Move vault-token handling in auth_env
This commit is contained in:
parent
5ff5575363
commit
dcd8a1c53d
31
ctctl
31
ctctl
|
|
@ -112,16 +112,6 @@ check_vault_token(){
|
|||
vault token lookup > /dev/null 2>&1
|
||||
if vault token lookup > /dev/null 2>&1; then
|
||||
echo 1
|
||||
elif [ -n "${VAULT_TOKEN:-}" -a -e ~/.vault-token ]; then
|
||||
# If VAULT_TOKEN is defined, unset it and try again. This is because we might
|
||||
# have a valid token in ~/.vault-token but an expired token is set in VAULT_TOKEN
|
||||
# and is taking precedence
|
||||
export VAULT_TOKEN=$(cat ~/.vault-token)
|
||||
if vault token lookup > /dev/null 2>&1; then
|
||||
echo 1
|
||||
else
|
||||
echo 0
|
||||
fi
|
||||
else
|
||||
echo 0
|
||||
fi
|
||||
|
|
@ -162,7 +152,21 @@ auth_env(){
|
|||
echo "Unknown environment"
|
||||
kill -INT $$
|
||||
fi
|
||||
|
||||
NEED_LOGIN=0
|
||||
if [ "$(check_vault_token)" != "1" ]; then
|
||||
if [ -n "${VAULT_TOKEN:-}" -a -e ~/.vault-token ]; then
|
||||
# If VAULT_TOKEN is defined, unset it and try again. This is because we might
|
||||
# have a valid token in ~/.vault-token but an expired token is set in VAULT_TOKEN
|
||||
# and is taking precedence
|
||||
export VAULT_TOKEN=$(cat ~/.vault-token)
|
||||
if [ "$(check_vault_token)" != "1" ]; then
|
||||
NEED_LOGIN=1
|
||||
fi
|
||||
NEDD_LOGIN=1
|
||||
fi
|
||||
fi
|
||||
if [ "${NEED_LOGIN}" = "1" ]; then
|
||||
echo "You're not connected on vault. Please enter your account password"
|
||||
export VAULT_TOKEN=$(vault login -field=token ${VAULT_AUTH_CONFIG:--method=ldap username=${CTCTL_USER:-$(whoami | sed -r 's/\@.*//')}} || kill -INT $$)
|
||||
echo "Logged on vault successfuly"
|
||||
|
|
@ -170,7 +174,10 @@ auth_env(){
|
|||
echo "Your vault token is valid"
|
||||
vault token renew > /dev/null 2>&1
|
||||
fi
|
||||
unset NEED_LOGIN
|
||||
|
||||
VAULT_TOKEN_INFO=$(vault token lookup -format=json)
|
||||
|
||||
# TODO make the role selection more generic
|
||||
if [ "$(echo $VAULT_TOKEN_INFO | jq '.data.policies | any(. == "admin-policy" or .== "admin")')" == "true" ]; then
|
||||
NOMAD_ROLE=admin
|
||||
|
|
@ -267,7 +274,7 @@ load_policies(){
|
|||
kill -INT $$
|
||||
fi
|
||||
|
||||
for DIR in ./output ./; do
|
||||
for DIR in ./output .; do
|
||||
if [ -d "${DIR}/vault/policies" ]; then
|
||||
if [ "$(check_vault_token)" != "1" ]; then
|
||||
echo "No valid vault token. You have to authenticate first"
|
||||
|
|
@ -327,7 +334,7 @@ load_policies(){
|
|||
# Load consul config
|
||||
load_consul_conf(){
|
||||
|
||||
for DIR in ./output ./; do
|
||||
for DIR in ./output .; do
|
||||
if [ -d "${DIR}/consul/config" ]; then
|
||||
if [ "$(check_consul_token)" != "1" ]; then
|
||||
echo "No valid consul token. You have to authenticate first"
|
||||
|
|
|
|||
Loading…
Reference in New Issue