scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-31 18:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fc1297bf6ecea1b09de499c64c0c1b12ed5d4e56
vault/scripts/gen_openapi.sh
hc-github-team-secure-vault-core 442436c2a7 backport of commit 8925dc22a0 (#21598) 
Co-authored-by: Max Bowsher <maxbowsher@gmail.com>
2023-07-05 19:59:26 +00:00

113 lines
2.9 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
set -e
# Generate an OpenAPI document for all backends.
#
# Assumptions:
#
# 1. Vault has been checked out at an appropriate version and built
# 2. vault executable is in your path
# 3. Vault isn't already running
# 4. jq is installed
cd "$(dirname "${BASH_SOURCE[0]}")"
echo "Starting Vault..."
if pgrep -x "vault" > /dev/null
then
echo "Vault is already running. Aborting."
exit 1
fi
vault server -dev -dev-root-token-id=root &
VAULT_PID=$!
# Allow time for Vault to start its HTTP listener
sleep 1
defer_stop_vault() {
echo "Stopping Vault..."
kill $VAULT_PID
# Allow time for Vault to print final logging and exit,
# before this script ends, and the shell prints its next prompt
sleep 1
}
trap defer_stop_vault INT TERM EXIT
export VAULT_ADDR=http://127.0.0.1:8200
echo "Unmounting the default kv-v2 secrets engine ..."
# Unmount the default kv-v2 engine so that we can remount it at 'kv_v2/' later.
# The mount path will be reflected in the resultant OpenAPI document.
vault secrets disable "secret/"
echo "Mounting all builtin plugins ..."
# Enable auth plugins
vault auth enable "alicloud"
vault auth enable "approle"
vault auth enable "aws"
vault auth enable "azure"
vault auth enable "centrify"
vault auth enable "cert"
vault auth enable "cf"
vault auth enable "gcp"
vault auth enable "github"
vault auth enable "jwt"
vault auth enable "kerberos"
vault auth enable "kubernetes"
vault auth enable "ldap"
vault auth enable "oci"
vault auth enable "okta"
vault auth enable "radius"
vault auth enable "userpass"
# Enable secrets plugins
vault secrets enable "alicloud"
vault secrets enable "aws"
vault secrets enable "azure"
vault secrets enable "consul"
vault secrets enable "database"
vault secrets enable "gcp"
vault secrets enable "gcpkms"
vault secrets enable "kubernetes"
vault secrets enable -path="kv-v1/" -version=1 "kv"
vault secrets enable -path="kv-v2/" -version=2 "kv"
vault secrets enable "ldap"
vault secrets enable "mongodbatlas"
vault secrets enable "nomad"
vault secrets enable "pki"
vault secrets enable "rabbitmq"
vault secrets enable "ssh"
vault secrets enable "terraform"
vault secrets enable "totp"
vault secrets enable "transit"
# Enable enterprise features
if [[ -n "${VAULT_LICENSE:-}" ]]; then
vault secrets enable "keymgmt"
vault secrets enable "kmip"
vault secrets enable "transform"
fi
# Output OpenAPI, optionally formatted
if [ "$1" == "-p" ]; then
curl --header 'X-Vault-Token: root' \
--data '{"generic_mount_paths": true}' \
'http://127.0.0.1:8200/v1/sys/internal/specs/openapi' | jq > openapi.json
else
curl --header 'X-Vault-Token: root' \
--data '{"generic_mount_paths": true}' \
'http://127.0.0.1:8200/v1/sys/internal/specs/openapi' > openapi.json
fi
echo
echo "openapi.json generated"
echo
Reference in New Issue View Git Blame Copy Permalink