scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 02:02:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

enos: add shfmt formatting to enos module scripts (#28142)

Browse Source 
Signed-off-by: Ryan Cragun <me@ryan.ec>
This commit is contained in:
Ryan Cragun
2024-08-23 13:45:30 -06:00
committed by GitHub
parent 438fae0952
commit b5d32b7bec
42 changed files with 156 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/actions/install-external-tools/action.yml vendored
View File

@@ -18,6 +18,7 @@ runs:
- uses: ./.github/actions/set-up-gosimports
- uses: ./.github/actions/set-up-gotestsum
- uses: ./.github/actions/set-up-misspell
- uses: ./.github/actions/set-up-shfmt
- uses: ./.github/actions/set-up-staticcheck
# We assume that the Go toolchain will be managed by the caller workflow so we don't set one
# up here.

61
.github/actions/set-up-shfmt/action.yml vendored Normal file
View File

@@ -0,0 +1,61 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
---
name: Set up shfmt from Github releases
description: Set up shfmt from Github releases
inputs:
destination:
description: "Where to install the shfmt binary (default: $HOME/bin/shfmt)"
type: boolean
default: "$HOME/bin/shfmt"
version:
description: "The version to install (default: latest)"
type: string
default: Latest
outputs:
destination:
description: Where the installed shfmt binary is
value: ${{ steps.install.outputs.destination }}
destination-dir:
description: The directory where the installed shfmt binary is
value: ${{ steps.install.outputs.destination-dir }}
version:
description: The installed version of shfmt
value: ${{ steps.install.outputs.version }}
runs:
using: composite
steps:
- id: install
shell: bash
env:
GH_TOKEN: ${{ github.token }}
run: |
VERSION=$(./.github/scripts/retry-command.sh gh release list -R mvdan/sh --exclude-drafts --exclude-pre-releases | grep ${{ inputs.version }} | cut -f1)
mkdir -p $(dirname ${{ inputs.destination }})
DESTINATION="$(readlink -f "${{ inputs.destination }}")"
DESTINATION_DIR="$(dirname "$DESTINATION")"
echo "$DESTINATION_DIR" >> "$GITHUB_PATH"
{
echo "destination=$DESTINATION"
echo "destination-dir=$DESTINATION_DIR"
echo "version=$VERSION"
} | tee -a "$GITHUB_OUTPUT"
ARCH="$(echo "$RUNNER_ARCH" | tr '[:upper:]' '[:lower:]')"
OS="$(echo "$RUNNER_OS" | tr '[:upper:]' '[:lower:]')"
if [ "$ARCH" = "x64" ]; then
export ARCH="amd64"
fi
if [ "$OS" = "macos" ]; then
export OS="darwin"
fi
./.github/scripts/retry-command.sh gh release download "$VERSION" --clobber -p "shfmt_*_${OS}_${ARCH}" -O shfmt -R mvdan/sh
chmod +x shfmt
mv shfmt "$DESTINATION"

1
.github/workflows/enos-lint.yml vendored
View File

@@ -38,6 +38,7 @@ jobs:
ENOS_VAR_tfc_api_token: ${{ secrets.TF_API_TOKEN }}
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: ./.github/actions/install-external-tools
- uses: hashicorp/setup-terraform@v3
with:
terraform_wrapper: false

10
enos/Makefile
View File

@@ -28,8 +28,16 @@ validate-enos:
enos scenario validate --timeout 30m0s
.PHONY: lint
lint: check-fmt shellcheck validate-enos
lint: check-fmt check-fmt-modules check-shfmt shellcheck validate-enos
.PHONY: shellcheck
shellcheck:
find ./modules/ -type f -name '*.sh' | xargs shellcheck
.PHONY: shfmt
shfmt:
find ./modules/ -type f -name '*.sh' | xargs shfmt -l -w -i 2 -bn -ci -kp -sr
.PHONY: check-shfmt
check-shfmt:
find ./modules/ -type f -name '*.sh' | xargs shfmt -l -d -i 2 -bn -ci -kp -sr

32
enos/modules/get_local_metadata/scripts/version.sh
View File

@@ -75,22 +75,22 @@ function repo_root() {
# Run Enos local
function main() {
case $1 in
version)
version
;;
version-base)
version_base
;;
version-pre)
version_pre
;;
version-meta)
version_metadata
;;
*)
echo "unknown sub-command" >&2
exit 1
;;
version)
version
;;
version-base)
version_base
;;
version-pre)
version_pre
;;
version-meta)
version_metadata
;;
*)
echo "unknown sub-command" >&2
exit 1
;;
esac
}

9
enos/modules/install_packages/scripts/add-repos.sh
View File

@@ -31,7 +31,7 @@ add_repos() {
fi
sudo add-apt-repository "${repo}"
done
;;
;;
dnf)
for repo in ${DISTRO_REPOS}; do
if [ "$repo" == "__none" ]; then
@@ -40,7 +40,7 @@ add_repos() {
sudo dnf install -y "${repo}"
sudo dnf makecache -y
done
;;
;;
yum)
for repo in ${DISTRO_REPOS}; do
if [ "$repo" == "__none" ]; then
@@ -49,7 +49,7 @@ add_repos() {
sudo yum install -y "${repo}"
sudo yum makecache -y
done
;;
;;
zypper)
# Add each repo
for repo in ${DISTRO_REPOS}; do
@@ -64,9 +64,10 @@ add_repos() {
done
sudo zypper --gpg-auto-import-keys ref
sudo zypper --gpg-auto-import-keys refs
;;
;;
*)
fail "Unsupported package manager: ${PACKAGE_MANAGER}"
;;
esac
}

10
enos/modules/install_packages/scripts/install-packages.sh
View File

@@ -40,7 +40,7 @@ install_packages() {
fi
fi
done
;;
;;
dnf)
for package in ${PACKAGES}; do
if rpm -q "${package}"; then
@@ -55,7 +55,7 @@ install_packages() {
fi
fi
done
;;
;;
yum)
for package in ${PACKAGES}; do
if rpm -q "${package}"; then
@@ -70,7 +70,7 @@ install_packages() {
fi
fi
done
;;
;;
zypper)
for package in ${PACKAGES}; do
if rpm -q "${package}"; then
@@ -85,10 +85,10 @@ install_packages() {
fi
fi
done
;;
;;
*)
fail "No matching package manager provided."
;;
;;
esac
}

14
enos/modules/install_packages/scripts/synchronize-repos.sh
View File

@@ -35,11 +35,11 @@ sles_check_guestregister_service_and_restart_if_failed() {
set -e
case "$active_state" in
active|activating|deactivating)
active | activating | deactivating)
# It's running so we'll return 1 and get retried by the caller
echo "the guestregister.service is still in the ${active_state} state" 1>&2
return 1
;;
;;
*)
if [ "$active_state" == "inactive" ] && [ "$failed_state" == "inactive" ]; then
# The oneshot has completed and hasn't "failed"
@@ -49,7 +49,7 @@ sles_check_guestregister_service_and_restart_if_failed() {
# Our service is stopped and failed, restart it and hope it works the next time
sudo systemctl restart --wait guestregister.service
;;
;;
esac
}
@@ -77,13 +77,13 @@ synchronize_repos() {
case $PACKAGE_MANAGER in
apt)
sudo apt update
;;
;;
dnf)
sudo dnf makecache
;;
;;
yum)
sudo yum makecache
;;
;;
zypper)
if [ "$DISTRO" == "sles" ]; then
if ! sles_ensure_suseconnect; then
@@ -95,7 +95,7 @@ synchronize_repos() {
;;
*)
return 0
;;
;;
esac
}

1
enos/modules/k8s_vault_verify_replication/scripts/smoke-verify-replication.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
# The Vault replication smoke test, documented in
# https://docs.google.com/document/d/16sjIk3hzFDPyY5A9ncxTZV_9gnpYSF1_Vx6UA1iiwgI/edit#heading=h.kgrxf0f1et25

1
enos/modules/k8s_vault_verify_ui/scripts/smoke-verify-ui.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
fail() {

1
enos/modules/k8s_vault_verify_version/scripts/get-status.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
status=$(${VAULT_BIN_PATH} status -format=json)

9
enos/modules/k8s_vault_verify_version/scripts/smoke-verify-version.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
# The Vault smoke test to verify the Vault version installed
set -e
@@ -25,12 +24,12 @@ fi
vault_expected_version="Vault v${EXPECTED_VERSION} (${VAULT_REVISION})"
case "${VAULT_EDITION}" in
ce) version_expected="${vault_expected_version}${expected_build_date}";;
ent) version_expected="${vault_expected_version}${expected_build_date}";;
ent.hsm) version_expected="${vault_expected_version}${expected_build_date} (cgo)";;
ce) version_expected="${vault_expected_version}${expected_build_date}" ;;
ent) version_expected="${vault_expected_version}${expected_build_date}" ;;
ent.hsm) version_expected="${vault_expected_version}${expected_build_date} (cgo)" ;;
ent.fips1402) version_expected="${vault_expected_version}${expected_build_date} (cgo)" ;;
ent.hsm.fips1402) version_expected="${vault_expected_version}${expected_build_date} (cgo)" ;;
*) fail "(${VAULT_EDITION}) does not match any known Vault editions"
*) fail "(${VAULT_EDITION}) does not match any known Vault editions" ;;
esac
version_expected_nosha=$(echo "$version_expected" | awk '!($3="")' | sed 's/ / /' | sed -e 's/[[:space:]]*$//')

2
enos/modules/softhsm_create_vault_keys/scripts/create-keys.sh
View File

@@ -66,7 +66,7 @@ main() {
fi
# Return our seal configuration attributes as JSON
cat <<EOF
cat << EOF
{
"lib": "${so}",
"slot": "${slot}",

2
enos/modules/softhsm_init/scripts/init-softhsm.sh
View File

@@ -17,7 +17,7 @@ if [ "$SKIP" == "true" ]; then
exit 0
fi
cat <<EOF | sudo tee "$CONFIG_PATH"
cat << EOF | sudo tee "$CONFIG_PATH"
directories.tokendir = $TOKEN_DIR
objectstore.backend = file
log.level = DEBUG

2
enos/modules/vault_cluster/scripts/enable-audit-devices.sh
View File

@@ -20,7 +20,7 @@ enable_file_audit_device() {
$VAULT_BIN_PATH audit enable file file_path="$LOG_FILE_PATH"
}
enable_syslog_audit_device(){
enable_syslog_audit_device() {
$VAULT_BIN_PATH audit enable syslog tag="vault" facility="AUTH"
}

12
enos/modules/vault_cluster/scripts/start-audit-socket-listener.sh
View File

@@ -31,13 +31,13 @@ test_socket_listener() {
case $IP_VERSION in
4)
"${NETCAT_COMMAND}" -zvw 2 "${SOCKET_ADDR}" "$SOCKET_PORT" < /dev/null
;;
;;
6)
"${NETCAT_COMMAND}" -6 -zvw 2 "${SOCKET_ADDR}" "$SOCKET_PORT" < /dev/null
;;
;;
*)
fail "unknown IP_VERSION: $IP_VERSION"
;;
;;
esac
}
@@ -53,13 +53,13 @@ start_socket_listener() {
case $IP_VERSION in
4)
nohup nc -kl "$SOCKET_PORT" >> /tmp/vault-socket.log 2>&1 < /dev/null &
;;
;;
6)
nohup nc -6 -kl "$SOCKET_PORT" >> /tmp/vault-socket.log 2>&1 < /dev/null &
;;
;;
*)
fail "unknown IP_VERSION: $IP_VERSION"
;;
;;
esac
}

7
enos/modules/vault_get_cluster_ips/scripts/get-follower-ipv4s.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
function fail() {
@@ -66,14 +65,14 @@ while :; do
return $?
fi
;;
;;
6)
echo '[]'
exit 0
;;
;;
*)
fail "unknown IP_VERSION: $IP_VERSION"
;;
;;
esac
wait=$((2 ** count))

7
enos/modules/vault_get_cluster_ips/scripts/get-follower-ipv6s.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
function fail() {
@@ -56,7 +55,7 @@ while :; do
4)
echo "[]"
exit 0
;;
;;
6)
[[ -z "$VAULT_IPV6S" ]] && fail "VAULT_IPV6S env variable has not been set"
[[ -z "$VAULT_LEADER_IPV6" ]] && fail "VAULT_LEADER_IPV6 env variable has not been set"
@@ -72,10 +71,10 @@ while :; do
removeIP "$VAULT_LEADER_IPV6" "$VAULT_IPV6S"
exit $?
fi
;;
;;
*)
fail "unknown IP_VERSION: $IP_VERSION"
;;
;;
esac
wait=$((2 ** count))

7
enos/modules/vault_get_cluster_ips/scripts/get-leader-ipv4.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
function fail() {
@@ -48,13 +47,13 @@ while :; do
echo "$ip"
exit 0
fi
;;
;;
6)
exit 0
;;
;;
*)
fail "unknown IP_VERSION: $IP_VERSION"
;;
;;
esac
wait=$((2 ** count))

7
enos/modules/vault_get_cluster_ips/scripts/get-leader-ipv6.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
function fail() {
@@ -45,16 +44,16 @@ while :; do
case $IP_VERSION in
4)
exit 0
;;
;;
6)
if ip=$(findLeaderIPV6); then
echo "$ip"
exit 0
fi
;;
;;
*)
fail "unknown IP_VERSION: $IP_VERSION"
;;
;;
esac
wait=$((2 ** count))

1
enos/modules/vault_proxy/scripts/set-up-approle-and-proxy.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
binpath=${VAULT_INSTALL_DIR}/vault

3
enos/modules/vault_proxy/scripts/use-proxy.sh
View File

@@ -2,16 +2,13 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
fail() {
echo "$1" 1>&2
return 1
}
[[ -z "$VAULT_PROXY_ADDRESS" ]] && fail "VAULT_ADDR env variable has not been set"
[[ -z "$VAULT_PROXY_PIDFILE" ]] && fail "VAULT_ADDR env variable has not been set"
[[ -z "$VAULT_INSTALL_DIR" ]] && fail "VAULT_INSTALL_DIR env variable has not been set"

1
enos/modules/vault_raft_remove_peer/scripts/raft-remove-peer.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
binpath=${VAULT_INSTALL_DIR}/vault

3
enos/modules/vault_setup_perf_primary/scripts/configure-vault-pr-primary.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
binpath=${VAULT_INSTALL_DIR}/vault
@@ -15,7 +14,7 @@ fail() {
test -x "$binpath" || fail "unable to locate vault binary at $binpath"
# Create superuser policy
$binpath policy write superuser -<<EOF
$binpath policy write superuser - << EOF
path "*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}

1
enos/modules/vault_step_down/scripts/operator-step-down.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -eou pipefail
fail() {

1
enos/modules/vault_test_ui/scripts/test_ui.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -eux -o pipefail
project_root=$(git rev-parse --show-toplevel)

1
enos/modules/vault_unseal_nodes/scripts/unseal-node.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
binpath=${VAULT_INSTALL_DIR}/vault
IFS="," read -r -a keys <<< "${UNSEAL_KEYS}"

1
enos/modules/vault_unseal_nodes/scripts/wait-until-sealed.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
binpath=${VAULT_INSTALL_DIR}/vault
function fail() {

2
enos/modules/vault_upgrade/scripts/maybe-remove-old-unit-file.sh
View File

@@ -11,7 +11,7 @@ fail() {
[[ -z "$ARTIFACT_NAME" ]] && fail "ARTIFACT_NAME env variable has not been set"
if [ "${ARTIFACT_NAME##*.}" == "zip" ]; then
if [ "${ARTIFACT_NAME##*.}" == "zip" ]; then
echo "Skipped removing unit file because new artifact is a zip bundle"
exit 0
fi

1
enos/modules/vault_verify_agent_output/scripts/verify-vault-agent-output.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
fail() {

8
enos/modules/vault_verify_billing_start_date/scripts/verify-billing-start.sh
View File

@@ -57,14 +57,14 @@ verify_date_is_in_current_year() {
Linux)
billing_start_unix=$(TZ=UTC date -d "$1" +'%s') # For "now", use $(date +'%s')
one_year_ago_unix=$(TZ=UTC date -d "1 year ago" +'%s')
;;
;;
Darwin)
one_year_ago_unix=$(TZ=UTC date -v -1y +'%s')
billing_start_unix=$(TZ=UTC date -j -f "%Y-%m-%dT%H:%M:%SZ" "${1}" +'%s' )
;;
billing_start_unix=$(TZ=UTC date -j -f "%Y-%m-%dT%H:%M:%SZ" "${1}" +'%s')
;;
*)
fail "Unsupported target host operating system: $(get_target_platform)" 1>&2
;;
;;
esac
if [ "$billing_start_unix" -gt "$one_year_ago_unix" ]; then

2
enos/modules/vault_verify_performance_replication/scripts/verify-replication-status.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
# This script waits for the replication status to be established
# then verifies the performance replication between primary and
# secondary clusters
@@ -90,7 +89,6 @@ check_pr_status() {
return 0
}
if [ "$IP_VERSION" != 4 ] && [ "$IP_VERSION" != 6 ]; then
fail "unsupported IP_VERSION: $IP_VERSION"
fi

1
enos/modules/vault_verify_raft_auto_join_voter/scripts/verify-raft-auto-join-voter.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
binpath=${VAULT_INSTALL_DIR}/vault

1
enos/modules/vault_verify_read_data/scripts/verify-data.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
function retry {

1
enos/modules/vault_verify_ui/scripts/smoke-verify-ui.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
fail() {

11
enos/modules/vault_verify_unsealed/scripts/verify-vault-node-unsealed.sh
View File

@@ -4,7 +4,6 @@
set -e
fail() {
echo "$1" 1>&2
exit 1
@@ -23,21 +22,21 @@ while :; do
if unseal_status=$($binpath status -format json | jq -Mre --argjson expected "false" '.sealed == $expected'); then
echo "$health_status"
exit 0
fi
fi
wait=$((2 ** count))
count=$((count + 1))
if [ "$count" -lt "$retries" ]; then
sleep "$wait"
else
else
if [ -n "$HOST_IPV6" ]; then
fail "expected ${HOST_IPV6} to be unsealed, got unseal status: $unseal_status"
else
else
if [ -n "$HOST_IPV4" ]; then
fail "expected ${HOST_IPV4} to be unsealed, got unseal status: $unseal_status"
else
else
fail "expected ${VAULT_ADDR} to be unsealed, got unseal status: $unseal_status"
fi
fi
fi
fi
done

4
enos/modules/vault_verify_version/scripts/verify-cli-version.sh
View File

@@ -31,7 +31,7 @@ version_expected="Vault v$version ($sha), built $build_date"
case "$edition" in
*ce) ;;
*ent) ;;
*ent.hsm) version_expected="$version_expected (cgo)";;
*ent.hsm) version_expected="$version_expected (cgo)" ;;
*ent.fips1402) version_expected="$version_expected (cgo)" ;;
*ent.hsm.fips1402) version_expected="$version_expected (cgo)" ;;
*) fail "Unknown Vault edition: ($edition)" ;;
@@ -46,7 +46,7 @@ else
msg="$(printf "\nThe Vault cluster did not match the expected version, expected:\n%s\nor\n%s\ngot:\n%s" "$version_expected" "$version_expected_nosha" "$version_output")"
if type diff &> /dev/null; then
# Diff exits non-zero if we have a diff, which we want, so we'll guard against failing early.
if ! version_diff=$(diff <(echo "$version_expected" ) <(echo "$version_output") -u -L expected -L got); then
if ! version_diff=$(diff <(echo "$version_expected") <(echo "$version_output") -u -L expected -L got); then
msg="$(printf "\nThe Vault cluster did not match the expected version:\n%s" "$version_diff")"
fi
fi

3
enos/modules/vault_verify_write_data/scripts/smoke-enable-secrets-kv.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
retry() {
@@ -40,7 +39,7 @@ test -x "$binpath" || fail "unable to locate vault binary at $binpath"
retry 5 "$binpath" status > /dev/null 2>&1
# Create user policy
retry 5 "$binpath" policy write reguser -<<EOF
retry 5 "$binpath" policy write reguser - << EOF
path "*" {
capabilities = ["read", "list"]
}

1
enos/modules/vault_verify_write_data/scripts/smoke-write-test-data.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
retry() {

17
enos/modules/vault_wait_for_leader/scripts/wait-for-leader.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
fail() {
@@ -22,7 +21,7 @@ test -x "$binpath" || fail "unable to locate vault binary at $binpath"
findLeaderInPrivateIPs() {
# Find the leader private IP address
local leader_private_ip
if ! leader_private_ip=$($binpath read sys/leader -format=json | jq -er '.data.leader_address | scan("[0-9]+.[0-9]+.[0-9]+.[0-9]+")') ; then
if ! leader_private_ip=$($binpath read sys/leader -format=json | jq -er '.data.leader_address | scan("[0-9]+.[0-9]+.[0-9]+.[0-9]+")'); then
# Some older versions of vault don't support reading sys/leader. Fallback to the cli status.
if ! leader_private_ip=$($binpath status -format json | jq -er '.leader_address | scan("[0-9]+.[0-9]+.[0-9]+.[0-9]+")'); then
return 1
@@ -42,7 +41,7 @@ findLeaderInPrivateIPs() {
findLeaderInIPV6s() {
# Find the leader private IP address
local leader_ipv6
if ! leader_ipv6=$($binpath read sys/leader -format=json | jq -er '.data.leader_address | scan("\\[(.+)\\]") | .[0]') ; then
if ! leader_ipv6=$($binpath read sys/leader -format=json | jq -er '.data.leader_address | scan("\\[(.+)\\]") | .[0]'); then
# Some older versions of vault don't support reading sys/leader. Fallback to the cli status.
if ! leader_ipv6=$($binpath status -format json | jq -er '.leader_address | scan("\\[(.+)\\]") | .[0]'); then
return 1
@@ -69,16 +68,16 @@ while [ "$(date +%s)" -lt "$end_time" ]; do
if findLeaderInPrivateIPs; then
exit 0
fi
;;
;;
6)
[[ -z "$VAULT_INSTANCE_IPV6S" ]] && fail "VAULT_INSTANCE_IPV6S env variable has not been set"
if findLeaderInIPV6s; then
exit 0
fi
;;
;;
*)
fail "No matching package manager provided."
;;
;;
esac
sleep "$RETRY_INTERVAL"
@@ -87,11 +86,11 @@ done
case $IP_VERSION in
4)
fail "Timed out waiting for one of $VAULT_INSTANCE_PRIVATE_IPS to be leader."
;;
;;
6)
fail "Timed out waiting for one of $VAULT_INSTANCE_IPV6S to be leader."
;;
;;
*)
fail "Timed out waiting for leader"
;;
;;
esac

1
enos/modules/vault_wait_for_seal_rewrap/scripts/wait-for-seal-rewrap.sh
View File

@@ -2,7 +2,6 @@
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
fail() {

6
tools/tools.sh
View File

@@ -37,18 +37,19 @@ install_external() {
# install action .github/actions/install-external-tools/action.yml
#
tools=(
honnef.co/go/tools/cmd/staticcheck@latest
github.com/bufbuild/buf/cmd/buf@v1.25.0
github.com/favadi/protoc-go-inject-tag@latest
github.com/golangci/misspell/cmd/misspell@latest
github.com/golangci/revgrep/cmd/revgrep@latest
github.com/loggerhead/enumer@latest
github.com/rinchsan/gosimports/cmd/gosimports@latest
golang.org/x/tools/cmd/goimports@latest
google.golang.org/protobuf/cmd/protoc-gen-go@latest
google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.4.0
gotest.tools/gotestsum@latest
honnef.co/go/tools/cmd/staticcheck@latest
mvdan.cc/gofumpt@latest
github.com/loggerhead/enumer@latest
mvdan.cc/sh/v3/cmd/shfmt@latest
)
echo "==> Installing external tools..."
@@ -76,6 +77,7 @@ check_external() {
protoc-gen-go-grpc
protoc-go-inject-tag
revgrep
shfmt
staticcheck
)