File: set-bundle.sh

package info (click to toggle)
spike 0.8.0%2Bdfsg-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 2,252 kB
  • sloc: xml: 2,730; sh: 429; makefile: 23
file content (75 lines) | stat: -rwxr-xr-x 2,086 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
#!/usr/bin/env bash

#    \\ SPIKE: Secure your secrets with SPIFFE. — https://spike.ist/
#  \\\\\ Copyright 2024-present SPIKE contributors.
# \\\\\\\ SPDX-License-Identifier: Apache-2.0

CURRENT_HOST=$(hostname)

# Function to set bundle
set_bundle() {
  local trust_domain=$1
  local bundle_file=$2

  echo "Setting bundle for $trust_domain..."
  echo "bundle file: $bundle_file"

  # Read the bundle content and pass it through stdin
  kubectl exec -i -n spire-server statefulset/spiffe-server -c spire-server -- \
    /opt/spire/bin/spire-server bundle set -format spiffe \
    -socketPath /tmp/spire-server/private/api.sock \
    -id "spiffe://$trust_domain" < "$bundle_file"
}


# Function to list bundles
list_bundles() {
  echo "Current bundles:"
  kubectl exec -n spire-server statefulset/spiffe-server -c spire-server -- \
    /opt/spire/bin/spire-server bundle list \
    -socketPath /tmp/spire-server/private/api.sock
}

cd ~ || exit

case $CURRENT_HOST in
  mgmt)
    echo "=== Running on ${CURRENT_HOST} host ==="

    # Check if spoke bundles exist
    if [[ -f "bundle-workload.json" && -f "bundle-edge-1.json" \
      && -f "bundle-edge-2.json" && -f "bundle-edge-3.json" ]]; then
      echo "Found spoke bundles, setting them up..."
      set_bundle "workload.spike.ist" "bundle-workload.json"
      set_bundle "edge-1.spike.ist" "bundle-edge-1.json"
      set_bundle "edge-2.spike.ist" "bundle-edge-2.json"
      set_bundle "edge-3.spike.ist" "bundle-edge-3.json"
      list_bundles
    else
      echo "Missing bundles!"
      exit 1
    fi
    ;;

  workload|edge-1|edge-2|edge-3)
    echo "=== Running on ${CURRENT_HOST} host ==="

    # Set mgmt bundle if it exists
    if [[ -f "bundle-mgmt.json" ]]; then
      echo "Found mgmt bundle, setting it up..."
      set_bundle "mgmt.spike.ist" "bundle-mgmt.json"
    else
      echo "Missing bundles!"
      exit 1
    fi
    ;;

  *)
    echo "ERROR: Unknown hostname: $CURRENT_HOST"
    echo "Expected one of: mgmt, workload, edge-1, edge-2, edge-3"
    exit 1
    ;;
esac

echo ""
echo "Everything is awesome!"