igorbrites/new-credential.sh

## new-credential.sh
#!/usr/bin/env bash

set -euo pipefail

declare -xA data
declare -xl name
declare -x description

kebab-case() {
  echo "${1//_/-}" |
    sed 's/\([^A-Z]\)\([A-Z]\)/\1-\2/g' |
    sed 's/\([A-Z]\)\([A-Z]\)\([^A-Z]\)/\1-\2\3/g' |
    tr '[:upper:]' '[:lower:]'
}

red() {
  echo -en "$(tput setaf 1)${1}$(tput sgr0)"
}

green() {
  echo -en "$(tput setaf 2)${1}$(tput sgr0)"
}

blue() {
  echo -en "$(tput setaf 4)${1}$(tput sgr0)"
}

bold() {
  echo -en "$(tput bold)${1}$(tput sgr0)"
}

validate() {
  [ -n "${1}" ] || (
    red "Parameter is required!\n"
    exit 1
  )
}

createSecret() {
  local kind="$1"
  local command=()

  for key in "${!data[@]}"; do
    value="${data[$key]}"
    from="literal"

    if [ -f "${value}" ]; then
      from="file"
    fi

    command+=("--from-${from}=${key}='${value}'")
  done

  blue "\nCreating secret, it can take a few seconds...\n"

  kubectl create secret generic --namespace jenkins "${name}" "${command[@]}" >> /dev/null
  kubectl label --namespace jenkins "secret/${name}" jenkins.io/credentials-type="${kind}" >> /dev/null

  if [ -n "${description}" ]; then
    kubectl annotate --namespace jenkins "secret/${name}" jenkins.io/credentials-description="${description}" >> /dev/null
  fi

  green "Credential ${name} created successfully!\n"
}

aws() {
  blue "[AWS] Access key: "
  read -r accessKey
  validate "${accessKey}"

  blue "[AWS] Secret key (will be hidden): "
  read -rs secretKey
  validate "${secretKey}"
  data=(["accesskey"]="${accessKey}" ["secretKey"]="${secretKey}")

  createSecret "aws"
}

ssh() {
  blue "[SSH] Username: "
  read -r username
  validate "${username}"

  blue "[SSH] Passphrase (leave blank if needed, hidden): "
  read -rs passphrase

  blue "[SSH] Private key file path: "
  read -r privateKey
  validate "${privateKey}"

  data=(["username"]="${username}" ["privateKey"]="${privateKey}")

  if [ -n "${passphrase}" ]; then
    data["passphrase"]="${passphrase}"
  fi

  createSecret "basicSSHUserPrivateKey"
}

certificate() {
  blue "[PKCS#12] Password (hidden): "
  read -rs password
  validate "${password}"

  blue "[PKCS#12] Certificate file path: "
  read -r certificate
  validate "${certificate}"

  data=(["password"]="${password}" ["certificate"]="${certificate}")

  createSecret "certificate"
}

file() {
  blue "[File] File path: "
  read -r filename
  validate "${filename}"

  data=(["filename"]=$(basename "${filename}") ["data"]="${filename}")

  createSecret "secretFile"
}

githubApp() {
  blue "[GitHub App] Owner (optional, needed when app has multiple installations): "
  read -r owner

  blue "[GitHub App] App ID: "
  read -r appID
  validate "${appID}"

  blue "[GitHub App] Private key file path: "
  read -r privateKey
  validate "${privateKey}"

  data=(["appID"]="${appID}" ["privateKey"]="${privateKey}")

  if [ -n "${owner}" ]; then
    data["owner"]="${owner}"
  fi

  createSecret "gitHubApp"
}

openstack() {
  blue "[Openstack Credential V3] Username: "
  read -r userName
  validate "${userName}"

  blue "[Openstack Credential V3] User domain: "
  read -r userDomain
  validate "${userDomain}"

  blue "[Openstack Credential V3] Project name: "
  read -r projectName
  validate "${projectName}"

  blue "[Openstack Credential V3] Project domain: "
  read -r projectDomain
  validate "${projectDomain}"

  blue "[Openstack Credential V3] Password (hidden): "
  read -rs password
  validate "${password}"

  data["userName"]="${userName}"
  data["userDomain"]="${userDomain}"
  data["projectName"]="${projectName}"
  data["projectDomain"]="${projectDomain}"
  data["password"]="${password}"

  createSecret "openstackCredentialv3"
}

string() {
  blue "[String] Text (hidden):"
  read -rs text
  validate "${text}"

  data["text"]="${text}"

  createSecret "secretText"
}

userPass() {
  blue "[Username/Password] Username: "
  read -r username
  validate "${username}"

  blue "[Username/Password] Password: "
  read -r password
  validate "${password}"

  data=(["username"]="${username}" ["password"]="${password}")

  createSecret "usernamePassword"
}

bold "$(blue "Let's create a new secret!\n\n")"

blue "Credential name: "
read -r name
validate "${name}"
name=$(kebab-case "${name}")

blue "Credential description (optional): "
read -r description

blue "1 - AWS\n2 - Basic SSH User Private Key\n3 - Certificate\n4 - File\n5 - GitHub App\n6 - Openstack Credential V3\n7 - String\n8 - Username/Password\nWhat kind of secret do you want? "
read -r kind

case "${kind}" in
1) aws ;;
2) ssh ;;
3) certificate ;;
4) file ;;
5) githubApp ;;
6) openstack ;;
7) string ;;
8) userPass ;;
*) red "Option \"${kind}\" is invalid! Exiting." && exit 1 ;;
esac
	#!/usr/bin/env bash

	set -euo pipefail

	declare -xA data
	declare -xl name
	declare -x description

	kebab-case() {
	echo "${1//_/-}" \|
	sed 's/\([^A-Z]\)\([A-Z]\)/\1-\2/g' \|
	sed 's/\([A-Z]\)\([A-Z]\)\([^A-Z]\)/\1-\2\3/g' \|
	tr '[:upper:]' '[:lower:]'
	}

	red() {
	echo -en "$(tput setaf 1)${1}$(tput sgr0)"
	}

	green() {
	echo -en "$(tput setaf 2)${1}$(tput sgr0)"
	}

	blue() {
	echo -en "$(tput setaf 4)${1}$(tput sgr0)"
	}

	bold() {
	echo -en "$(tput bold)${1}$(tput sgr0)"
	}

	validate() {
	[ -n "${1}" ] \|\| (
	red "Parameter is required!\n"
	exit 1
	)
	}

	createSecret() {
	local kind="$1"
	local command=()

	for key in "${!data[@]}"; do
	value="${data[$key]}"
	from="literal"

	if [ -f "${value}" ]; then
	from="file"
	fi

	command+=("--from-${from}=${key}='${value}'")
	done

	blue "\nCreating secret, it can take a few seconds...\n"

	kubectl create secret generic --namespace jenkins "${name}" "${command[@]}" >> /dev/null
	kubectl label --namespace jenkins "secret/${name}" jenkins.io/credentials-type="${kind}" >> /dev/null

	if [ -n "${description}" ]; then
	kubectl annotate --namespace jenkins "secret/${name}" jenkins.io/credentials-description="${description}" >> /dev/null
	fi

	green "Credential ${name} created successfully!\n"
	}

	aws() {
	blue "[AWS] Access key: "
	read -r accessKey
	validate "${accessKey}"

	blue "[AWS] Secret key (will be hidden): "
	read -rs secretKey
	validate "${secretKey}"
	data=(["accesskey"]="${accessKey}" ["secretKey"]="${secretKey}")

	createSecret "aws"
	}

	ssh() {
	blue "[SSH] Username: "
	read -r username
	validate "${username}"

	blue "[SSH] Passphrase (leave blank if needed, hidden): "
	read -rs passphrase

	blue "[SSH] Private key file path: "
	read -r privateKey
	validate "${privateKey}"

	data=(["username"]="${username}" ["privateKey"]="${privateKey}")

	if [ -n "${passphrase}" ]; then
	data["passphrase"]="${passphrase}"
	fi

	createSecret "basicSSHUserPrivateKey"
	}

	certificate() {
	blue "[PKCS#12] Password (hidden): "
	read -rs password
	validate "${password}"

	blue "[PKCS#12] Certificate file path: "
	read -r certificate
	validate "${certificate}"

	data=(["password"]="${password}" ["certificate"]="${certificate}")

	createSecret "certificate"
	}

	file() {
	blue "[File] File path: "
	read -r filename
	validate "${filename}"

	data=(["filename"]=$(basename "${filename}") ["data"]="${filename}")

	createSecret "secretFile"
	}

	githubApp() {
	blue "[GitHub App] Owner (optional, needed when app has multiple installations): "
	read -r owner

	blue "[GitHub App] App ID: "
	read -r appID
	validate "${appID}"

	blue "[GitHub App] Private key file path: "
	read -r privateKey
	validate "${privateKey}"

	data=(["appID"]="${appID}" ["privateKey"]="${privateKey}")

	if [ -n "${owner}" ]; then
	data["owner"]="${owner}"
	fi

	createSecret "gitHubApp"
	}

	openstack() {
	blue "[Openstack Credential V3] Username: "
	read -r userName
	validate "${userName}"

	blue "[Openstack Credential V3] User domain: "
	read -r userDomain
	validate "${userDomain}"

	blue "[Openstack Credential V3] Project name: "
	read -r projectName
	validate "${projectName}"

	blue "[Openstack Credential V3] Project domain: "
	read -r projectDomain
	validate "${projectDomain}"

	blue "[Openstack Credential V3] Password (hidden): "
	read -rs password
	validate "${password}"

	data["userName"]="${userName}"
	data["userDomain"]="${userDomain}"
	data["projectName"]="${projectName}"
	data["projectDomain"]="${projectDomain}"
	data["password"]="${password}"

	createSecret "openstackCredentialv3"
	}

	string() {
	blue "[String] Text (hidden):"
	read -rs text
	validate "${text}"

	data["text"]="${text}"

	createSecret "secretText"
	}

	userPass() {
	blue "[Username/Password] Username: "
	read -r username
	validate "${username}"

	blue "[Username/Password] Password: "
	read -r password
	validate "${password}"

	data=(["username"]="${username}" ["password"]="${password}")

	createSecret "usernamePassword"
	}

	bold "$(blue "Let's create a new secret!\n\n")"

	blue "Credential name: "
	read -r name
	validate "${name}"
	name=$(kebab-case "${name}")

	blue "Credential description (optional): "
	read -r description

	blue "1 - AWS\n2 - Basic SSH User Private Key\n3 - Certificate\n4 - File\n5 - GitHub App\n6 - Openstack Credential V3\n7 - String\n8 - Username/Password\nWhat kind of secret do you want? "
	read -r kind

	case "${kind}" in
	1) aws ;;
	2) ssh ;;
	3) certificate ;;
	4) file ;;
	5) githubApp ;;
	6) openstack ;;
	7) string ;;
	8) userPass ;;
	*) red "Option \"${kind}\" is invalid! Exiting." && exit 1 ;;
	esac