You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
60 lines
1.7 KiB
60 lines
1.7 KiB
#!/bin/sh |
|
## |
|
## consul-acl-update.sh -- Update Consul ACL |
|
## |
|
|
|
# parse command line options |
|
opt_mt="" |
|
opt_id="" |
|
opt_name="Client" |
|
opt_type="client" |
|
while [ ".$1" != . ]; do |
|
case "$1" in |
|
-m ) opt_mt="$2"; shift; shift ;; |
|
-i ) opt_id="$2"; shift; shift ;; |
|
-n ) opt_name="$2"; shift; shift ;; |
|
-t ) opt_type="$2"; shift; shift ;; |
|
* ) break ;; |
|
esac |
|
done |
|
if [ $# -ne 1 ]; then |
|
echo "Usage: consul-acl-update [-m <master-token>] [-i <id>] [-n <name>] [-t <type>] <policy-file>" |
|
exit 1 |
|
fi |
|
policy_file="$1" |
|
if [ ! -f "$policy_file" ]; then |
|
echo "$0: ERROR: no such policy file \"\$policy_file\"" |
|
exit 1 |
|
fi |
|
|
|
# determine ACL master token |
|
if [ ".$opt_mt" = . ]; then |
|
opt_mt=`(grep '^acl_master_token' @l_prefix@/etc/consul/consul.hcl) 2>/dev/null |\ |
|
@l_prefix@/bin/sed -e 's;^.*"\(.*\)";\1;'` |
|
if [ ".$opt_mt" = . ]; then |
|
echo "$0: ERROR: unable to determine Consul ACL master token (use option -m to specify manually)" |
|
exit 1 |
|
fi |
|
fi |
|
|
|
# determine ACL id (aka client token) |
|
if [ ".$opt_id" = . ]; then |
|
opt_id=`@l_prefix@/bin/uuid -v4` |
|
fi |
|
|
|
# determine ACL client rules |
|
policy=`cat "$policy_file" | \ |
|
@l_prefix@/bin/sed ':a;N;$!ba;s/\n/ /g' | \ |
|
@l_prefix@/bin/sed -e '/^ *$/d' -e 's; *; ;g' -e 's;^ *;;' -e 's; *$;;'` |
|
|
|
# create/update ACL client token |
|
@l_prefix@/bin/jq -n \ |
|
--arg id "$opt_id" \ |
|
--arg name "$opt_name" \ |
|
--arg type "$opt_type" \ |
|
--arg policy "$policy" \ |
|
'{ "ID": $id, "Name": $name, "Type": $type, "Rules": $policy }' | \ |
|
@l_prefix@/bin/curl -k -s -S -X PUT -d @- \ |
|
"http://127.0.0.1:8500/v1/acl/update?token=$opt_mt" | \ |
|
@l_prefix@/bin/jq -r ".ID" |
|
|
|
|