| #!/bin/bash |
| |
| # Generates s3cmd config from rook.io CephObjectStoreUser secrets fetched from |
| # Kubernetes apiserver. Accepts extra K8S_INTERNAL=1 environment variable flag |
| # that generates config that connects to internal rgw service. |
| # |
| # Usage: |
| # bazel run //cluster/tools:rook-s3cmd-config > config |
| # s3cmd -c config --region "STORENAME:default-placement" mb s3://test/ |
| |
| set -euo pipefail |
| |
| # Copy-pasted from Bazel's Bash runfiles library (tools/bash/runfiles/runfiles.bash). |
| if [[ ! -d "${RUNFILES_DIR:-/dev/null}" && ! -f "${RUNFILES_MANIFEST_FILE:-/dev/null}" ]]; then |
| if [[ -f "$0.runfiles_manifest" ]]; then |
| export RUNFILES_MANIFEST_FILE="$0.runfiles_manifest" |
| elif [[ -f "$0.runfiles/MANIFEST" ]]; then |
| export RUNFILES_MANIFEST_FILE="$0.runfiles/MANIFEST" |
| elif [[ -f "$0.runfiles/bazel_tools/tools/bash/runfiles/runfiles.bash" ]]; then |
| export RUNFILES_DIR="$0.runfiles" |
| fi |
| fi |
| if [[ -f "${RUNFILES_DIR:-/dev/null}/bazel_tools/tools/bash/runfiles/runfiles.bash" ]]; then |
| source "${RUNFILES_DIR}/bazel_tools/tools/bash/runfiles/runfiles.bash" |
| elif [[ -f "${RUNFILES_MANIFEST_FILE:-/dev/null}" ]]; then |
| source "$(grep -m1 "^bazel_tools/tools/bash/runfiles/runfiles.bash " "$RUNFILES_MANIFEST_FILE" | cut -d ' ' -f 2-)" |
| else |
| echo >&2 "ERROR: cannot find @bazel_tools//tools/bash/runfiles:runfiles.bash" |
| exit 1 |
| fi |
| # endpaste |
| |
| kubectl=$(rlocation "hscloud/cluster/tools/kubectl") |
| if [ -z "$kubectl" ]; then |
| echo "Could not find kubectl in runfiles" >&2 |
| exit 1 |
| fi |
| |
| jq=$(rlocation "com_github_stedolan_jq/jq") |
| if [ -z "$jq" ]; then |
| echo "Could not find jq in runfiles" >&2 |
| exit 1 |
| fi |
| |
| username="${1}" |
| storename="${2:-waw-hdd-redundant-3-object}" |
| clustername="${3:-ceph-waw3}" |
| |
| if [ -z "$username" ]; then |
| echo "Usage: $0 <username>" >&2 |
| exit 1 |
| fi |
| |
| |
| secret="$($kubectl get secrets rook-ceph-object-user-$storename-$username -n $clustername -o json)" |
| accesskey="$(echo "$secret" | $jq -r '.data.AccessKey' | base64 -d)" |
| secretkey="$(echo "$secret" | $jq -r '.data.SecretKey' | base64 -d)" |
| |
| if [[ ! -z "${K8S_INTERNAL:-}" ]]; then |
| domain="rook-ceph-rgw-$storename.$clustername.svc.cluster.local" |
| else |
| domain="object.$clustername.hswaw.net" |
| fi |
| |
| cat <<EOF |
| [default] |
| access_key = $accesskey |
| secret_key = $secretkey |
| host_base = $domain |
| host_bucket = $domain |
| EOF |
| |
| if [[ ! -z "${K8S_INTERNAL:-}" ]]; then |
| echo "use_https = False" |
| fi |