Created
April 28, 2017 20:58
-
-
Save csterwa/eccf37cfd93618b67735dfb1a72d57b8 to your computer and use it in GitHub Desktop.
Renews a Vault token via Spring Cloud Services Config Server client app
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| APP=$1 | |
| if [ "$APP" = "" ] | |
| then | |
| echo "ERROR: Must provide application name that is accessible via `cf app [appname]` and bound to Config Server instance as first argument to script." | |
| exit 1 | |
| fi | |
| INTERVAL=$2 | |
| if [ "$INTERVAL" = "" ] | |
| then | |
| echo "ERROR: Must provide token time interval as second argument to script." | |
| exit 1 | |
| fi | |
| if [ "$VAULT_TOKEN" = "" ] | |
| then | |
| echo "ERROR: Must provide a valid Vault token via the VAULT_TOKEN environment variable." | |
| exit 1 | |
| fi | |
| ACCESS_TOKEN_URI=`cf env $APP | grep access_token_uri | awk '{print $2}' | sed 's/\"//g' | sed 's/,//'` | |
| CLIENT_ID=`cf env $APP | grep client_id | awk '{print $2}' | sed 's/\"//g' | sed 's/,//'` | |
| CLIENT_SECRET=`cf env $APP | grep client_secret | awk '{print $2}' | sed 's/\"//g' | sed 's/,//'` | |
| CONFIG_SERVER_URI=`cf env $APP | grep "\"uri\":" | awk '{print $2}' | sed 's/\"//g' | sed 's/,//'` | |
| echo "Getting token from $ACCESS_TOKEN_URI" | |
| TOKEN=$(curl -k $ACCESS_TOKEN_URI -u "$CLIENT_ID:$CLIENT_SECRET" -d grant_type=client_credentials | jq -r .access_token) | |
| echo "Renewing token for $APP from Vault server at $CONFIG_SERVER_URI" | |
| curl -k -H "Authorization: bearer $TOKEN" -H "X-VAULT-Token: $VAULT_TOKEN" -H "Content-Type: application/json" -X POST "$CONFIG_SERVER_URI/vault/v1/auth/token/renew-self" -d "{\"increment\": $INTERVAL}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment