writer(v, "CONCOURSE_CONJUR_CERT_FILE") %>
+<% end -%>
 <% if_p("credhub.tls.ca_cert.certificate") do |v| -%>
 <%= env_file_writer(v, "CONCOURSE_CREDHUB_CA_CERT") %>
 <% end -%>