This repository was archived by the owner on Dec 19, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaddSSH.sh
More file actions
executable file
·69 lines (61 loc) · 2.33 KB
/
addSSH.sh
File metadata and controls
executable file
·69 lines (61 loc) · 2.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#!/bin/bash
if [[ -n "${GENERATION_DEBUG}" ]]; then set ${GENERATION_DEBUG}; fi
trap '. ${GENERATION_DIR}/cleanupContext.sh; exit ${RESULT:-1}' EXIT SIGHUP SIGINT SIGTERM
function usage() {
echo -e "\nAdd SSH certificate to product/segment"
echo -e "\nUsage: $(basename $0) "
echo -e "\nwhere\n"
echo -e " -h shows this text"
echo -e "\nDEFAULTS:\n"
echo -e "\nNOTES:\n"
echo -e "1. Current directory must be for product or segment"
echo -e ""
exit
}
# Parse options
while getopts ":hn:" opt; do
case $opt in
h)
usage
;;
\?)
echo -e "\nInvalid option: -${OPTARG}"
usage
;;
:)
echo -e "\nOption -${OPTARG} requires an argument"
usage
;;
esac
done
# Set up the context
. ${GENERATION_DIR}/setContext.sh
# Process the relevant directory
INFRASTRUCTURE_DIR="${GENERATION_DATA_DIR}/infrastructure/${PRODUCT}"
CREDENTIALS_DIR="${INFRASTRUCTURE_DIR}/credentials"
if [[ "product" =~ ${LOCATION} ]]; then
SSH_ID="${PRODUCT}"
KEYID=$(cat ${COMPOSITE_STACK_OUTPUTS} | jq -r '.[] | select(.OutputKey=="cmkXproductXcmk") | .OutputValue | select (.!=null)')
elif [[ "segment" =~ ${LOCATION} ]]; then
CREDENTIALS_DIR="${CREDENTIALS_DIR}/${SEGMENT}"
SSH_ID="${PRODUCT}-${SEGMENT}"
KEYID=$(cat ${COMPOSITE_STACK_OUTPUTS} | jq -r '.[] | select(.OutputKey=="cmkXsegmentXcmk") | .OutputValue | select (.!=null)')
SSHPERSEGMENT=$(cat ${COMPOSITE_BLUEPRINT} | jq -r '.Segment.SSHPerSegment | select (.!=null)')
if [[ "${SSHPERSEGMENT}" != "true" ]]; then
echo -e "\nAn SSH key is not required for this segment. Check the SSHPerSegment setting if unsure"
usage
fi
else
echo -e "\nWe don't appear to be in the product or segment directory. Are we in the right place?"
usage
fi
# Ensure we've create a cmk to encrypt the SSH private key
if [[ -z "${KEYID}" ]]; then
echo -e "\nNo cmk defined to encrypt the SSH private key. Create the cmk slice before running this script again"
usage
fi
# Create an SSH certificate at the product level
. ${GENERATION_DIR}/createSSHCertificate.sh ${CREDENTIALS_DIR}
# Check that the SSH certificate has been defined in AWS
${GENERATION_DIR}/manageSSHCertificate.sh -i ${SSH_ID} -p ${CREDENTIALS_DIR}/aws-ssh-crt.pem -r ${REGION}
RESULT=$?