image/base-image/service-available/:ssl-tools/assets/tool/jsonssl-helper - airflow-openldap - Git at Google

 #!/bin/bash
 log-helper level eq trace && set -x

 # This tool helps get certificates from json files
 # like kubernetes secrets or traefik acme.json
 # It takes its configuration from environment variable.
 # See json-default-env file

 PREFIX=$1
 CERT_FILE=$2
 KEY_FILE=$3
 CA_FILE=$4

 log-helper debug "jsonssl-helper is launched, everybody on the floor!"

 if [ -z "${PREFIX}" ] || [ -z "${CERT_FILE}" ] || [ -z "${KEY_FILE}" ] || [ -z "${CA_FILE}" ]; then
     log-helper error "Usage: jsonssl-helper prefix cert_file key_file ca_file"
     exit 1
 fi

 if [ ! -e "${CERT_FILE}" ] && [ ! -e "${KEY_FILE}" ]; then

     # set env vars
     PREFIX=${PREFIX^^} # uppercase

     # search for prefixed env var first

     # set prefix variable name
     # example : PREFIX_JSONSSL_FILE='MARIADB_JSONSSL_FILE'
     PREFIX_JSONSSL_FILE=${PREFIX}_JSONSSL_FILE
     PREFIX_JSONSSL_HOSTNAME=${PREFIX}_JSONSSL_HOSTNAME

     PREFIX_JSONSSL_PROFILE=${PREFIX}_JSONSSL_PROFILE
     PREFIX_JSONSSL_GET_CA_CERT_CMD=${PREFIX}_JSONSSL_GET_CA_CERT_CMD
     PREFIX_JSONSSL_GET_CERT_CMD=${PREFIX}_JSONSSL_GET_CERT_CMD
     PREFIX_JSONSSL_GET_KEY_CMD=${PREFIX}_JSONSSL_GET_KEY_CMD

     # assign JSONSSL_FILE=${!PREFIX_JSONSSL_FILE} if value is not empty otherwise JSONSSL_FILE=JSONSSL_FILE
     JSONSSL_FILE=${!PREFIX_JSONSSL_FILE:-$JSONSSL_FILE}
     JSONSSL_HOSTNAME=${!PREFIX_JSONSSL_HOSTNAME:-$JSONSSL_HOSTNAME}

     JSONSSL_PROFILE=${!PREFIX_JSONSSL_PROFILE:-$JSONSSL_PROFILE}
     JSONSSL_GET_CA_CERT_CMD=${!PREFIX_JSONSSL_GET_CA_CERT_CMD:-$JSONSSL_GET_CA_CERT_CMD}
     JSONSSL_GET_CERT_CMD=${!PREFIX_JSONSSL_GET_CERT_CMD:-$JSONSSL_GET_CERT_CMD}
     JSONSSL_GET_KEY_CMD=${!PREFIX_JSONSSL_GET_KEY_CMD:-$JSONSSL_GET_KEY_CMD}

     source "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/jsonssl-default-env"

     if [ -z "${JSONSSL_FILE}" ]; then
         log-helper info "Variable JSONSSL_FILE is empty, set to default location:"
         log-helper info "JSONSSL_FILE=${JSONSSL_FILE_DEFAULT}"
         JSONSSL_FILE=${JSONSSL_FILE_DEFAULT}
     fi

     if [ ! -e "${JSONSSL_FILE}" ]; then
         log-helper error "JSONSSL_FILE file '${JSONSSL_FILE}' not found"
         exit 1
     fi

     # Json file profile, only traefik for now
     if [ "${JSONSSL_PROFILE,,}" = "traefik" ]; then
         # Let's Encrypt CA certificate is in cert file after the domain certificate.
         # So we took what's after the first cert.
         JSONSSL_GET_CA_CERT_CMD="awk '{if(found) print} /END CERTIFICATE/{found=1}' ${CERT_FILE}"

         JSONSSL_GET_CERT_CMD="cat ${JSONSSL_FILE} | jq -r '[.Certificates[]] | map(select(.Domain.Main == \"${JSONSSL_HOSTNAME}\")) | .[0].Certificate' | base64 -d"
         JSONSSL_GET_KEY_CMD="cat ${JSONSSL_FILE} | jq -r '[.Certificates[]] | map(select(.Domain.Main == \"${JSONSSL_HOSTNAME}\")) | .[0].Key' | base64 -d"
         elif [ "${JSONSSL_PROFILE,,}" = "traefik_up_to_v1_6" ]; then
         # Let's Encrypt CA certificate is in cert file after the domain certificate.
         # So we took what's after the first cert.
         JSONSSL_GET_CA_CERT_CMD="awk '{if(found) print} /END CERTIFICATE/{found=1}' ${CERT_FILE}"

         JSONSSL_GET_CERT_CMD="cat ${JSONSSL_FILE} | jq -r '[.[\"DomainsCertificate\"].Certs[].Certificate] | map(select(.Domain == \"${JSONSSL_HOSTNAME}\")) | .[0].Certificate' | base64 -d"
         JSONSSL_GET_KEY_CMD="cat ${JSONSSL_FILE} | jq -r '[.[\"DomainsCertificate\"].Certs[].Certificate] | map(select(.Domain == \"${JSONSSL_HOSTNAME}\")) | .[0].PrivateKey' | base64 -d"
     fi

     log-helper debug "Run JSONSSL_GET_CERT_CMD: ${JSONSSL_GET_CERT_CMD}"
     log-helper debug "put return in ${CERT_FILE}"
     eval "${JSONSSL_GET_CERT_CMD}" > "${CERT_FILE}"

     if [ ! -s "$CERT_FILE" ]; then
         log-helper error "Generated file '${CERT_FILE}' is empty"
         log-helper error "Set loglevel to debug for more information"
         exit 1
     fi

     log-helper debug "Run JSONSSL_GET_KEY_CMD: ${JSONSSL_GET_KEY_CMD}"
     log-helper debug "put return in ${KEY_FILE}"
     eval "$JSONSSL_GET_KEY_CMD" > "${KEY_FILE}"

     if [ ! -s "${KEY_FILE}" ]; then
         log-helper error "Generated file '${KEY_FILE}' is empty"
         log-helper error "Set loglevel to debug for more information"
         exit 1
     fi

     # if CA cert doesn't exist
     if [ ! -e "$CA_FILE" ]; then
         log-helper debug "Run JSONSSL_GET_CA_CERT_CMD: ${JSONSSL_GET_CA_CERT_CMD}"
         log-helper debug "put return in ${CA_FILE}"
         eval "$JSONSSL_GET_CA_CERT_CMD" > "${CA_FILE}"

         if [ ! -s "$CA_FILE" ]; then
             log-helper error "Generated file '${CA_FILE}' is empty"
             log-helper error "Set loglevel to debug for more information"
             exit 1
         fi
     fi

     log-helper debug "done :)"

     elif [ ! -e "${KEY_FILE}" ]; then
     log-helper error "Certificate file ${CERT_FILE} exists but not key file ${KEY_FILE}"
     exit 1
     elif [ ! -e "${CERT_FILE}" ]; then
     log-helper error "Key file ${KEY_FILE} exists but not certificate file ${CERT_FILE}"
     exit 1
 else
     log-helper debug "Files ${CERT_FILE} and ${KEY_FILE} exists, fix files permissions"
     chmod 644 "${CERT_FILE}"
     chmod 600 "${KEY_FILE}"
 fi
	#!/bin/bash
	log-helper level eq trace && set -x

	# This tool helps get certificates from json files
	# like kubernetes secrets or traefik acme.json
	# It takes its configuration from environment variable.
	# See json-default-env file

	PREFIX=$1
	CERT_FILE=$2
	KEY_FILE=$3
	CA_FILE=$4

	log-helper debug "jsonssl-helper is launched, everybody on the floor!"

	if [ -z "${PREFIX}" ] \|\| [ -z "${CERT_FILE}" ] \|\| [ -z "${KEY_FILE}" ] \|\| [ -z "${CA_FILE}" ]; then
	log-helper error "Usage: jsonssl-helper prefix cert_file key_file ca_file"
	exit 1
	fi

	if [ ! -e "${CERT_FILE}" ] && [ ! -e "${KEY_FILE}" ]; then

	# set env vars
	PREFIX=${PREFIX^^} # uppercase

	# search for prefixed env var first

	# set prefix variable name
	# example : PREFIX_JSONSSL_FILE='MARIADB_JSONSSL_FILE'
	PREFIX_JSONSSL_FILE=${PREFIX}_JSONSSL_FILE
	PREFIX_JSONSSL_HOSTNAME=${PREFIX}_JSONSSL_HOSTNAME

	PREFIX_JSONSSL_PROFILE=${PREFIX}_JSONSSL_PROFILE
	PREFIX_JSONSSL_GET_CA_CERT_CMD=${PREFIX}_JSONSSL_GET_CA_CERT_CMD
	PREFIX_JSONSSL_GET_CERT_CMD=${PREFIX}_JSONSSL_GET_CERT_CMD
	PREFIX_JSONSSL_GET_KEY_CMD=${PREFIX}_JSONSSL_GET_KEY_CMD

	# assign JSONSSL_FILE=${!PREFIX_JSONSSL_FILE} if value is not empty otherwise JSONSSL_FILE=JSONSSL_FILE
	JSONSSL_FILE=${!PREFIX_JSONSSL_FILE:-$JSONSSL_FILE}
	JSONSSL_HOSTNAME=${!PREFIX_JSONSSL_HOSTNAME:-$JSONSSL_HOSTNAME}

	JSONSSL_PROFILE=${!PREFIX_JSONSSL_PROFILE:-$JSONSSL_PROFILE}
	JSONSSL_GET_CA_CERT_CMD=${!PREFIX_JSONSSL_GET_CA_CERT_CMD:-$JSONSSL_GET_CA_CERT_CMD}
	JSONSSL_GET_CERT_CMD=${!PREFIX_JSONSSL_GET_CERT_CMD:-$JSONSSL_GET_CERT_CMD}
	JSONSSL_GET_KEY_CMD=${!PREFIX_JSONSSL_GET_KEY_CMD:-$JSONSSL_GET_KEY_CMD}

	source "${CONTAINER_SERVICE_DIR}/:ssl-tools/assets/jsonssl-default-env"

	if [ -z "${JSONSSL_FILE}" ]; then
	log-helper info "Variable JSONSSL_FILE is empty, set to default location:"
	log-helper info "JSONSSL_FILE=${JSONSSL_FILE_DEFAULT}"
	JSONSSL_FILE=${JSONSSL_FILE_DEFAULT}
	fi

	if [ ! -e "${JSONSSL_FILE}" ]; then
	log-helper error "JSONSSL_FILE file '${JSONSSL_FILE}' not found"
	exit 1
	fi

	# Json file profile, only traefik for now
	if [ "${JSONSSL_PROFILE,,}" = "traefik" ]; then
	# Let's Encrypt CA certificate is in cert file after the domain certificate.
	# So we took what's after the first cert.
	JSONSSL_GET_CA_CERT_CMD="awk '{if(found) print} /END CERTIFICATE/{found=1}' ${CERT_FILE}"

	JSONSSL_GET_CERT_CMD="cat ${JSONSSL_FILE} \| jq -r '[.Certificates[]] \| map(select(.Domain.Main == \"${JSONSSL_HOSTNAME}\")) \| .[0].Certificate' \| base64 -d"
	JSONSSL_GET_KEY_CMD="cat ${JSONSSL_FILE} \| jq -r '[.Certificates[]] \| map(select(.Domain.Main == \"${JSONSSL_HOSTNAME}\")) \| .[0].Key' \| base64 -d"
	elif [ "${JSONSSL_PROFILE,,}" = "traefik_up_to_v1_6" ]; then
	# Let's Encrypt CA certificate is in cert file after the domain certificate.
	# So we took what's after the first cert.
	JSONSSL_GET_CA_CERT_CMD="awk '{if(found) print} /END CERTIFICATE/{found=1}' ${CERT_FILE}"

	JSONSSL_GET_CERT_CMD="cat ${JSONSSL_FILE} \| jq -r '[.[\"DomainsCertificate\"].Certs[].Certificate] \| map(select(.Domain == \"${JSONSSL_HOSTNAME}\")) \| .[0].Certificate' \| base64 -d"
	JSONSSL_GET_KEY_CMD="cat ${JSONSSL_FILE} \| jq -r '[.[\"DomainsCertificate\"].Certs[].Certificate] \| map(select(.Domain == \"${JSONSSL_HOSTNAME}\")) \| .[0].PrivateKey' \| base64 -d"
	fi

	log-helper debug "Run JSONSSL_GET_CERT_CMD: ${JSONSSL_GET_CERT_CMD}"
	log-helper debug "put return in ${CERT_FILE}"
	eval "${JSONSSL_GET_CERT_CMD}" > "${CERT_FILE}"

	if [ ! -s "$CERT_FILE" ]; then
	log-helper error "Generated file '${CERT_FILE}' is empty"
	log-helper error "Set loglevel to debug for more information"
	exit 1
	fi

	log-helper debug "Run JSONSSL_GET_KEY_CMD: ${JSONSSL_GET_KEY_CMD}"
	log-helper debug "put return in ${KEY_FILE}"
	eval "$JSONSSL_GET_KEY_CMD" > "${KEY_FILE}"

	if [ ! -s "${KEY_FILE}" ]; then
	log-helper error "Generated file '${KEY_FILE}' is empty"
	log-helper error "Set loglevel to debug for more information"
	exit 1
	fi

	# if CA cert doesn't exist
	if [ ! -e "$CA_FILE" ]; then
	log-helper debug "Run JSONSSL_GET_CA_CERT_CMD: ${JSONSSL_GET_CA_CERT_CMD}"
	log-helper debug "put return in ${CA_FILE}"
	eval "$JSONSSL_GET_CA_CERT_CMD" > "${CA_FILE}"

	if [ ! -s "$CA_FILE" ]; then
	log-helper error "Generated file '${CA_FILE}' is empty"
	log-helper error "Set loglevel to debug for more information"
	exit 1
	fi
	fi

	log-helper debug "done :)"

	elif [ ! -e "${KEY_FILE}" ]; then
	log-helper error "Certificate file ${CERT_FILE} exists but not key file ${KEY_FILE}"
	exit 1
	elif [ ! -e "${CERT_FILE}" ]; then
	log-helper error "Key file ${KEY_FILE} exists but not certificate file ${CERT_FILE}"
	exit 1
	else
	log-helper debug "Files ${CERT_FILE} and ${KEY_FILE} exists, fix files permissions"
	chmod 644 "${CERT_FILE}"
	chmod 600 "${KEY_FILE}"
	fi