rogeruiz/.cgrc.sh

## .cgrc.sh
# The Concourse commands here assume that you target your Concourse
# instance with the `fr` name. Modify anything matchin `-t fr` as
# necessary.


# Search through cf-cli commands using an alias
# @usage: wtcf bind

searchCf() {
  cf help -a | grep $@
}

alias wtcf=searchCf


# Create a new enviromnet to allow multiple logins into CF from the same machine.
# @usage cfagain

newCf() {
  echo "Logging you out of Cloud Foundry in this shell"
  export CF_HOME=$(mktemp -d)
  cf target
}
alias cfagain=newCf

# Alias your temporary secrets directory so you keep sensitive info in a
# single place on your machine and not in Git repositories.

export shh=~/Developer/cloud.gov/secrets


# Interact with the UAA cli using the admin `client_secret` found in the
# environment's Bosh manifest.
# @usage uaa-get [0, 1, 4]
# @arguments 0 = staging
# @arguments 1 = production
# @arguments 4 = tooling

authUaaEnvironment() {
  local target_index=$1

  if [ $target_index -eq 0 ]
  then
    secret=$(
      aws --profile fr s3 cp s3://cloud-gov-varz-stage/cf-staging.main.yml - | \
      openssl enc -aes-256-cbc -d -a -pass "pass:$(fly -t fr gp -p deploy-cf-new | spruce json | jq -r '.resources | map(select(.name == "common-staging")) | .[].source.secrets_passphrase')" | \
      sed '/\( merge \)/d' | \
      spruce json | \
      jq -r .properties.uaa.admin.client_secret
    )
  elif [ $target_index -eq 1 ]
  then
    secret=$(
      aws --profile fr s3 cp s3://cloud-gov-varz/cf.main.yml - | \
      openssl enc -aes-256-cbc -d -a -pass "pass:$(fly -t fr gp -p deploy-cf-new | spruce json | jq -r '.resources | map(select(.name == "common-production")) | .[].source.secrets_passphrase')" | \
      sed '/\( merge \)/d' | \
      spruce json | \
      jq -r .properties.uaa.admin.client_secret
    )
  elif [ $target_index -eq 4 ]
  then
    secret=$(
      aws --profile fr s3 cp s3://cloud-gov-varz/tooling-bosh-main.yml - | \
      openssl enc -aes-256-cbc -d -a -pass "pass:$(fly -t fr gp -p deploy-bosh | spruce json | jq -r '.resources | map(select(.name == "common-tooling")) | .[].source.secrets_passphrase')" | \
      sed '/\( merge \)/d' | \
      spruce json | \
      jq -r '.instance_groups[] | select( .name == "bosh" ) | .jobs[] | select( .name == "uaa" ) | .properties.uaa.admin.client_secret'    )
  fi

  if [[ $target_index == 0 || $target_index == 1 || $target_index == 4 ]]
  then
    uaac target "${target_index}"
    uaac token client get admin -s ${secret}
  else
    echo "You can't target a UAA I don't know about. Please run \`uaac targets\` and modify this shell function to leverage the indexes found from the output."
  fi
}

alias uaac-get=authUaaEnvironment


# Use Concourse to download secrets from S3 without ever seeing the passphrase
# @usage cg-get ${s3/path/to/filename.yml} ${concourse-pipeline-name} ${environment}
# @usage cg-put ${s3/path/to/filename.yml} ${concourse-pipeline-name} ${environment}

downloadSecrets() {
  if [[ $AWS_DEFAULT_PROFILE == '' ]]
  then
    echo 'You have to set your $AWS_DEFAULT_PROFILE.'
    return
  fi

  s3_path=$1
  file_name=$(echo $s3_path | cut -d '/' -f 2)
  pipeline=$2
  common_env=$3

  echo "Getting passphrase from ${pipeline} for common-${common_env}"
  passphrase=$(
    fly -t fr get-pipeline --pipeline ${pipeline} --json | \
    jq -er '.resources[] | select(.name == "common-'${common_env}'") | .source.secrets_passphrase'
  )

  if [[ -n ${passphrase} ]]
  then
    echo "Downloading ${s3_path} and saving to ${file_name}"
    aws s3 cp "s3://${s3_path}" - | \
    openssl enc -aes-256-cbc -d -a -pass "pass:${passphrase}" > ${file_name}
  else
    echo "There was an error getting the passphrase from the pipeline ${pipeline} for resource common-${common_env}."
    return
  fi
}

uploadSecrets() {
  if [[ $AWS_DEFAULT_PROFILE == '' ]]
  then
    echo 'You have to set your $AWS_DEFAULT_PROFILE.'
    return
  fi

  s3_path=$1
  file_name=$(echo $s3_path | cut -d '/' -f 2)
  pipeline=$2
  common_env=$3

  echo "Getting passphrase from ${pipeline} for common-${common_env}"
  passphrase=$(
    fly -t fr get-pipeline --pipeline ${pipeline} --json | \
    jq -er '.resources[] | select(.name == "common-'${common_env}'") | .source.secrets_passphrase'
  )

  if [ $? -gt 0 ]
  then
    echo "There was an error getting the passphrase from the pipeline ${pipeline} for resource common-${common_env}."
    return
  fi

  if [[ -s ./${file_name} ]]
  then
    echo "Uploading ${file_name} and saving to ${s3_path}"
    cat ${file_name} | \
    openssl enc -aes-256-cbc -e -a -pass "pass:${passphrase}" | \
    aws s3 cp - "s3://${s3_path}" --sse AES256
  else
    echo "${file_name} doesn't exist here or is empty."
    return
  fi
}

alias cg-get=downloadSecrets
alias cg-put=uploadSecrets

## download-credentials.sh
#!/bin/bash

set -e

if [[ -z $AWS_DEFAULT_PROFILE ]]
then
  echo "Environmental variable \$AWS_DEFAULT_PROFILE isn't set, so bailing"
  exit 99
else
  echo "Using ${AWS_DEFAULT_PROFILE} as the AWS region."
fi

aws s3 \
    cp \
    "s3://concourse-credentials/${PWD##*/}.yml" \
    "${1}"

## fly-edit.sh
#!/bin/bash

set -e

CI_URL="${CI_URL:-"https://ci.fr.cloud.gov"}"
FLY_TARGET=$(fly targets | grep "${CI_URL}" | head -n 1 | awk '{print $1}')

if ! fly --target "${FLY_TARGET}" workers > /dev/null; then
  echo "Not logged in to concourse"
  exit 1
fi

pipelines=$(
fly -t "${FLY_TARGET}" pipelines | \
grep -vE 'yes.+no' | \
grep -Eo '^[a-z0-9\-]+'
)

for p in $pipelines
do
  f=$(mktemp)
  fly -t "${FLY_TARGET}" gp -p "${p}" > "${f}";
  vim "$f" -c 'setlocal ft=concourse'
  fly -t "${FLY_TARGET}" sp -p "${p}" -c "${f}";
done

## fly-matcher.sh
#!/bin/bash

if [[ -z $ci_env ]]
then
  echo "Environmental variable \$ci_env isn't set, so defaulting to \`fr\`"
  ci_env=fr
fi

pipelines=$(fly -t $ci_env pipelines | grep -Eo '^[a-z0-9\-]+')
pattern=$1
name=$2

for pipeline in $pipelines
do
  match=$(fly -t $ci_env gp -p "$pipeline" | grep -E "${pattern}")
  if [ "$?" -eq 0 ]
  then
    echo
    echo "match in ${pipeline} for ${name}"
    echo "${match}"
    echo "match in ${pipeline} for ${name}"
  else
    echo "no match for ${name} in ${pipeline}"
  fi
done

## upload-credentials.sh
#!/bin/bash

set -e

aws --profile fr \
    s3 \
    cp \
    "${1}" \
    "s3://concourse-credentials/${PWD##*/}.yml" \
    --sse AES256
	# The Concourse commands here assume that you target your Concourse
	# instance with the `fr` name. Modify anything matchin `-t fr` as
	# necessary.


	# Search through cf-cli commands using an alias
	# @usage: wtcf bind

	searchCf() {
	cf help -a \| grep $@
	}

	alias wtcf=searchCf


	# Create a new enviromnet to allow multiple logins into CF from the same machine.
	# @usage cfagain

	newCf() {
	echo "Logging you out of Cloud Foundry in this shell"
	export CF_HOME=$(mktemp -d)
	cf target
	}
	alias cfagain=newCf

	# Alias your temporary secrets directory so you keep sensitive info in a
	# single place on your machine and not in Git repositories.

	export shh=~/Developer/cloud.gov/secrets


	# Interact with the UAA cli using the admin `client_secret` found in the
	# environment's Bosh manifest.
	# @usage uaa-get [0, 1, 4]
	# @arguments 0 = staging
	# @arguments 1 = production
	# @arguments 4 = tooling

	authUaaEnvironment() {
	local target_index=$1

	if [ $target_index -eq 0 ]
	then
	secret=$(
	aws --profile fr s3 cp s3://cloud-gov-varz-stage/cf-staging.main.yml - \| \
	openssl enc -aes-256-cbc -d -a -pass "pass:$(fly -t fr gp -p deploy-cf-new \| spruce json \| jq -r '.resources \| map(select(.name == "common-staging")) \| .[].source.secrets_passphrase')" \| \
	sed '/\( merge \)/d' \| \
	spruce json \| \
	jq -r .properties.uaa.admin.client_secret
	)
	elif [ $target_index -eq 1 ]
	then
	secret=$(
	aws --profile fr s3 cp s3://cloud-gov-varz/cf.main.yml - \| \
	openssl enc -aes-256-cbc -d -a -pass "pass:$(fly -t fr gp -p deploy-cf-new \| spruce json \| jq -r '.resources \| map(select(.name == "common-production")) \| .[].source.secrets_passphrase')" \| \
	sed '/\( merge \)/d' \| \
	spruce json \| \
	jq -r .properties.uaa.admin.client_secret
	)
	elif [ $target_index -eq 4 ]
	then
	secret=$(
	aws --profile fr s3 cp s3://cloud-gov-varz/tooling-bosh-main.yml - \| \
	openssl enc -aes-256-cbc -d -a -pass "pass:$(fly -t fr gp -p deploy-bosh \| spruce json \| jq -r '.resources \| map(select(.name == "common-tooling")) \| .[].source.secrets_passphrase')" \| \
	sed '/\( merge \)/d' \| \
	spruce json \| \
	jq -r '.instance_groups[] \| select( .name == "bosh" ) \| .jobs[] \| select( .name == "uaa" ) \| .properties.uaa.admin.client_secret' )
	fi

	if [[ $target_index == 0 \|\| $target_index == 1 \|\| $target_index == 4 ]]
	then
	uaac target "${target_index}"
	uaac token client get admin -s ${secret}
	else
	echo "You can't target a UAA I don't know about. Please run \`uaac targets\` and modify this shell function to leverage the indexes found from the output."
	fi
	}

	alias uaac-get=authUaaEnvironment


	# Use Concourse to download secrets from S3 without ever seeing the passphrase
	# @usage cg-get ${s3/path/to/filename.yml} ${concourse-pipeline-name} ${environment}
	# @usage cg-put ${s3/path/to/filename.yml} ${concourse-pipeline-name} ${environment}

	downloadSecrets() {
	if [[ $AWS_DEFAULT_PROFILE == '' ]]
	then
	echo 'You have to set your $AWS_DEFAULT_PROFILE.'
	return
	fi

	s3_path=$1
	file_name=$(echo $s3_path \| cut -d '/' -f 2)
	pipeline=$2
	common_env=$3

	echo "Getting passphrase from ${pipeline} for common-${common_env}"
	passphrase=$(
	fly -t fr get-pipeline --pipeline ${pipeline} --json \| \
	jq -er '.resources[] \| select(.name == "common-'${common_env}'") \| .source.secrets_passphrase'
	)

	if [[ -n ${passphrase} ]]
	then
	echo "Downloading ${s3_path} and saving to ${file_name}"
	aws s3 cp "s3://${s3_path}" - \| \
	openssl enc -aes-256-cbc -d -a -pass "pass:${passphrase}" > ${file_name}
	else
	echo "There was an error getting the passphrase from the pipeline ${pipeline} for resource common-${common_env}."
	return
	fi
	}

	uploadSecrets() {
	if [[ $AWS_DEFAULT_PROFILE == '' ]]
	then
	echo 'You have to set your $AWS_DEFAULT_PROFILE.'
	return
	fi

	s3_path=$1
	file_name=$(echo $s3_path \| cut -d '/' -f 2)
	pipeline=$2
	common_env=$3

	echo "Getting passphrase from ${pipeline} for common-${common_env}"
	passphrase=$(
	fly -t fr get-pipeline --pipeline ${pipeline} --json \| \
	jq -er '.resources[] \| select(.name == "common-'${common_env}'") \| .source.secrets_passphrase'
	)

	if [ $? -gt 0 ]
	then
	echo "There was an error getting the passphrase from the pipeline ${pipeline} for resource common-${common_env}."
	return
	fi

	if [[ -s ./${file_name} ]]
	then
	echo "Uploading ${file_name} and saving to ${s3_path}"
	cat ${file_name} \| \
	openssl enc -aes-256-cbc -e -a -pass "pass:${passphrase}" \| \
	aws s3 cp - "s3://${s3_path}" --sse AES256
	else
	echo "${file_name} doesn't exist here or is empty."
	return
	fi
	}

	alias cg-get=downloadSecrets
	alias cg-put=uploadSecrets
	#!/bin/bash

	set -e

	if [[ -z $AWS_DEFAULT_PROFILE ]]
	then
	echo "Environmental variable \$AWS_DEFAULT_PROFILE isn't set, so bailing"
	exit 99
	else
	echo "Using ${AWS_DEFAULT_PROFILE} as the AWS region."
	fi

	aws s3 \
	cp \
	"s3://concourse-credentials/${PWD##*/}.yml" \
	"${1}"
	#!/bin/bash

	set -e

	CI_URL="${CI_URL:-"https://ci.fr.cloud.gov"}"
	FLY_TARGET=$(fly targets \| grep "${CI_URL}" \| head -n 1 \| awk '{print $1}')

	if ! fly --target "${FLY_TARGET}" workers > /dev/null; then
	echo "Not logged in to concourse"
	exit 1
	fi

	pipelines=$(
	fly -t "${FLY_TARGET}" pipelines \| \
	grep -vE 'yes.+no' \| \
	grep -Eo '^[a-z0-9\-]+'
	)

	for p in $pipelines
	do
	f=$(mktemp)
	fly -t "${FLY_TARGET}" gp -p "${p}" > "${f}";
	vim "$f" -c 'setlocal ft=concourse'
	fly -t "${FLY_TARGET}" sp -p "${p}" -c "${f}";
	done
	#!/bin/bash

	if [[ -z $ci_env ]]
	then
	echo "Environmental variable \$ci_env isn't set, so defaulting to \`fr\`"
	ci_env=fr
	fi

	pipelines=$(fly -t $ci_env pipelines \| grep -Eo '^[a-z0-9\-]+')
	pattern=$1
	name=$2

	for pipeline in $pipelines
	do
	match=$(fly -t $ci_env gp -p "$pipeline" \| grep -E "${pattern}")
	if [ "$?" -eq 0 ]
	then
	echo
	echo "match in ${pipeline} for ${name}"
	echo "${match}"
	echo "match in ${pipeline} for ${name}"
	else
	echo "no match for ${name} in ${pipeline}"
	fi
	done
	#!/bin/bash

	set -e

	aws --profile fr \
	s3 \
	cp \
	"${1}" \
	"s3://concourse-credentials/${PWD##*/}.yml" \
	--sse AES256