-
Notifications
You must be signed in to change notification settings - Fork 66
/
vault-functions.sh
68 lines (55 loc) · 1.38 KB
/
vault-functions.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# these are standard bash functions meant to be used by other clustered
# services used for vault service discovery
# ENV VARS
VAULT_GIT_DIR="${HOME}/git/github/docker-compose-ha-consul-vault-ui"
export VAULT_GIT_DIR
# AUTH FUNCTIONS
function set_vault_addr() {
VAULT_ADDR='http://active.vault.service.consul:8200'
export VAULT_ADDR
}
function set_vault_admin_token() {
if [ "$#" -gt 0 ]; then
VAULT_TOKEN="$(get_admin_token "$@")"
else
VAULT_TOKEN="$(get_admin_token)"
fi
export VAULT_TOKEN
}
function set_vault_infra_token() {
VAULT_TOKEN="$(get_infra_token)"
export VAULT_TOKEN
}
function get_admin_token() (
cd_vault
./scripts/get-admin-token.sh "$@"
)
function get_infra_token() (
execute_vault_command vault write auth/approle/login role_id=docker | \
awk '$1 == "token" { print $2; exit }'
)
function revoke_self() (
execute_vault_command vault token revoke -self >&2 | xargs echo
)
# UTILITY FUNCTIONS
function execute_vault_command() (
if vault_git_dir_available; then
cd_vault
docker compose exec -Te VAULT_TOKEN vault "$@"
else
"$@"
fi
)
function vault_git_dir_available() {
[ -d "${VAULT_GIT_DIR}" ]
}
function cd_vault() {
cd "${VAULT_GIT_DIR}"
}
function random_password() {
local chars='-;.~,.<>[]{}!@#$%^&*()_+=`0-9a-zA-Z'
if [ -n "${1:-}" ]; then
chars="${1}"
fi
tr -dc -- "${chars}" < /dev/urandom | head -c64;echo
}