From 9f366b35f293bddc9ebb727d29210b694deffef2 Mon Sep 17 00:00:00 2001 From: Henning Baldersheim Date: Mon, 5 Dec 2022 13:52:45 +0000 Subject: GC unused security-tools --- vespaclient-java/CMakeLists.txt | 1 + vespaclient-java/src/main/sh/vespa-curl-wrapper | 109 ++++++++++++++++++++++++ 2 files changed, 110 insertions(+) create mode 100755 vespaclient-java/src/main/sh/vespa-curl-wrapper (limited to 'vespaclient-java') diff --git a/vespaclient-java/CMakeLists.txt b/vespaclient-java/CMakeLists.txt index 666e9633726..ebb792633bb 100644 --- a/vespaclient-java/CMakeLists.txt +++ b/vespaclient-java/CMakeLists.txt @@ -13,3 +13,4 @@ vespa_install_script(src/main/sh/vespa-visit.sh vespa-visit bin) vespa_install_script(src/main/sh/vespa-visit-target.sh vespa-visit-target bin) vespa_install_script(src/main/sh/vespa-feed-perf vespa-feed-perf bin) vespa_install_script(src/main/sh/vespa-status-filedistribution.sh vespa-status-filedistribution bin) +vespa_install_script(src/main/sh/vespa-curl-wrapper vespa-curl-wrapper libexec/vespa) diff --git a/vespaclient-java/src/main/sh/vespa-curl-wrapper b/vespaclient-java/src/main/sh/vespa-curl-wrapper new file mode 100755 index 00000000000..9381d6f898b --- /dev/null +++ b/vespaclient-java/src/main/sh/vespa-curl-wrapper @@ -0,0 +1,109 @@ +#!/usr/bin/env bash +# Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +# Uses security-env to call curl with paths to credentials. +# This script should be installed in libexec only. It is not public api. + +# BEGIN environment bootstrap section +# Do not edit between here and END as this section should stay identical in all scripts + +findpath () { + myname=${0} + mypath=${myname%/*} + myname=${myname##*/} + empty_if_start_slash=${mypath%%/*} + if [ "${empty_if_start_slash}" ]; then + mypath=$(pwd)/${mypath} + fi + if [ "$mypath" ] && [ -d "$mypath" ]; then + return + fi + mypath=$(pwd) + if [ -f "${mypath}/${myname}" ]; then + return + fi + echo "FATAL: Could not figure out the path where $myname lives from $0" + exit 1 +} + +COMMON_ENV=libexec/vespa/common-env.sh + +source_common_env () { + if [ "$VESPA_HOME" ] && [ -d "$VESPA_HOME" ]; then + export VESPA_HOME + common_env=$VESPA_HOME/$COMMON_ENV + if [ -f "$common_env" ]; then + . $common_env + return + fi + fi + return 1 +} + +findroot () { + source_common_env && return + if [ "$VESPA_HOME" ]; then + echo "FATAL: bad VESPA_HOME value '$VESPA_HOME'" + exit 1 + fi + if [ "$ROOT" ] && [ -d "$ROOT" ]; then + VESPA_HOME="$ROOT" + source_common_env && return + fi + findpath + while [ "$mypath" ]; do + VESPA_HOME=${mypath} + source_common_env && return + mypath=${mypath%/*} + done + echo "FATAL: missing VESPA_HOME environment variable" + echo "Could not locate $COMMON_ENV anywhere" + exit 1 +} + +findhost () { + if [ "${VESPA_HOSTNAME}" = "" ]; then + VESPA_HOSTNAME=$(vespa-detect-hostname || hostname -f || hostname || echo "localhost") || exit 1 + fi + validate="${VESPA_HOME}/bin/vespa-validate-hostname" + if [ -f "$validate" ]; then + "$validate" "${VESPA_HOSTNAME}" || exit 1 + fi + export VESPA_HOSTNAME +} + +findroot +findhost + +ROOT=${VESPA_HOME%/} +export ROOT + +# END environment bootstrap section + +set -e + +eval $(${VESPA_HOME}/libexec/vespa/script-utils security-env) + +CURL_PARAMETERS=("$@") + +if [ -n "${VESPA_TLS_ENABLED}" ] +then + CURL_PARAMETERS=("${CURL_PARAMETERS[@]/http:/https:}") +fi + +if [ -n "${VESPA_TLS_HOSTNAME_VALIDATION_DISABLED}" ] +then + CURL_PARAMETERS=("--insecure" "${CURL_PARAMETERS[@]}") +fi + +if [ -n "${VESPA_TLS_CA_CERT}" ] +then + CURL_PARAMETERS=("--cacert" "${VESPA_TLS_CA_CERT}" "${CURL_PARAMETERS[@]}") +fi + +if [[ -n "${VESPA_TLS_CERT}" && -n "${VESPA_TLS_PRIVATE_KEY}" ]] +then + CURL_PARAMETERS=("--cert" "${VESPA_TLS_CERT}" "--key" "${VESPA_TLS_PRIVATE_KEY}" "${CURL_PARAMETERS[@]}") +fi + +curl "${CURL_PARAMETERS[@]}" -- cgit v1.2.3