luzifer/cfg
1
0
Fork 0
Code Releases Activity

Improve local-vault-auth script

Browse Source 
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2018-01-13 15:47:09 +01:00
parent 5983071082
commit 085969a278
Signed by: luzifer
GPG Key ID: DC2729FDD34BE99E
2 changed files with 33 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
bin/local-vault-auth
View File

@ -1,42 +1,44 @@
#!/bin/bash #!/bin/bash
set -euo pipefail
set -e function require_gotool {
set -o pipefail toolname=$(basename $1)
if ! ( which ${toolname} >/dev/null 2>&1 ); then
function downloadVaultUserToken { go version || { echo "${basename} not found and no usable go environment"; exit 1; }
os=$(uname | awk '{print tolower($0)}') go get -u $1
curl -sSLfo ${HOME}/bin/vault-user-token \ fi
https://github.com/Luzifer/vault-user-token/releases/download/${VAULT_USER_TOKEN_VERSION}/vault-user-token_${os}_amd64
chmod 0755 ${HOME}/bin/vault-user-token
} }
source ${HOME}/.config/vault-user-token require_gotool github.com/Luzifer/vault-user-token
if ! (vault token-lookup 1>/dev/null 2>&1); then source "${HOME}/.config/vault-user-token"
echo "Vault is not authenticated, trying to authenticate... " source "${HOME}/bin/script_framework.sh"
[ -f ${HOME}/bin/vault-user-token ] || downloadVaultUserToken # Check whether a valid token is available
( test "$(${HOME}/bin/vault-user-token --version)" == "vault-user-token ${VAULT_USER_TOKEN_VERSION}" ) || downloadVaultUserToken ( vault token-lookup >/dev/null 2>&1 ) && exit 0
${HOME}/bin/vault-user-token --full-hostname=false & step "Vault is not authenticated, trying to authenticate... "
VUT=$!
echo "Waiting for token to become available" # Remove old, invalid token
while ! [ -f ${HOME}/.vault-token ]; do rm -f "${HOME}/.vault-token"
# Give the program a moment to get a token
echo -n .
sleep 0.5
if ! ( kill -0 $VUT ); then VUT=$(pgrep -f vault-user-token || echo "" | xargs)
echo "vault-user-token exitted, giving up." [ -n "$VUT" ] && { step "Killing old vault-user-token processes..."; kill ${VUT}; }
exit 1
fi
done
echo
if ! (vault token-lookup 1>/dev/null 2>&1); then # Start new vault-user-token daemon
echo "Vault authentication failed finally" vault-user-token --full-hostname=false >/dev/null 2>&1 &
exit 1 VUT=$!
step "Waiting for token to become available..."
while ! [ -f "${HOME}/.vault-token" ]; do
# Give the program a moment to get a token
sleep 0.5
if ! ( kill -0 $VUT ); then
fail "vault-user-token exitted, giving up."
fi fi
done
fi ( vault token-lookup >/dev/null 2>&1 ) || fail "Vault authentication failed finally"
success "Vault token became available and is valid"

2
bin/script_framework.sh
View File

@ -8,7 +8,7 @@ function error {
} }
function fail { function fail {
error "Error: $@" error "$@"
exit 1 exit 1
} }