Created
December 23, 2021 20:55
-
-
Save igorbrites/942e994aaf2351bcb8b7a96c01ff4e92 to your computer and use it in GitHub Desktop.
Interactive shell script for creating Jenkins credentials using Kubernetes Credentials Provider and Kubernetes Secrets. Requires Bash >= 4 and kubectl.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -euo pipefail | |
declare -xA data | |
declare -xl name | |
declare -x description | |
kebab-case() { | |
echo "${1//_/-}" | | |
sed 's/\([^A-Z]\)\([A-Z]\)/\1-\2/g' | | |
sed 's/\([A-Z]\)\([A-Z]\)\([^A-Z]\)/\1-\2\3/g' | | |
tr '[:upper:]' '[:lower:]' | |
} | |
red() { | |
echo -en "$(tput setaf 1)${1}$(tput sgr0)" | |
} | |
green() { | |
echo -en "$(tput setaf 2)${1}$(tput sgr0)" | |
} | |
blue() { | |
echo -en "$(tput setaf 4)${1}$(tput sgr0)" | |
} | |
bold() { | |
echo -en "$(tput bold)${1}$(tput sgr0)" | |
} | |
validate() { | |
[ -n "${1}" ] || ( | |
red "Parameter is required!\n" | |
exit 1 | |
) | |
} | |
createSecret() { | |
local kind="$1" | |
local command=() | |
for key in "${!data[@]}"; do | |
value="${data[$key]}" | |
from="literal" | |
if [ -f "${value}" ]; then | |
from="file" | |
fi | |
command+=("--from-${from}=${key}='${value}'") | |
done | |
blue "\nCreating secret, it can take a few seconds...\n" | |
kubectl create secret generic --namespace jenkins "${name}" "${command[@]}" >> /dev/null | |
kubectl label --namespace jenkins "secret/${name}" jenkins.io/credentials-type="${kind}" >> /dev/null | |
if [ -n "${description}" ]; then | |
kubectl annotate --namespace jenkins "secret/${name}" jenkins.io/credentials-description="${description}" >> /dev/null | |
fi | |
green "Credential ${name} created successfully!\n" | |
} | |
aws() { | |
blue "[AWS] Access key: " | |
read -r accessKey | |
validate "${accessKey}" | |
blue "[AWS] Secret key (will be hidden): " | |
read -rs secretKey | |
validate "${secretKey}" | |
data=(["accesskey"]="${accessKey}" ["secretKey"]="${secretKey}") | |
createSecret "aws" | |
} | |
ssh() { | |
blue "[SSH] Username: " | |
read -r username | |
validate "${username}" | |
blue "[SSH] Passphrase (leave blank if needed, hidden): " | |
read -rs passphrase | |
blue "[SSH] Private key file path: " | |
read -r privateKey | |
validate "${privateKey}" | |
data=(["username"]="${username}" ["privateKey"]="${privateKey}") | |
if [ -n "${passphrase}" ]; then | |
data["passphrase"]="${passphrase}" | |
fi | |
createSecret "basicSSHUserPrivateKey" | |
} | |
certificate() { | |
blue "[PKCS#12] Password (hidden): " | |
read -rs password | |
validate "${password}" | |
blue "[PKCS#12] Certificate file path: " | |
read -r certificate | |
validate "${certificate}" | |
data=(["password"]="${password}" ["certificate"]="${certificate}") | |
createSecret "certificate" | |
} | |
file() { | |
blue "[File] File path: " | |
read -r filename | |
validate "${filename}" | |
data=(["filename"]=$(basename "${filename}") ["data"]="${filename}") | |
createSecret "secretFile" | |
} | |
githubApp() { | |
blue "[GitHub App] Owner (optional, needed when app has multiple installations): " | |
read -r owner | |
blue "[GitHub App] App ID: " | |
read -r appID | |
validate "${appID}" | |
blue "[GitHub App] Private key file path: " | |
read -r privateKey | |
validate "${privateKey}" | |
data=(["appID"]="${appID}" ["privateKey"]="${privateKey}") | |
if [ -n "${owner}" ]; then | |
data["owner"]="${owner}" | |
fi | |
createSecret "gitHubApp" | |
} | |
openstack() { | |
blue "[Openstack Credential V3] Username: " | |
read -r userName | |
validate "${userName}" | |
blue "[Openstack Credential V3] User domain: " | |
read -r userDomain | |
validate "${userDomain}" | |
blue "[Openstack Credential V3] Project name: " | |
read -r projectName | |
validate "${projectName}" | |
blue "[Openstack Credential V3] Project domain: " | |
read -r projectDomain | |
validate "${projectDomain}" | |
blue "[Openstack Credential V3] Password (hidden): " | |
read -rs password | |
validate "${password}" | |
data["userName"]="${userName}" | |
data["userDomain"]="${userDomain}" | |
data["projectName"]="${projectName}" | |
data["projectDomain"]="${projectDomain}" | |
data["password"]="${password}" | |
createSecret "openstackCredentialv3" | |
} | |
string() { | |
blue "[String] Text (hidden):" | |
read -rs text | |
validate "${text}" | |
data["text"]="${text}" | |
createSecret "secretText" | |
} | |
userPass() { | |
blue "[Username/Password] Username: " | |
read -r username | |
validate "${username}" | |
blue "[Username/Password] Password: " | |
read -r password | |
validate "${password}" | |
data=(["username"]="${username}" ["password"]="${password}") | |
createSecret "usernamePassword" | |
} | |
bold "$(blue "Let's create a new secret!\n\n")" | |
blue "Credential name: " | |
read -r name | |
validate "${name}" | |
name=$(kebab-case "${name}") | |
blue "Credential description (optional): " | |
read -r description | |
blue "1 - AWS\n2 - Basic SSH User Private Key\n3 - Certificate\n4 - File\n5 - GitHub App\n6 - Openstack Credential V3\n7 - String\n8 - Username/Password\nWhat kind of secret do you want? " | |
read -r kind | |
case "${kind}" in | |
1) aws ;; | |
2) ssh ;; | |
3) certificate ;; | |
4) file ;; | |
5) githubApp ;; | |
6) openstack ;; | |
7) string ;; | |
8) userPass ;; | |
*) red "Option \"${kind}\" is invalid! Exiting." && exit 1 ;; | |
esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment