camunda · leiicamundi · Nov 22, 2024 · Nov 21, 2024 · Nov 22, 2024
diff --git a/README.md b/README.md
@@ -40,13 +40,13 @@ It verifies the presence and readiness of required containers within the deploym
 
 ##### Usage:
 ```bash
-Usage: ./checks/kube/deployment.sh [-h] [-n NAMESPACE] [-d HELM_DEPLOYMENT_NAME] [-l] [-c REQUIRED_CONTAINERS]
+Usage: ./checks/kube/deployment.sh [-h] [-n NAMESPACE] [-d HELM_DEPLOYMENT_NAME]
 Options:
   -h                              Display this help message
   -n NAMESPACE                    Specify the namespace to use
   -d HELM_DEPLOYMENT_NAME         Specify the name of the helm deployment (default: camunda)
   -l                              Skip checks of the helm deployment (default: 0)
-  -c REQUIRED_CONTAINERS          Specify the list of containers to check (comma-separated, default: console connector web-modeler optimize zeebe zeebe-gateway)
+  -c                              Specify the list of containers to check (comma-separated, default: connector,optimize,zeebe,zeebe-gateway)
 ```
 
 ##### Example:
@@ -68,14 +68,17 @@ Please note that this check requires Helm to be deployed directly; using `helm t
 
 ##### Usage:
 ```bash
-Usage: ./checks/kube/aws-irsa.sh [-h] [-n NAMESPACE] [-e EXCLUDE_COMPONENTS] [-p COMPONENTS_PG] [-l COMPONENTS_OS] [-s]
+Usage: ./checks/kube/aws-irsa.sh [-h] [-n NAMESPACE] [-e EXCLUDE_COMPONENTS] [-p] [-l] [-s]
 Options:
   -h                              Display this help message
-  -n NAMESPACE                    Specify the namespace to use
-  -e EXCLUDE_COMPONENTS           Comma-separated list of components to exclude from the check (reference of the component is the root key used in the chart)
-  -p COMPONENTS_PG                Comma-separated list of components to check IRSA for PostgreSQL (overrides default list)
-  -l COMPONENTS_OS                Comma-separated list of components to check IRSA for OpenSearch (overrides default list)
-  -s                              Disable pod spawn for IRSA and network flow verification
+  -n NAMESPACE                    Specify the namespace to use (required)
+  -e EXCLUDE_COMPONENTS           Comma-separated list of Components to exclude from the check (reference of the component is the root key used in the chart)
+  -p                              Comma-separated list of Components to check IRSA for PostgreSQL (overrides default list: identityKeycloak,identity,webModeler)
+  -l                              Comma-separated list of Components to check IRSA for OpenSearch (overrides default list: zeebe,operate,tasklist,optimize)
+  -s                              Disable pod spawn for IRSA and connectivity verification.
+                                  By default, the script spawns jobs in the specified namespace to perform
+                                  IRSA checks and network connectivity tests. These jobs use the amazonlinux:latest
+                                  image and scan with nmap to verify connectivity.
 ```
 
 ##### Example:
@@ -106,7 +109,7 @@ It checks for the presence of services and ingresses that conform to the require
 
 ##### Usage:
 ```bash
-Usage: ./checks/kube/connectivity.sh [-h] [-n NAMESPACE] [-i]
+Usage: ./checks/kube/connectivity.sh [-h] [-n NAMESPACE]
 Options:
   -h                              Display this help message
   -n NAMESPACE                    Specify the namespace to use
@@ -134,15 +137,16 @@ This script retrieves an access token from an authorization server using client
 ##### Usage:
 ```bash
 Usage: ./checks/zeebe/token.sh [-h] [-a ZEEBE_AUTHORIZATION_SERVER_URL] [-i ZEEBE_CLIENT_ID] [-s ZEEBE_CLIENT_SECRET] [-u ZEEBE_TOKEN_AUDIENCE]
+       [-k] [-r CACERT] [-j CLIENTCERT]
 Options:
   -h                                  Display this help message
-  -a ZEEBE_AUTHORIZATION_SERVER_URL   Specify the authorization server URL (e.g.: https://local.distro.ultrawombat.com/auth/realms/camunda-platform/protocol/openid-connect/token)
+  -a ZEEBE_AUTHORIZATION_SERVER_URL   Specify the authorization server URL (e.g., https://local.distro.ultrawombat.com/auth/realms/camunda-platform/protocol/openid-connect/token)
   -i ZEEBE_CLIENT_ID                  Specify the client ID
   -s ZEEBE_CLIENT_SECRET              Specify the client secret
   -u ZEEBE_TOKEN_AUDIENCE             Specify the token audience
   -k                                  Skip TLS verification (insecure mode)
-  -r CACERT                           Specify the path to CA certificate file
-  -j CLIENTCERT                       Specify the path to client certificate file
+  -r CACERT                           Specify the path to the CA certificate file
+  -j CLIENTCERT                       Specify the path to the client certificate file
 ```
 
 ##### Example:
@@ -163,20 +167,22 @@ This script verifies connectivity to a Zeebe Gateway instance using HTTP/2 and g
 
 ##### Usage:
 ```bash
-Usage: ./checks/zeebe/connectivity.sh [-h] [-H ZEEBE_HOST]
+Usage: ./checks/zeebe/connectivity.sh [-h] [-H ZEEBE_HOST] [-p ZEEBE_VERSION] [-f PROTO_FILE] [-k] [-r CACERT] [-j CLIENTCERT]
+       [-a ZEEBE_AUTHORIZATION_SERVER_URL] [-i ZEEBE_CLIENT_ID] [-s ZEEBE_CLIENT_SECRET]
+       [-u ZEEBE_TOKEN_AUDIENCE] [-q API_PROTOCOL]
 Options:
   -h                                    Display this help message
   -H ZEEBE_HOST                         Specify the Zeebe host with the port (e.g., zeebe.c8.camunda.example.com:443)
-  -p ZEEBE_VERSION                      Specify the Zeebe version (default is latest version: 8.x.x)
-  -f PROTO_FILE                         Specify the path to gateway.proto file or leave empty to download it (default behavior is to download the protofile)
+  -p ZEEBE_VERSION                      Specify the Zeebe version (default is the latest version: 8.6.5)
+  -f PROTO_FILE                         Specify the path to the gateway.proto file or leave empty to download it (default behavior is to download the proto file)
   -k                                    Skip TLS verification (insecure mode)
-  -r CACERT                             Specify the path to CA certificate file
-  -j CLIENTCERT                         Specify the path to Client certificate file
-  -a ZEEBE_AUTHORIZATION_SERVER_URL     Specify the authorization server URL (e.g.: https://local.distro.example.com/auth/realms/camunda-platform/protocol/openid-connect/token)
+  -r CACERT                             Specify the path to the CA certificate file
+  -j CLIENTCERT                         Specify the path to the client certificate file
+  -a ZEEBE_AUTHORIZATION_SERVER_URL     Specify the authorization server URL (e.g., https://local.distro.example.com/auth/realms/camunda-platform/protocol/openid-connect/token)
   -i ZEEBE_CLIENT_ID                    Specify the client ID
   -s ZEEBE_CLIENT_SECRET                Specify the client secret
   -u ZEEBE_TOKEN_AUDIENCE               Specify the token audience
-  -q API_PROTOCOL                       Specify the API protocol (e.g. http or grpc - default is grpc)
+  -q API_PROTOCOL                       Specify the API protocol (e.g., http or grpc - default is grpc)
 ```
 
 ##### Example:

diff --git a/checks/kube/aws-irsa.sh b/checks/kube/aws-irsa.sh
@@ -9,7 +9,7 @@ DIR_NAME=$(dirname "$0")
 LVL_1_SCRIPT_NAME="$DIR_NAME/$SCRIPT_NAME"
 
 # Default variables
-NAMESPACE=""
+NAMESPACE="${NAMESPACE:-""}"
 SCRIPT_STATUS_OUTPUT=0
 CHART_NAME="camunda-platform"
 SPAWN_POD=true  # By default, the pod will spawn for verification
@@ -21,7 +21,7 @@ COMPONENTS_TO_CHECK_IRSA_OS="zeebe,operate,tasklist,optimize"
 # The second list is for components that need IRSA to authenticate to PostgreSQL
 COMPONENTS_TO_CHECK_IRSA_PG="identityKeycloak,identity,webModeler"
 
-EXCLUDE_COMPONENTS=""
+EXCLUDE_COMPONENTS="${EXCLUDE_COMPONENTS:-""}"
 
 
 # Associative array for case-insensitive component mapping
@@ -41,13 +41,13 @@ REQUIRED_AWSCLI_VERSION_V1="1.27.160"
 
 # Usage message
 usage() {
-    echo "Usage: $0 [-h] [-n NAMESPACE] [-e EXCLUDE_COMPONENTS] [-p COMPONENTS_PG] [-l COMPONENTS_OS] [-s]"
+    echo "Usage: $0 [-h] [-n NAMESPACE] [-e EXCLUDE_COMPONENTS] [-p] [-l] [-s]"
     echo "Options:"
     echo "  -h                              Display this help message"
     echo "  -n NAMESPACE                    Specify the namespace to use (required)"
     echo "  -e EXCLUDE_COMPONENTS           Comma-separated list of Components to exclude from the check (reference of the component is the root key used in the chart)"
-    echo "  -p COMPONENTS_PG                Comma-separated list of Components to check IRSA for PostgreSQL (overrides default list: $COMPONENTS_TO_CHECK_IRSA_PG)"
-    echo "  -l COMPONENTS_OS                Comma-separated list of Components to check IRSA for OpenSearch (overrides default list: $COMPONENTS_TO_CHECK_IRSA_OS)"
+    echo "  -p                              Comma-separated list of Components to check IRSA for PostgreSQL (overrides default list: $COMPONENTS_TO_CHECK_IRSA_PG)"
+    echo "  -l                              Comma-separated list of Components to check IRSA for OpenSearch (overrides default list: $COMPONENTS_TO_CHECK_IRSA_OS)"
     echo "  -s                              Disable pod spawn for IRSA and connectivity verification."
     echo "                                  By default, the script spawns jobs in the specified namespace to perform"
     echo "                                  IRSA checks and network connectivity tests. These jobs use the amazonlinux:latest"

diff --git a/checks/kube/connectivity.sh b/checks/kube/connectivity.sh
@@ -8,11 +8,11 @@ DIR_NAME=$(dirname "$0")
 LVL_1_SCRIPT_NAME="$DIR_NAME/$SCRIPT_NAME"
 
 # Define default variables
-NAMESPACE=""
+NAMESPACE="${NAMESPACE:-""}"
 SKIP_CHECK_INGRESS_CLASS=0
 
 usage() {
-    echo "Usage: $0 [-h] [-n NAMESPACE] [-d HELM_DEPLOYMENT_NAME]"
+    echo "Usage: $0 [-h] [-n NAMESPACE]"
     echo "Options:"
     echo "  -h                              Display this help message"
     echo "  -n NAMESPACE                    Specify the namespace to use"

diff --git a/checks/kube/deployment.sh b/checks/kube/deployment.sh
@@ -8,10 +8,13 @@ DIR_NAME=$(dirname "$0")
 LVL_1_SCRIPT_NAME="$DIR_NAME/$SCRIPT_NAME"
 
 # Define default variables
-NAMESPACE=""
-HELM_DEPLOYMENT_NAME="camunda"
+NAMESPACE="${NAMESPACE:-""}"
+HELM_DEPLOYMENT_NAME="${HELM_DEPLOYMENT_NAME:-"camunda"}"
 SKIP_CHECK_HELM_DEPLOYMENT=0
-REQUIRED_CONTAINERS=("connector" "optimize" "zeebe" "zeebe-gateway")
+
+DEFAULT_REQUIRED_CONTAINERS="connector,optimize,zeebe,zeebe-gateway"
+REQUIRED_CONTAINERS=()
+IFS=',' read -ra REQUIRED_CONTAINERS <<< "$DEFAULT_REQUIRED_CONTAINERS"
 
 usage() {
     echo "Usage: $0 [-h] [-n NAMESPACE] [-d HELM_DEPLOYMENT_NAME]"
@@ -20,7 +23,7 @@ usage() {
     echo "  -n NAMESPACE                    Specify the namespace to use"
     echo "  -d HELM_DEPLOYMENT_NAME         Specify the name of the helm deployment (default: $HELM_DEPLOYMENT_NAME)"
     echo "  -l                              Skip checks of the helm deployment (default: $SKIP_CHECK_HELM_DEPLOYMENT)"
-    echo "  -c REQUIRED_CONTAINERS          Specify the list of containers to check (comma-separated, default: ${REQUIRED_CONTAINERS[*]})"
+    echo "  -c                              Specify the list of containers to check (comma-separated, default: ${DEFAULT_REQUIRED_CONTAINERS})"
     exit 1
 }
 

diff --git a/checks/zeebe/connectivity.sh b/checks/zeebe/connectivity.sh
@@ -8,42 +8,44 @@ DIR_NAME=$(dirname "$0")
 LVL_1_SCRIPT_NAME="$DIR_NAME/$SCRIPT_NAME"
 
 # Define default variables
-ZEEBE_HOST=""
-PROTO_FILE=""
+ZEEBE_HOST="${ZEEBE_HOST:-""}"
+PROTO_FILE="${PROTO_FILE:-""}"
 SKIP_TLS_VERIFICATION=""
 EXTRA_FLAGS_CURL=""
 EXTRA_FLAGS_GRPCURL=""
 EXTRA_FLAGS_ZBCTL=""
 EXTRA_FLAGS_TOKEN=""
-CACERT=""
-CLIENTCERT=""
-ZEEBE_AUTHORIZATION_SERVER_URL=""
-ZEEBE_CLIENT_ID=""
-ZEEBE_CLIENT_SECRET=""
-ZEEBE_TOKEN_AUDIENCE=""
-ZEEBE_TOKEN_SCOPE="camunda-identity"
-API_PROTOCOL="grpc"
+CACERT="${CACERT:-""}"
+CLIENTCERT="${CLIENTCERT:-""}"
+ZEEBE_AUTHORIZATION_SERVER_URL="${ZEEBE_AUTHORIZATION_SERVER_URL:-""}"
+ZEEBE_CLIENT_ID="${ZEEBE_CLIENT_ID:-""}"
+ZEEBE_CLIENT_SECRET="${ZEEBE_CLIENT_SECRET:-""}"
+ZEEBE_TOKEN_AUDIENCE="${ZEEBE_TOKEN_AUDIENCE:-""}"
+ZEEBE_TOKEN_SCOPE="${ZEEBE_TOKEN_SCOPE:-"camunda-identity"}"
+API_PROTOCOL="${API_PROTOCOL:-"grpc"}"
 
 # renovate: datasource=github-releases depName=camunda/zeebe
-ZEEBE_VERSION="8.6.5"
+ZEEBE_DEFAULT_VERSION="8.6.5"
+ZEEBE_VERSION="${ZEEBE_VERSION:-$ZEEBE_DEFAULT_VERSION}"
 
 # Function to display script usage
 usage() {
-    echo "Usage: $0 [-h] [-H ZEEBE_HOST]"
+    echo "Usage: $0 [-h] [-H ZEEBE_HOST] [-p ZEEBE_VERSION] [-f PROTO_FILE] [-k] [-r CACERT] [-j CLIENTCERT]"
+    echo "       [-a ZEEBE_AUTHORIZATION_SERVER_URL] [-i ZEEBE_CLIENT_ID] [-s ZEEBE_CLIENT_SECRET]"
+    echo "       [-u ZEEBE_TOKEN_AUDIENCE] [-q API_PROTOCOL]"
     echo "Options:"
     echo "  -h                                    Display this help message"
     echo "  -H ZEEBE_HOST                         Specify the Zeebe host with the port (e.g., zeebe.c8.camunda.example.com:443)"
-    echo "  -p ZEEBE_VERSION                      Specify the Zeebe version (default is latest version: $ZEEBE_VERSION)"
-    echo "  -f PROTO_FILE                         Specify the path to gateway.proto file or leave empty to download it (default behavior is to download the protofile)"
+    echo "  -p ZEEBE_VERSION                      Specify the Zeebe version (default is the latest version: $ZEEBE_VERSION)"
+    echo "  -f PROTO_FILE                         Specify the path to the gateway.proto file or leave empty to download it (default behavior is to download the proto file)"
     echo "  -k                                    Skip TLS verification (insecure mode)"
-    echo "  -r CACERT                             Specify the path to CA certificate file"
-    echo "  -j CLIENTCERT                         Specify the path to Client certificate file"
-    echo "  -a ZEEBE_AUTHORIZATION_SERVER_URL     Specify the authorization server URL (e.g.: https://local.distro.example.com/auth/realms/camunda-platform/protocol/openid-connect/t
-oken)"
+    echo "  -r CACERT                             Specify the path to the CA certificate file"
+    echo "  -j CLIENTCERT                         Specify the path to the client certificate file"
+    echo "  -a ZEEBE_AUTHORIZATION_SERVER_URL     Specify the authorization server URL (e.g., https://local.distro.example.com/auth/realms/camunda-platform/protocol/openid-connect/token)"
     echo "  -i ZEEBE_CLIENT_ID                    Specify the client ID"
     echo "  -s ZEEBE_CLIENT_SECRET                Specify the client secret"
     echo "  -u ZEEBE_TOKEN_AUDIENCE               Specify the token audience"
-    echo "  -q API_PROTOCOL                       Specify the API protocol (e.g. http or grpc - default is grpc)"
+    echo "  -q API_PROTOCOL                       Specify the API protocol (e.g., http or grpc - default is grpc)"
     exit 1
 }
 

diff --git a/checks/zeebe/token.sh b/checks/zeebe/token.sh
@@ -8,28 +8,28 @@ DIR_NAME=$(dirname "$0")
 LVL_1_SCRIPT_NAME="$DIR_NAME/$SCRIPT_NAME"
 
 # Define default variables
-ZEEBE_AUTHORIZATION_SERVER_URL=""
-ZEEBE_CLIENT_ID=""
-ZEEBE_CLIENT_SECRET=""
-ZEEBE_TOKEN_AUDIENCE=""
+ZEEBE_AUTHORIZATION_SERVER_URL="${ZEEBE_AUTHORIZATION_SERVER_URL:-""}"
+ZEEBE_CLIENT_ID="${ZEEBE_CLIENT_ID:-""}"
+ZEEBE_CLIENT_SECRET="${ZEEBE_CLIENT_SECRET:-""}"
+ZEEBE_TOKEN_AUDIENCE="${ZEEBE_TOKEN_AUDIENCE:-""}"
 SKIP_TLS_VERIFICATION=""
-CACERT=""
-CLIENTCERT=""
+CACERT="${CACERT:-""}"
+CLIENTCERT="${CLIENTCERT:-""}"
 EXTRA_FLAGS_CURL=""
 
 # Function to display script usage
 usage() {
-    echo "Usage: $0 [-h] [-a AUTH_SERVER_URL] [-i CLIENT_ID] [-s CLIENT_SECRET] [-u TOKEN_AUDIENCE]"
+    echo "Usage: $0 [-h] [-a ZEEBE_AUTHORIZATION_SERVER_URL] [-i ZEEBE_CLIENT_ID] [-s ZEEBE_CLIENT_SECRET] [-u ZEEBE_TOKEN_AUDIENCE]"
+    echo "       [-k] [-r CACERT] [-j CLIENTCERT]"
     echo "Options:"
     echo "  -h                                  Display this help message"
-    echo "  -a ZEEBE_AUTHORIZATION_SERVER_URL   Specify the authorization server URL (e.g.: https://local.distro.ultrawombat.com/auth/realms/camunda-platform/protocol/openid-connect/t
-oken)"
+    echo "  -a ZEEBE_AUTHORIZATION_SERVER_URL   Specify the authorization server URL (e.g., https://local.distro.ultrawombat.com/auth/realms/camunda-platform/protocol/openid-connect/token)"
     echo "  -i ZEEBE_CLIENT_ID                  Specify the client ID"
     echo "  -s ZEEBE_CLIENT_SECRET              Specify the client secret"
     echo "  -u ZEEBE_TOKEN_AUDIENCE             Specify the token audience"
     echo "  -k                                  Skip TLS verification (insecure mode)"
-    echo "  -r CACERT                           Specify the path to CA certificate file"
-    echo "  -j CLIENTCERT                       Specify the path to client certificate file"
+    echo "  -r CACERT                           Specify the path to the CA certificate file"
+    echo "  -j CLIENTCERT                       Specify the path to the client certificate file"
     exit 1
 }