Merge pull request #2830 from cyberark/migrate-dockerv1-to-dockerv2

Change from docker-compose to docker compose in scripts

Author: iperalta7

UPGRADING.md

@@ -19,29 +19,29 @@ that was used when you originally deployed your Conjur server.
 
 3. Pull the new Conjur image version:
    ```
-   docker-compose pull conjur
+   docker compose pull conjur
    ```
 
 4. Stop the Conjur container:
    ```
-   docker-compose stop conjur
+   docker compose stop conjur
    ```
 
 5. Bring up the Conjur service using the new image version without changing
    linked services:
    ```
-   docker-compose up -d --no-deps conjur
+   docker compose up -d --no-deps conjur
    ```
 
 6. View Docker containers and verify all are healthy, up and running:
    ```
-   docker-compose ps -a
+   docker compose ps -a
    ```
 
    It may also be useful to check if Conjur started successfully, which can be
    done by running
    ```
-   $ docker-compose exec conjur conjurctl wait
+   $ docker compose exec conjur conjurctl wait
     Waiting for Conjur to be ready...
     ...
     Conjur is ready!
@@ -56,7 +56,7 @@ environment variable first, you will be able to complete the steps without an
 visible/explicit error message, but the logs of the new Conjur container will
 show an error like:
 ```
-$ docker-compose logs conjur_server
+$ docker compose logs conjur_server
 rake aborted!
 No CONJUR_DATA_KEY
 ...
@@ -66,7 +66,7 @@ To fix this, set the `CONJUR_DATA_KEY` environment variable and run through
 the [process](#standard-process) again. This time when you check the logs of the Conjur server
 container you should see the service starting as expected:
 ```
-$ docker-compose logs conjur_server
+$ docker compose logs conjur_server
 ...
 => Booting Puma
 => Rails 5.2.4.3 application starting in production 

ci/oauth/keycloak/keycloak_functions.sh

@@ -16,7 +16,7 @@ function _hydrate_keycloak_env_args() {
     set -o pipefail
     # Note: This prints all lines that look like:
     # KEYCLOAK_XXX=someval
-    docker-compose exec -T ${KEYCLOAK_SERVICE_NAME} printenv | awk '/KEYCLOAK/'
+    docker compose exec -T ${KEYCLOAK_SERVICE_NAME} printenv | awk '/KEYCLOAK/'
   )
 
   # shellcheck disable=SC2034
@@ -34,22 +34,22 @@ function _hydrate_keycloak_env_args() {
 # _create_keycloak_user '$APP_USER' '$APP_PW' '$APP_EMAIL'
 #
 # This is because those variables are not available to this script. They are
-# available to bash commands run via "docker-compose exec keycloak bash
+# available to bash commands run via "docker compose exec keycloak bash
 # -c...", since they're defined in the docker-compose.yml.
 function _create_keycloak_user() {
   local user_var=$1
   local pw_var=$2
   local email_var=$3
 
-  docker-compose exec -T \
+  docker compose exec -T \
     ${KEYCLOAK_SERVICE_NAME} \
     bash -c "/scripts/create_user \"$user_var\" \"$pw_var\" \"$email_var\""
 }
 
 function create_keycloak_users() {
   echo "Defining keycloak client"
 
-  docker-compose exec -T ${KEYCLOAK_SERVICE_NAME} /scripts/create_client
+  docker compose exec -T ${KEYCLOAK_SERVICE_NAME} /scripts/create_client
 
   echo "Creating user 'alice' in Keycloak"
 
@@ -80,7 +80,7 @@ function create_keycloak_users() {
 }
 
 function wait_for_keycloak_server() {
-  docker-compose exec -T \
+  docker compose exec -T \
     ${KEYCLOAK_SERVICE_NAME} /scripts/wait_for_server
 }
 
@@ -93,7 +93,7 @@ function fetch_keycloak_certificate() {
   read -ra parallel_services <<< "$(get_parallel_services 'conjur')"
 
   for parallel_service in "${parallel_services[@]}"; do
-    docker-compose exec -T \
+    docker compose exec -T \
       "${parallel_service}" /oauth/keycloak/scripts/fetch_certificate
   done
 }

ci/shared.sh

@@ -66,20 +66,20 @@ _run_cucumber_tests() {
   read -ra parallel_services <<< "$(get_parallel_services 'conjur pg')"
 
   if (( ${#services[@]} )); then
-    docker-compose up --no-deps --no-recreate -d "${parallel_services[@]}" "${services[@]}"
+    docker compose up --no-deps --no-recreate -d "${parallel_services[@]}" "${services[@]}"
   else
-    docker-compose up --no-deps --no-recreate -d "${parallel_services[@]}"
+    docker compose up --no-deps --no-recreate -d "${parallel_services[@]}"
   fi
 
   read -ra parallel_services <<< "$(get_parallel_services 'conjur')"
   for parallel_service in "${parallel_services[@]}"; do
-    docker-compose exec -T "$parallel_service" conjurctl wait --retries 180
+    docker compose exec -T "$parallel_service" conjurctl wait --retries 180
   done
 
   echo "Create cucumber account..."
 
   for parallel_service in "${parallel_services[@]}"; do
-    docker-compose exec -T "$parallel_service" conjurctl account create cucumber
+    docker compose exec -T "$parallel_service" conjurctl account create cucumber
   done
 
   # Stage 2: Prepare cucumber environment args
@@ -113,8 +113,8 @@ _run_cucumber_tests() {
   done
 
   # Add the cucumber env vars that we always want to send.
-  # Note: These are args for docker-compose run, and as such the right hand
-  # sides of the = do NOT require escaped quotes.  docker-compose takes the
+  # Note: These are args for docker compose run, and as such the right hand
+  # sides of the = do NOT require escaped quotes.  docker compose takes the
   # entire arg, splits on the =, and uses the rhs as the value,
   env_var_flags+=(
     -e "CUCUMBER_NETWORK=$(_find_cucumber_network)"
@@ -127,7 +127,7 @@ _run_cucumber_tests() {
   done
 
   # If there's no tty (e.g. we're running as a Jenkins job), pass -T to
-  # docker-compose.
+  # docker compose.
   run_flags=(--no-deps --rm)
   if ! tty -s; then
     run_flags+=(-T)
@@ -153,7 +153,7 @@ _run_cucumber_tests() {
 
   # Have to add tags in profile for parallel to run properly
   # ${cucumber_tags_arg} should overwrite the profile tags in a way for @smoke to work correctly
-  docker-compose run "${run_flags[@]}" "${env_var_flags[@]}" \
+  docker compose run "${run_flags[@]}" "${env_var_flags[@]}" \
     cucumber -ec "\
       /oauth/keycloak/scripts/fetch_certificate &&
       bundle exec parallel_cucumber . -n ${PARALLEL_PROCESSES} \
@@ -170,14 +170,14 @@ _run_cucumber_tests() {
   # process to write the report. The container is kept alive using an infinite
   # sleep in the at_exit hook (see .simplecov).
   for parallel_service in "${parallel_services[@]}"; do
-    docker-compose exec -T "$parallel_service" bash -c "pkill -f 'puma 5'"
+    docker compose exec -T "$parallel_service" bash -c "pkill -f 'puma 5'"
   done
 }
 
 _get_api_key() {
   local service=$1
 
-  docker-compose exec -T "${service}" conjurctl \
+  docker compose exec -T "${service}" conjurctl \
     role retrieve-key cucumber:user:admin | tr -d '\r'
 }
 
@@ -187,7 +187,7 @@ _find_cucumber_network() {
   # Docker compose conjur/pg services use the same
   # network for 1 or more instances so only conjur is passed
   # and not other parallel services.
-  conjur_id=$(docker-compose ps -q conjur)
+  conjur_id=$(docker compose ps -q conjur)
   net=$(docker inspect "${conjur_id}" --format '{{.HostConfig.NetworkMode}}')
 
   docker network inspect "$net" \
@@ -218,7 +218,7 @@ wait_for_cmd() {
 _wait_for_pg() {
   local svc=$1
   local pg_cmd=(psql -U postgres -c "select 1" -d postgres)
-  local dc_cmd=(docker-compose exec -T "$svc" "${pg_cmd[@]}")
+  local dc_cmd=(docker compose exec -T "$svc" "${pg_cmd[@]}")
 
   echo "Waiting for pg to come up..."
 
@@ -237,14 +237,14 @@ is_ldap_up() {
   # Note: We need the subshell to group the commands.
   (
     set -o pipefail
-    docker-compose exec -T ldap-server bash -c "$ldap_check_cmd" |
+    docker compose exec -T ldap-server bash -c "$ldap_check_cmd" |
     grep '^search: 3$'
   ) >/dev/null 2>&1
 }
 
 start_ldap_server() {
   # Start LDAP.
-  docker-compose up --no-deps --detach ldap-server
+  docker compose up --no-deps --detach ldap-server
 
   # Wait for up to 90 seconds, since it's slow.
   echo "Ensuring that LDAP is up..."

ci/test

@@ -117,7 +117,7 @@ finish() {
   # TODO: More reliable approach to this.
   # Give SimpleCov time to generate reports.
   sleep 15
-  docker-compose down --rmi 'local' --volumes || true
+  docker compose down --rmi 'local' --volumes || true
 }
 
 # main is always called with at least the first arg. When the 2nd arg, the

ci/test_suites/authenticators_jwt/test

@@ -10,14 +10,14 @@ source "./oauth/keycloak/keycloak_functions.sh"
 function main() {
   local parallel_services
   read -ra parallel_services <<< "$(get_parallel_services 'conjur pg')"
-  docker-compose up --no-deps -d "${parallel_services[@]}" jwks jwks_py keycloak
+  docker compose up --no-deps -d "${parallel_services[@]}" jwks jwks_py keycloak
 
   wait_for_keycloak_server
   create_keycloak_users
   fetch_keycloak_certificate
 
   echo "Configure jwks provider"
-  docker-compose exec -T jwks "${JWKS_CREATE_CERTIFICATE_SCRIPT_PATH}"
+  docker compose exec -T jwks "${JWKS_CREATE_CERTIFICATE_SCRIPT_PATH}"
 
   additional_services='jwks jwks_py keycloak'
   _run_cucumber_tests authenticators_jwt "$additional_services" \

ci/test_suites/authenticators_oidc/test

@@ -17,7 +17,7 @@ function _hydrate_all_env_args() {
     set -o pipefail
     # Note: This prints all lines that look like:
     # KEYCLOAK_XXX=someval
-    docker-compose exec -T "${KEYCLOAK_SERVICE_NAME}" printenv | awk '/KEYCLOAK/'
+    docker compose exec -T "${KEYCLOAK_SERVICE_NAME}" printenv | awk '/KEYCLOAK/'
   )
 
   # shellcheck disable=SC2034
@@ -38,7 +38,7 @@ function _hydrate_all_env_args() {
 function main() {
   local parallel_services
   read -ra parallel_services <<< "$(get_parallel_services 'conjur pg')"
-  docker-compose up --no-deps -d "${parallel_services[@]}" keycloak
+  docker compose up --no-deps -d "${parallel_services[@]}" keycloak
 
   # We also run an ldap-server container for testing the OIDC & LDAP combined
   # use-case.  We can't run this use-case in a separate Jenkins step because

ci/test_suites/rspec/test

@@ -6,13 +6,13 @@ set -e
 # shellcheck disable=SC1091
 source "./shared.sh"
 
-docker-compose up --no-deps -d pg
+docker compose up --no-deps -d pg
 
 _wait_for_pg pg
 
 # Note: The nested, escaped double quotes are needed in case $REPORT_ROOT
 # ever changes to a path containing a space.
-docker-compose run -T --rm --no-deps cucumber -ec "
+docker compose run -T --rm --no-deps cucumber -ec "
   bundle exec rake db:migrate
 
   rm -rf \"$REPORT_ROOT/spec/reports\"

ci/test_suites/rspec_audit/test

@@ -7,15 +7,15 @@ set -e
 source "./shared.sh"
 
 # Start Conjur with the audit database
-docker-compose up --no-deps -d audit pg
+docker compose up --no-deps -d audit pg
 
 _wait_for_pg audit
 
 # Note: The nested double quotes are needed for the first command involving
 # $REPORT_ROOT but not for the 2nd one where it appears in the variable
 # assignment.
 AUDIT_DATABASE_URL=postgres://postgres@audit/postgres \
-  docker-compose run \
+  docker compose run \
     -T --rm --no-deps --workdir=/src/conjur-server cucumber -ec "
       pwd
       ci/rspec-audit/migratedb

dev/cli

@@ -196,7 +196,7 @@ function add_keycloak_env_vars_to_env_args() {
   echo "Extracting keycloak variables & setting as env variables"
 
   local keycloak_env_args=''
-  keycloak_env_args="$(set -o pipefail; docker-compose exec -T keycloak printenv | grep KEYCLOAK | sed 's/.*/-e &/') \
+  keycloak_env_args="$(set -o pipefail; docker compose exec -T keycloak printenv | grep KEYCLOAK | sed 's/.*/-e &/') \
                      -e PROVIDER_URI=https://keycloak:8443/auth/realms/master \
                      -e PROVIDER_INTERNAL_URI=http://keycloak:8080/auth/realms/master/protocol/openid-connect \
                      -e PROVIDER_ISSUER=http://keycloak:8080/auth/realms/master \
@@ -234,7 +234,7 @@ while true ; do
   case "$1" in
     -h | --help ) print_help ; shift ;;
     exec )
-      api_key=$(docker-compose exec -T conjur conjurctl role retrieve-key cucumber:user:admin | tr -d '\r')
+      api_key=$(docker compose exec -T conjur conjurctl role retrieve-key cucumber:user:admin | tr -d '\r')
       env_args="-e CONJUR_AUTHN_API_KEY=$api_key"
 
       case "$2" in
@@ -246,18 +246,18 @@ while true ; do
         * ) if [ -z "$2" ]; then shift ; else echo "$2 is not a valid option"; exit 1; fi;;
       esac
 
-      docker exec $env_args -it --detach-keys 'ctrl-\' $(docker-compose ps -q conjur) bash
+      docker exec "$env_args" -it --detach-keys "ctrl-\'" "$(docker compose ps -q conjur)" bash
      shift ;;
     policy )
       case "$2" in
         load )
           account="$3"
           policy_file=$4
-          docker-compose exec conjur conjurctl policy load "$account" "/src/conjur-server/$policy_file"
+          docker compose exec conjur conjurctl policy load "$account" "/src/conjur-server/$policy_file"
           shift 4 ;;
         * ) if [ -z "$1" ]; then break; else echo "$1 is not a valid option"; exit 1; fi;;
       esac ;;
-    key ) docker-compose exec -T conjur conjurctl role retrieve-key cucumber:user:admin ; shift ;;
+    key ) docker compose exec -T conjur conjurctl role retrieve-key cucumber:user:admin ; shift ;;
      * ) if [ -z "$1" ]; then break; else echo "$1 is not a valid option"; exit 1; fi;;
   esac
 done