-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwork.profile.zsh
68 lines (59 loc) · 2.09 KB
/
work.profile.zsh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
function dauth_acc {
curl -s -X POST -d "grant_type=password&username=mishk500&password=$(op item get ixp54ndrrk5afvw2jlpairykcy --fields password)&scope=openid profile email groups" -u "277447:" https://d-auth-acceptance.tcloud-acc1.np.aws.kpn.org/openid/token/ | jq '("Bearer " + .access_token)' -r
}
function keepass_auth {
op read op://KPN/Keepass/password
}
VAULT_ADDRESS_PROD=https://de-vault-production.tcloud-de-prd1.prod.aws.kpn.org/
VAULT_ADDRESS_ACC=https://de-vault-acceptance.tcloud-de-acc1.np.aws.kpn.org/
VAULT_ADDRESS_DEV=https://de-vault-tst.tcloud-de-dev1.np.aws.kpn.org/
function vault_login {
printf "Logging into vault($1)\n" 1>&2
case $1 in
prod)
export VAULT_ADDR=$VAULT_ADDRESS_PROD
;;
acc)
export VAULT_ADDR=$VAULT_ADDRESS_ACC
;;
dev)
export VAULT_ADDR=$VAULT_ADDRESS_DEV
;;
*)
echo "Unknown environment"
;;
esac
password=`op item get ixp54ndrrk5afvw2jlpairykcy --fields password`
export VAULT_TOKEN=`vault login -token-only -address $VAULT_ADDR -method ldap username=mishk500 password=$password`
unset password
}
function vault_prod {
vault_login prod
}
function vault_acc {
vault_login acc
}
function vault_dev {
vault_login dev
}
export AWS_PAGER="bat -ljson"
if type colima &>/dev/null
then
export DOCKER_HOST=unix:///Users/andriimishkovskyi/.colima/default/docker.sock
fi
function zipped_creds {
env=$1
app=$2
zip_path=$2-$1.zip
printf "Zipping credentials for application $app in $env\n" 1>&2
vault_login $env
client_id=`vault kv get -field client_id secret/conductor-external-apps/$app-credentials`
passphrase=`openssl rand -hex 32`
printf "Client id is ${client_id} Password is: ${passphrase} \n"
rm -rf client_secret.txt
mkfifo client_secret.txt
vault kv get -field client_secret secret/conductor-external-apps/$app-credentials >client_secret.txt&
zip -e -FI $zip_path client_secret.txt
rm -rf client_secret.txt
printf "File has been written to $zip_path\n"
}