Add internal script for invoking curl with path to Vespa credentials

2 files changed, 28 insertions, 0 deletions

diff --git a/security-tools/CMakeLists.txt b/security-tools/CMakeLists.txt
index 234bb7f7497..e381f1f5260 100644
--- a/security-tools/CMakeLists.txt
+++ b/security-tools/CMakeLists.txt
@@ -2,4 +2,5 @@
 install_fat_java_artifact(security-tools)
 
 vespa_install_script(src/main/sh/vespa-security-env vespa-security-env bin)
+vespa_install_script(src/main/sh/vespa-curl-wrapper vespa-curl-wrapper libexec/vespa)
 
diff --git a/security-tools/src/main/sh/vespa-curl-wrapper b/security-tools/src/main/sh/vespa-curl-wrapper
new file mode 100755
index 00000000000..fb2142b5a1b
--- /dev/null
+++ b/security-tools/src/main/sh/vespa-curl-wrapper
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+# Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+
+# Uses vespa-security-env to call curl with paths to credentials.
+# This script should be installed in libexec only. It is not public api.
+
+set -e
+
+. $(vespa-security-env)
+
+CURL_PARAMETERS=$1
+CONFIGSERVER_URI_WITHOUT_SCHEME=$2
+
+if [ -n "${VESPA_TLS_CA_CERT}" ]
+then
+  CURL_PARAMETERS="--cacert \"${VESPA_TLS_CA_CERT}\" ${CURL_PARAMETERS}"
+fi
+
+if [[ -n "${VESPA_TLS_CERT}" && -n "${VESPA_TLS_PRIVATE_KEY}" ]]
+then
+  CURL_PARAMETERS="--cert \"${VESPA_TLS_CERT}\" --key \"${VESPA_TLS_PRIVATE_KEY}\" ${CURL_PARAMETERS}"
+  CONFIGSERVER_URI="https://${CONFIGSERVER_URI_WITHOUT_SCHEME}"
+else
+  CONFIGSERVER_URI="http://${CONFIGSERVER_URI_WITHOUT_SCHEME}"
+fi
+
+curl ${CURL_PARAMETERS} "${CONFIGSERVER_URI}"