-
Notifications
You must be signed in to change notification settings - Fork 82
/
3-create-registration-entries.sh
executable file
·32 lines (25 loc) · 1.34 KB
/
3-create-registration-entries.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#/bin/bash
set -e
bb=$(tput bold)
nn=$(tput sgr0)
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
fingerprint() {
# calculate the SHA1 digest of the DER bytes of the certificate using the
# "coreutils" output format (`-r`) to provide uniform output from
# `openssl sha1` on macOS and linux.
cat $1 | openssl x509 -outform DER | openssl sha1 -r | awk '{print $1}'
}
BROKER_WEBAPP_AGENT_FINGERPRINT=$(fingerprint ${DIR}/docker/broker-webapp/conf/agent.crt.pem)
QUOTES_SERVICE_AGENT_FINGERPRINT=$(fingerprint ${DIR}/docker/stock-quotes-service/conf/agent.crt.pem)
echo "${bb}Creating registration entry for the broker-webapp...${nn}"
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker bin/spire-server entry create \
-parentID spiffe://broker.example/spire/agent/x509pop/${BROKER_WEBAPP_AGENT_FINGERPRINT} \
-spiffeID spiffe://broker.example/webapp \
-selector unix:uid:0 \
-federatesWith "spiffe://stockmarket.example"
echo "${bb}Creating registration entry for the stock-quotes-service...${nn}"
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock bin/spire-server entry create \
-parentID spiffe://stockmarket.example/spire/agent/x509pop/${QUOTES_SERVICE_AGENT_FINGERPRINT} \
-spiffeID spiffe://stockmarket.example/quotes-service \
-selector unix:uid:0 \
-federatesWith "spiffe://broker.example"