diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-06-03 17:37:23 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-06-03 17:38:35 +0200 |
commit | c71e5439c5a5dd7ea18b01da3bb88446cbaa1445 (patch) | |
tree | 0bc8da6a8dba898c4bec6dd07635497afa693602 | |
parent | c57ec23bbc42385771825c00d0dbcf6e95d0cff0 (diff) |
Add internal script for invoking curl with path to Vespa credentials
-rw-r--r-- | security-tools/CMakeLists.txt | 1 | ||||
-rwxr-xr-x | security-tools/src/main/sh/vespa-curl-wrapper | 27 |
2 files changed, 28 insertions, 0 deletions
diff --git a/security-tools/CMakeLists.txt b/security-tools/CMakeLists.txt index 234bb7f7497..e381f1f5260 100644 --- a/security-tools/CMakeLists.txt +++ b/security-tools/CMakeLists.txt @@ -2,4 +2,5 @@ install_fat_java_artifact(security-tools) vespa_install_script(src/main/sh/vespa-security-env vespa-security-env bin) +vespa_install_script(src/main/sh/vespa-curl-wrapper vespa-curl-wrapper libexec/vespa) diff --git a/security-tools/src/main/sh/vespa-curl-wrapper b/security-tools/src/main/sh/vespa-curl-wrapper new file mode 100755 index 00000000000..fb2142b5a1b --- /dev/null +++ b/security-tools/src/main/sh/vespa-curl-wrapper @@ -0,0 +1,27 @@ +#!/usr/bin/env bash +# Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +# Uses vespa-security-env to call curl with paths to credentials. +# This script should be installed in libexec only. It is not public api. + +set -e + +. $(vespa-security-env) + +CURL_PARAMETERS=$1 +CONFIGSERVER_URI_WITHOUT_SCHEME=$2 + +if [ -n "${VESPA_TLS_CA_CERT}" ] +then + CURL_PARAMETERS="--cacert \"${VESPA_TLS_CA_CERT}\" ${CURL_PARAMETERS}" +fi + +if [[ -n "${VESPA_TLS_CERT}" && -n "${VESPA_TLS_PRIVATE_KEY}" ]] +then + CURL_PARAMETERS="--cert \"${VESPA_TLS_CERT}\" --key \"${VESPA_TLS_PRIVATE_KEY}\" ${CURL_PARAMETERS}" + CONFIGSERVER_URI="https://${CONFIGSERVER_URI_WITHOUT_SCHEME}" +else + CONFIGSERVER_URI="http://${CONFIGSERVER_URI_WITHOUT_SCHEME}" +fi + +curl ${CURL_PARAMETERS} "${CONFIGSERVER_URI}" |