svk
/
vault
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
vault/scripts/generate_gitlab_token.sh

60 lines
3.6 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

#!/bin/bash
######################################################################################
# Получение токена в hashicorp vault и запись его
# в переменную в gitlab в соответствующий проект
# Сергей Калинин, 2022
######################################################################################
# Формат входного файла:
# -----------------------------------------------------------------------------------
# Идентификатор_проекта_в_gitlab;Имя_переменной;Политика_в_vault;Время_жизни_токена
# 12;VAULT_TOKEN;some_policy_ro;24
# 33;TOKEN_VAULT_SOME;other_policy_rw;72
#
######################################################################################
TOKENS_LIST=${1:-"/etc/vault/create_tokens"}
GITLAB_API_URL=${GITLAB_API_URL:-"https://gitlab/api/v4"}
GITLAB_API_TOKEN=$(docker exec -t vault vault kv get -format=json secret/gitlab | jq -r ".data.data.token")
CUR_DATETIME=$(/usr/bin/date +'%d.%m.%Y_%H:%M:%S')
while read LINE; do
GITLAB_PROJECT_ID=$(echo $LINE | cut -d ";" -f1)
# echo "$GITLAB_PROJECT_ID"
TOKEN_VARIABLE_NAME=$(echo $LINE | cut -d ";" -f2)
# echo "$TOKEN_VARIABLE_NAME"
VAULT_POLICY_NAME=$(echo $LINE | cut -d ";" -f3)
# echo "$VAULT_POLICY_NAME"
VAULT_TOKEN_TTL=$(echo $LINE | cut -d ";" -f4)
# echo "$VAULT_TOKEN_TTL"
GITLAB_PROJECT_URL="${GITLAB_API_URL}/projects/${GITLAB_PROJECT_ID}/variables"
# echo "$GITLAB_PROJECT_URL"
# Получаем существующий токен из гитлаба
# echo "curl -s --request GET --header "PRIVATE-TOKEN: ${GITLAB_API_TOKEN}" "${GITLAB_PROJECT_URL}/${TOKEN_VARIABLE_NAME}" | jq -r .value"
CURRENT_TOKEN=$(curl -s --request GET --header "PRIVATE-TOKEN: ${GITLAB_API_TOKEN}" "${GITLAB_PROJECT_URL}/${TOKEN_VARIABLE_NAME}" | jq -r .value )
# echo "$CURRENT_TOKEN"
TOKEN_DATA=$(docker exec -t vault vault token lookup ${CURRENT_TOKEN})
#echo "$TOKEN_DATA"
if [[ -n $(echo "$TOKEN_DATA" | grep "Error looking up token") ]]; then
# генерим токен для требуемой политики.
TOKEN=$(docker exec -t vault vault token create -policy=${VAULT_POLICY_NAME} -ttl=${VAULT_TOKEN_TTL}h -explicit-max-ttl=${VAULT_TOKEN_TTL}h -format=json | jq -r ".auth.client_token")
# обновляем переменную в проекте в гитлаб
RESULT=$(curl -s --request PUT --header "PRIVATE-TOKEN: ${GITLAB_API_TOKEN}" "${GITLAB_PROJECT_URL}/${TOKEN_VARIABLE_NAME}" --form "value=${TOKEN}")
# Если переменной нет, то она будет создана
if (echo ${RESULT} | grep -i "variable not found"); then
RESULT=$(curl -s --request POST --header "PRIVATE-TOKEN: ${GITLAB_API_TOKEN}" "${GITLAB_PROJECT_URL}" --form "key=${TOKEN_VARIABLE_NAME}" --form "value=${TOKEN}")
fi
# Меняем токен на * в выводе (для маскировки)
RESULT=$(echo "$RESULT" | sed -e 's/value\":\"[a-zA-Z0-9.]*\"/\"value\":\"******\"/g')
echo "$CUR_DATETIME: Token for \"$GITLAB_PROJECT_URL $TOKEN_VARIABLE_NAME\" was recreated"
echo "$CUR_DATETIME: Gitlab return a result: $RESULT"
else
TOKEN_RENEW_PERIOD=$(echo "${TOKEN_DATA}" | grep -E -i "^period\s+[0-9]+h" | grep -E -o "[0-9]+")
TOKEN_TTL=$(echo "${TOKEN_DATA}" | grep -E -i -o "^ttl\s+[0-9]+h" | grep -E -o "[0-9]+")
echo "$CUR_DATETIME: Token for \"$GITLAB_PROJECT_URL $TOKEN_VARIABLE_NAME\" just alive with TOKEN_TTL: $TOKEN_TTL"
fi
done < $TOKENS_LIST
Reference in New Issue View Git Blame Copy Permalink