-
Notifications
You must be signed in to change notification settings - Fork 15
/
utils.sh
executable file
·195 lines (161 loc) · 4.59 KB
/
utils.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
#!/bin/bash
PLATFORM="${PLATFORM:-kubernetes}" # default to kubernetes if not set
DEPLOY_MASTER_CLUSTER="${DEPLOY_MASTER_CLUSTER:-false}"
FOLLOWER_USE_VOLUMES="${FOLLOWER_USE_VOLUMES:-false}"
MINI_ENV="${MINI_ENV:-false}"
DEV="${DEV:-false}"
if [[ "$MINI_ENV" == "true" || "$DEV" == "true" ]]; then
IMAGE_PULL_POLICY='Never'
else
IMAGE_PULL_POLICY='Always'
fi
if [ $PLATFORM = 'kubernetes' ]; then
cli=kubectl
elif [ $PLATFORM = 'openshift' ]; then
cli=oc
else
echo "$PLATFORM is not a supported platform"
exit 1
fi
check_env_var() {
var_name=$1
if [ "${!var_name}" = "" ]; then
echo "You must set $1 before running these scripts."
exit 1
fi
}
announce() {
echo "++++++++++++++++++++++++++++++++++++++"
echo ""
echo "$@"
echo ""
echo "++++++++++++++++++++++++++++++++++++++"
}
# Internal is used as an indicator for OC4 to pull images from internal docker registry path
# instead of the external path, used in the push images stage, thus reducing the need to be set in "insecure-registries"
platform_image() {
local internal=${2:-false}
if [ $PLATFORM = "openshift" ]; then
if ! [ -z ${OPENSHIFT_VERSION+x} ] && [[ $OPENSHIFT_VERSION =~ ^4 ]] && [[ "$internal" == "true" ]]; then
echo "image-registry.openshift-image-registry.svc:5000/$CONJUR_NAMESPACE_NAME/$1:$CONJUR_NAMESPACE_NAME"
else
echo "$DOCKER_REGISTRY_PATH/$CONJUR_NAMESPACE_NAME/$1:$CONJUR_NAMESPACE_NAME"
fi
elif [ ! is_minienv ] || [ "${DEV}" = "false" ]; then
echo "$DOCKER_REGISTRY_PATH/$1:$CONJUR_NAMESPACE_NAME"
else
echo "$1:$CONJUR_NAMESPACE_NAME"
fi
}
has_namespace() {
if $cli get namespace "$1" &> /dev/null; then
true
else
false
fi
}
has_serviceaccount() {
$cli get serviceaccount "$1" &> /dev/null;
}
copy_file_to_container() {
local from=$1
local to=$2
local pod_name=$3
$cli cp "$from" $pod_name:"$to"
}
get_master_pod_name() {
pod_list=$($cli get pods -l app=conjur-node --no-headers | awk '{ print $1 }')
echo $pod_list | awk '{print $1}'
}
get_master_service_ip() {
echo $($cli get service conjur-master -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
}
mastercmd() {
local master_pod=$($cli get pod -l role=master --no-headers | awk '{ print $1 }')
local interactive=$1
if [ $interactive = '-i' ]; then
shift
$cli exec -i $master_pod -- $@
else
$cli exec $master_pod -- $@
fi
}
get_conjur_cli_pod_name() {
pod_list=$($cli get pods -l app=conjur-cli --no-headers | awk '{ print $1 }')
echo $pod_list | awk '{print $1}'
}
get_test_curl_pod_name() {
pod_list=$($cli get pods -l app=test-curl --no-headers | awk '{ print $1 }')
echo $pod_list | awk '{print $1}'
}
set_namespace() {
if [[ $# != 1 ]]; then
printf "Error in %s/%s - expecting 1 arg.\n" $(pwd) $0
exit -1
fi
$cli config set-context $($cli config current-context) --namespace="$1" > /dev/null
}
wait_for_node() {
wait_for_it -1 "$cli describe pod $1 | grep Status: | grep -q Running"
}
wait_for_service() {
wait_for_it -1 "$cli get service $1 --no-headers | grep -q -v pending"
}
wait_for_it() {
local timeout=$1
local spacer=2
shift
if ! [ $timeout = '-1' ]; then
local times_to_run=$((timeout / spacer))
echo "Waiting for '$@' up to $timeout s"
for i in $(seq $times_to_run); do
eval $@ > /dev/null && echo 'Success!' && return 0
echo -n .
sleep $spacer
done
# Last run evaluated. If this fails we return an error exit code to caller
eval $@
else
echo "Waiting for '$@' forever"
while ! eval $@ > /dev/null; do
echo -n .
sleep $spacer
done
echo 'Success!'
fi
}
rotate_api_key() {
set_namespace $CONJUR_NAMESPACE_NAME
master_pod_name=$(get_master_pod_name)
$cli exec $master_pod_name -- conjur authn login -u admin -p $CONJUR_ADMIN_PASSWORD > /dev/null
api_key=$($cli exec $master_pod_name -- conjur user rotate_api_key)
$cli exec $master_pod_name -- conjur authn logout > /dev/null
echo $api_key
}
is_minienv() {
if [[ "$MINI_ENV" == "false" ]]; then
false
else
true
fi
}
set_conjur_pod_log_level() {
pod_name=$1
conjur_log_level=${CONJUR_LOG_LEVEL:-}
if [ -n "$conjur_log_level" ]; then
echo "Setting CONJUR_LOG_LEVEL to $conjur_log_level in $pod_name"
$cli exec $pod_name -- evoke variable set CONJUR_LOG_LEVEL $conjur_log_level
else
echo "Not setting log level as CONJUR_LOG_LEVEL is not set in the env"
fi
}
oc_login() {
echo "Logging in as cluster admin..."
set +x
if [ -z ${OPENSHIFT_PASSWORD+x} ]; then
oc login -u $OPENSHIFT_USERNAME
else
oc login -u $OPENSHIFT_USERNAME -p $OPENSHIFT_PASSWORD
fi
set -x
}