Skip to content

Instantly share code, notes, and snippets.

@carlchan

carlchan/escurl.sh

Last active June 18, 2021 20:20
Show Gist options
  • Save carlchan/384477616cfe1c85a3c063d936c47983 to your computer and use it in GitHub Desktop.
Save carlchan/384477616cfe1c85a3c063d936c47983 to your computer and use it in GitHub Desktop.
Download ZIP
Before I discovered HTTPie, I wrote this to help manage some elasticsearch clusters. saves hostname and login credentials in per session encrypted cache so you don't have to type them every time and they don't get saved in command history either.
Raw
escurl.sh
#!/usr/bin/env bash
# Export ESUSER and/or ESPASS to login profile
# Credentials will be cached for your session
CACHEDCREDS="${HOME}/.escurl"
ESHOST_DEFAULT="https://$(hostname -f):9200"
showhelp() {
ESCURL=$(basename $0)
echo Usage: ${ESCURL} GET/DELETE/POST/PUT APIpath \[DATA\|@filename\]
echo Defaults to GET if no method specified
echo examples:
echo ${ESCURL} '_cluster/health?pretty'
echo ${ESCURL} GET '_cluster/health?pretty'
echo ${ESCURL} PUT '_cluster/settings' '{"transient":{"cluster":{"routing":{"allocation":{"exclude":{"_ip":null}}}}}}'
echo
echo Debug options:
echo CachedCredentials file: ${CACHEDCREDS}
echo dec - show cache contents
echo flush - clear cache
echo
exit 1
}
## ES Credentials caching functions
credkey=$(sha256sum <<<"$XDG_SESSION_ID $(date +%y%m%d) $UID $(systemd-analyze) $SUDO_UID $SUDO_USER")
# per user day/reboot stored credentials
#credkey="$0 $(date +%y%m%d) $UID $(systemd-analyze)"
set -eu
dec() {
openssl aes-256-cbc -e -A -salt -md sha512 -pbkdf2 -d -a -pass pass:"${credkey}"
}
enc() {
openssl enc -e -a -A -aes-256-cbc -md sha512 -pbkdf2 -salt -pass pass:"${credkey}"
}
cachecreds() {
CHECKSTATUS=$(jq '.status==401' <<<${RESULT} 2>/dev/null)
if [ "${CHECKSTATUS}" == "true" ]; then
rm -f ${CACHEDCREDS}
else
cat <<EOF | enc > $CACHEDCREDS
ESUSER=${ESUSER}
ESPASS=${ESPASS}
ESHOST=${ESHOST}
EOF
fi
}
#############
if [ $# -eq 0 ]; then
showhelp
fi
if [[ "$1" == http* ]]; then
ESHOST_OVERRIDE="$1"
shift
else
ESHOST=${ESHOST:="${ESHOST_DEFAULT}"}
fi
shopt -s nocasematch
case "$1" in
help ) showhelp;;
POST|DELETE|GET|PUT ) METHOD="$(echo $1 | tr [:lower:] [:upper:])";REQUEST="$2";;
dec ) [ -e "${CACHEDCREDS}" ] && cat "${CACHEDCREDS}" | dec | sed 's/^ESPASS=.*/ESPASS=#########/g' || echo Cache not found; exit;;
flush ) rm -f "${CACHEDCREDS}"; echo Removed cached credentials; exit;;
* ) if [ $# -eq 1 ]; then
METHOD="GET"
REQUEST="$1"
else
echo Invalid method
exit 1
fi;;
esac
## Get auth info
set +e
if [ -e ${CACHEDCREDS} ]; then
CREDS=$(cat ${CACHEDCREDS} | dec 2>/dev/null)
if [ $? -eq 0 ]; then
eval "${CREDS}"
else
rm -f ${CACHEDCREDS}
fi
fi
set -e
ESHOST=${ESHOST_OVERRIDE:=$ESHOST}
if [[ "${ESHOST}" == http://* ]]; then
read -p "Unencrypted connection to ${ESHOST}, are you sure? (y/n) " INSECURE
case ${INSECURE} in
y* ) ;;
* ) echo Aborting.; exit;;
esac
fi
set +u
RETRIES=0
while [ -z "${ESUSER}" -a ${RETRIES} -lt 3 ]; do
let RETRIES+=1
read -p "User: " ESUSER
done
RETRIES=0
while [ -z "${ESPASS}" -a ${RETRIES} -lt 3 ]; do
let RETRIES+=1
read -s -p "Password for \"${ESUSER}\": " ESPASS
echo
done
if [ -z "${ESUSER}" -o -z "${ESPASS}" ]; then
echo No credentials provided
exit 1
fi
set -u
#####
if [ $# -eq 3 ]; then
DATA=$3
else
DATA=""
fi
if [ "${METHOD}" == "PUT" -a $# -ne 3 ]; then
echo No data specified for PUT
exit 1
fi
set +e
RESULT=$(curl -X ${METHOD} -s -H 'Content-Type: application/json' -u ${ESUSER}:${ESPASS} "${ESHOST}/${REQUEST}" -d "${DATA}")
if [ $? -eq 0 ]; then
cachecreds &
if [ -t 1 ]; then
jq <<<${RESULT} 2>/dev/null || cat <<<"${RESULT}"
else
cat <<<"${RESULT}"
fi
else
echo Unknown Curl error connecting to ${ESHOST}
exit 1
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment