133 lines
4.2 KiB
Bash
Executable File
133 lines
4.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
# Generate an OpenAPI document for all backends.
|
|
#
|
|
# Assumptions:
|
|
#
|
|
# 1. Vault has been checked out at an appropriate version and built
|
|
# 2. vault executable is in your path
|
|
# 3. Vault isn't already running
|
|
# 4. jq is installed
|
|
|
|
cd "$(dirname "${BASH_SOURCE[0]}")"
|
|
|
|
echo "Starting Vault..."
|
|
if pgrep -x "vault" > /dev/null
|
|
then
|
|
echo "Vault is already running. Aborting."
|
|
exit 1
|
|
fi
|
|
|
|
vault server -dev -dev-root-token-id=root &
|
|
sleep 2
|
|
VAULT_PID=$!
|
|
|
|
export VAULT_ADDR=http://127.0.0.1:8200
|
|
|
|
echo "Mounting all builtin plugins..."
|
|
|
|
# Enable auth plugins
|
|
codeLinesStarted=false
|
|
|
|
while read -r line; do
|
|
if [[ $line == *"credentialBackends:"* ]] ; then
|
|
codeLinesStarted=true
|
|
elif [[ $line == *"databasePlugins:"* ]] ; then
|
|
break
|
|
elif [ $codeLinesStarted = true ] && [[ $line == *"consts.Deprecated"* || $line == *"consts.PendingRemoval"* || $line == *"consts.Removed"* ]] ; then
|
|
auth_plugin_previous=""
|
|
elif [ $codeLinesStarted = true ] && [[ $line =~ ^\s*\"(.*)\"\:.*$ ]] ; then
|
|
auth_plugin_current=${BASH_REMATCH[1]}
|
|
|
|
if [[ -n "${auth_plugin_previous}" ]] ; then
|
|
echo "enabling auth plugin: ${auth_plugin_previous}"
|
|
vault auth enable "${auth_plugin_previous}"
|
|
fi
|
|
|
|
auth_plugin_previous="${auth_plugin_current}"
|
|
fi
|
|
done <../../vault/helper/builtinplugins/registry.go
|
|
|
|
if [[ -n "${auth_plugin_previous}" ]] ; then
|
|
echo "enabling auth plugin: ${auth_plugin_previous}"
|
|
vault auth enable "${auth_plugin_previous}"
|
|
fi
|
|
|
|
# Enable secrets plugins
|
|
codeLinesStarted=false
|
|
|
|
while read -r line; do
|
|
if [[ $line == *"logicalBackends:"* ]] ; then
|
|
codeLinesStarted=true
|
|
elif [[ $line == *"addExternalPlugins("* ]] ; then
|
|
break
|
|
elif [ $codeLinesStarted = true ] && [[ $line == *"consts.Deprecated"* || $line == *"consts.PendingRemoval"* || $line == *"consts.Removed"* ]] ; then
|
|
secrets_plugin_previous=""
|
|
elif [ $codeLinesStarted = true ] && [[ $line =~ ^\s*\"(.*)\"\:.*$ ]] ; then
|
|
secrets_plugin_current=${BASH_REMATCH[1]}
|
|
|
|
if [[ -n "${secrets_plugin_previous}" ]] ; then
|
|
echo "enabling secrets plugin: ${secrets_plugin_previous}"
|
|
vault secrets enable "${secrets_plugin_previous}"
|
|
fi
|
|
|
|
secrets_plugin_previous="${secrets_plugin_current}"
|
|
fi
|
|
done <../../vault/helper/builtinplugins/registry.go
|
|
|
|
if [[ -n "${secrets_plugin_previous}" ]] ; then
|
|
echo "enabling secrets plugin: ${secrets_plugin_previous}"
|
|
vault secrets enable "${secrets_plugin_previous}"
|
|
fi
|
|
|
|
# Enable enterprise features
|
|
entRegFile=../../vault/helper/builtinplugins/registry_util_ent.go
|
|
if [ -f $entRegFile ] && [[ -n "${VAULT_LICENSE}" ]]; then
|
|
vault write sys/license text="${VAULT_LICENSE}"
|
|
|
|
codeLinesStarted=false
|
|
|
|
while read -r line; do
|
|
if [[ $line == *"ExternalPluginsEnt:"* ]] ; then
|
|
codeLinesStarted=true
|
|
elif [[ $line == *"addExtPluginsEntImpl("* ]] ; then
|
|
break
|
|
elif [ $codeLinesStarted = true ] && [[ $line == *"consts.Deprecated"* || $line == *"consts.PendingRemoval"* || $line == *"consts.Removed"* ]] ; then
|
|
secrets_plugin_previous=""
|
|
elif [ $codeLinesStarted = true ] && [[ $line =~ ^\s*\"(.*)\"\:.*$ ]] ; then
|
|
ent_plugin_current=${BASH_REMATCH[1]}
|
|
|
|
if [[ -n "${ent_plugin_previous}" ]] ; then
|
|
echo "enabling enterprise plugin: ${ent_plugin_previous}"
|
|
vault secrets enable "${ent_plugin_previous}"
|
|
fi
|
|
|
|
ent_plugin_previous="${ent_plugin_current}"
|
|
fi
|
|
done <$entRegFile
|
|
|
|
if [[ -n "${ent_plugin_previous}" ]] ; then
|
|
echo "enabling enterprise plugin: ${ent_plugin_previous}"
|
|
vault secrets enable "${ent_plugin_previous}"
|
|
fi
|
|
fi
|
|
|
|
# Output OpenAPI, optionally formatted
|
|
if [ "$1" == "-p" ]; then
|
|
curl --header 'X-Vault-Token: root' \
|
|
--data '{"generic_mount_paths": true}' \
|
|
'http://127.0.0.1:8200/v1/sys/internal/specs/openapi' | jq > openapi.json
|
|
else
|
|
curl --header 'X-Vault-Token: root' \
|
|
--data '{"generic_mount_paths": true}' \
|
|
'http://127.0.0.1:8200/v1/sys/internal/specs/openapi' > openapi.json
|
|
fi
|
|
|
|
kill $VAULT_PID
|
|
sleep 1
|
|
|
|
echo
|
|
echo "openapi.json generated"
|