-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathhost_catalog.sh
41 lines (33 loc) · 2.32 KB
/
host_catalog.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/bin/bash
mkdir -p secrets/
echo "vault read boundary/aws/creds/ecs -format=json > secrets/boundary_host.json"
vault read boundary/aws/creds/ecs -format=json > secrets/boundary_host.json
read -n1
echo "cat secrets/boundary_host.json | jq .data.access_key"
cat secrets/boundary_host.json | jq .data.access_key
read -n1
AWS_ACCESS_KEY_ID=$(cat secrets/boundary_host.json | jq -r .data.access_key)
AWS_SECRET_ACCESS_KEY=$(cat secrets/boundary_host.json | jq -r .data.secret_key)
ECS_CLUSTER=$(cd infrastructure && terraform output -raw ecs_cluster)
echo 'boundary host-catalogs create plugin -format=json -plugin-name="aws" -scope-id='$(cd boundary && terraform output -raw core_infra_scope_id)' -attr="disable_credential_rotation=true" -attr="region='$(cd hcp && terraform output -raw region)'" -secret="access_key_id=${AWS_ACCESS_KEY_ID}" -secret="secret_access_key=${AWS_SECRET_ACCESS_KEY}" > secrets/host_catalog_config.json'
boundary host-catalogs create plugin -format=json \
-plugin-name="aws" \
-scope-id=$(cd boundary && terraform output -raw core_infra_scope_id) \
-attr="disable_credential_rotation=true" \
-attr="region=$(cd hcp && terraform output -raw region)" \
-secret="access_key_id=${AWS_ACCESS_KEY_ID}" \
-secret="secret_access_key=${AWS_SECRET_ACCESS_KEY}" > secrets/host_catalog_config.json
read -n1
echo "boundary host-sets create plugin -format=json -name='ecs-nodes' -host-catalog-id=$(cat secrets/host_catalog_config.json | jq -r '.item.id') --attributes='{\"filters\": [\"tag:Cluster=${ECS_CLUSTER}\"]}' > secrets/host_set_config.json"
boundary host-sets create plugin -format=json \
-name="ecs-nodes" \
-host-catalog-id=$(cat secrets/host_catalog_config.json | jq -r '.item.id') \
--attributes='{"filters": ["tag:Cluster='${ECS_CLUSTER}'"]}' > secrets/host_set_config.json
read -n1
echo "boundary targets add-host-sets -host-set=$(cat secrets/host_set_config.json | jq -r '.item.id') -id=$(cd boundary && terraform output -raw boundary_target_ecs)"
boundary targets add-host-sets \
-host-set=$(cat secrets/host_set_config.json | jq -r '.item.id') \
-id=$(cd boundary && terraform output -raw boundary_target_ecs)
read -n1
echo "boundary hosts list -host-catalog-id=$(cat secrets/host_catalog_config.json | jq -r '.item.id')"
boundary hosts list -host-catalog-id=$(cat secrets/host_catalog_config.json | jq -r '.item.id')