add the script to download certs and apply azure policy operation on …

…an AKS

Signed-off-by: Shahram Kalantari <[email protected]>

ratify-on-azure.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# CA_CRT_FILE="ca.crt"
+# CA_PEM_FILE="ca.pem"
+# TSA_CRT_FILE="tsa.crt"
+# TSA_PEM_FILE="tsa.pem"
+
+# # Download and process the CA certificate (mandatory)
+# curl -o $CA_CRT_FILE $CERT_URL_CA
+# openssl x509 -in $CA_CRT_FILE -out $CA_PEM_FILE -outform PEM
+
+# # Download and process the TSA certificate (optional)
+# if [[ -n "$CERT_URL_TSA" ]]; then
+#     echo "Downloading TSA certificate from $CERT_URL_TSA..."
+#     curl -o $TSA_CRT_FILE $CERT_URL_TSA
+#     openssl x509 -in $TSA_CRT_FILE -out $TSA_PEM_FILE -outform PEM
+#     TSA_HELM_ARG="--set-file notationCerts[1]=$TSA_PEM_FILE --set notation.trustPolicies[0].trustStores[1]=ca:notationCerts[1]"
+# else
+#     echo "TSA certificate URL not provided. Skipping TSA certificate configuration."
+#     TSA_HELM_ARG=""
+# fi
+
+# Get AKS credentials
+az aks get-credentials --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --overwrite-existing
+
+# Install Ratify using Helm
+helm repo add ratify https://deislabs.github.io/ratify
+helm repo update --namespace gatekeeper-system --create-namespace --set authProvider.azureWorkloadIdentity.clientID=$RATIFY_CLIENT_ID --set provider.enableMutation=$ENABLE_MUTATION --set featureFlags.RATIFY_CERT_ROTATION=$ENABLE_CERT_ROTATION
+