-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathdev.sh
executable file
·86 lines (70 loc) · 2.25 KB
/
dev.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/usr/bin/env bash
set -e
DIR="$(cd "$(dirname "$(readlink "$0")")" && pwd)"
echo "==> Starting dev"
echo " --> Scratch dir"
echo " Creating"
SCRATCH="$DIR/tmp"
mkdir -p "$SCRATCH/plugins"
echo " --> Vault server"
echo " Writing config"
tee "$SCRATCH/vault.hcl" > /dev/null <<EOF
plugin_directory = "$SCRATCH/plugins"
EOF
echo " --> Configuring Shell Environment"
export VAULT_DEV_ROOT_TOKEN_ID="root"
export VAULT_ADDR="http://127.0.0.1:8200"
echo " --> Starting Vault"
vault server \
-dev \
-log-level="debug" \
-config="$SCRATCH/vault.hcl" \
> "$SCRATCH/vault.log" 2>&1 &
sleep 3
VAULT_PID=$!
echo " --> Starting PostgreSQL container"
docker run --rm \
--publish 5432:5432 \
--name vault-test-pg-cluster \
--detach \
-e POSTGRES_PASSWORD=secret \
-e POSTGRES_USER=super_admin \
-e POSTGRES_DB=postgres \
postgres:9.6.11 > /dev/null
function cleanup {
echo ""
echo " ==> Cleaning up"
kill -INT "$VAULT_PID"
rm -rf "$SCRATCH"
docker kill vault-test-pg-cluster > /dev/null
}
trap cleanup EXIT
echo " --> Authenticating with vault"
vault login root &>/dev/null
echo " --> Building plugin"
go build -o "$SCRATCH/plugins/vault-secrets-postgres-cluster"
SHASUM=$(shasum -a 256 "$SCRATCH/plugins/vault-secrets-postgres-cluster" | cut -d " " -f1)
echo " --> Registering plugin"
vault write sys/plugins/catalog/secret/pg-cluster \
sha_256="$SHASUM" \
command="vault-secrets-postgres-cluster" | awk '{print " " $0}'
echo " --> Mounting plugin"
vault secrets enable -path=pg-cluster pg-cluster | awk '{print " " $0}'
echo " --> Reading out"
vault read pg-cluster/info | awk '{print " " $0}'
echo " --> Postgres is available:"
echo " Port: 5432"
echo " User: super_admin"
echo " Password: secret"
echo " Database: postgres"
echo ""
echo " --> Vault is available:"
awk '/Unseal Key:|Root Token:/ { print " " $0 }' "$SCRATCH/vault.log"
echo ""
echo " --> See vault logs in $SCRATCH/vault.log"
echo " --> See postgres logs with 'docker logs -f vault-test-pg-cluster'"
echo " ==> Ready!"
# Only hold control if not being sourced
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
wait $!
fi