+ popd
+}
+
+function destroy_sut {
+ pushd ${WORKSPACE}/icn
+ ./tools/vagrant/destroy.rb
+ popd
+}
+
+function install_jenkins_identity_into_sut {
+ echo "[ICN] Installing jenkins identity into test cluster"
+ cp ${WORKSPACE}/icn/deploy/site/vm/id_rsa site-vm-rsa
+ chmod 0600 site-vm-rsa
+ ssh-keygen -f ${CLUSTER_SSH_KEY} -y > ${CLUSTER_SSH_KEY}.pub
+ ssh-copy-id -i ${CLUSTER_SSH_KEY} -f ${CLUSTER_SSH_USER}@${CLUSTER_MASTER_IP} -o IdentityFile=site-vm-rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
+}
+
+function patch_validation {
+ echo "[ICN] Patching validation repository"
+ # The conformance (sonobuoy) test is not required by the security
+ # scan, the service CIDR needs to be specified for inside-a-pod
+ # kube-hunter scanning, and a recent kube-hunter is needed to
+ # support K8s 1.21
+ cat <<'EOF' | patch -p1
+diff --git a/bluval/bluval-icn.yaml b/bluval/bluval-icn.yaml
+index 9d190bc..0b0e5fa 100644
+--- a/bluval/bluval-icn.yaml
++++ b/bluval/bluval-icn.yaml
+@@ -15,10 +15,6 @@ blueprint:
+ optional: "False"