ben
/
mgmt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mgmt/scripts/utilities/consul-secrets-manager.sh

228 lines
6.6 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Consul 密钥管理脚本
# 用于安全地管理 Oracle Cloud 和其他云服务商的敏感配置
set -euo pipefail
# 配置
CONSUL_ADDR="${CONSUL_ADDR:-http://localhost:8500}"
CONSUL_TOKEN="${CONSUL_TOKEN:-}"
ENVIRONMENT="${ENVIRONMENT:-dev}"
# 颜色输出
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# 日志函数
log_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
log_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
log_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# 检查 Consul 连接
check_consul() {
log_info "检查 Consul 连接..."
if ! curl -s "${CONSUL_ADDR}/v1/status/leader" > /dev/null; then
log_error "无法连接到 Consul: ${CONSUL_ADDR}"
exit 1
fi
log_success "Consul 连接正常"
}
# 设置 Oracle Cloud 配置
set_oracle_config() {
log_info "设置 Oracle Cloud 配置..."
echo "请输入 Oracle Cloud 配置信息:"
read -p "租户 OCID: " tenancy_ocid
read -p "用户 OCID: " user_ocid
read -p "API 密钥指纹: " fingerprint
read -p "私钥文件路径: " private_key_path
read -p "区间 OCID: " compartment_ocid
# 验证私钥文件是否存在
if [[ ! -f "$private_key_path" ]]; then
log_error "私钥文件不存在: $private_key_path"
exit 1
fi
# 读取私钥内容
private_key_content=$(cat "$private_key_path")
# 存储到 Consul
local base_path="config/${ENVIRONMENT}/oracle"
curl -s -X PUT "${CONSUL_ADDR}/v1/kv/${base_path}/tenancy_ocid" -d "$tenancy_ocid" > /dev/null
curl -s -X PUT "${CONSUL_ADDR}/v1/kv/${base_path}/user_ocid" -d "$user_ocid" > /dev/null
curl -s -X PUT "${CONSUL_ADDR}/v1/kv/${base_path}/fingerprint" -d "$fingerprint" > /dev/null
curl -s -X PUT "${CONSUL_ADDR}/v1/kv/${base_path}/private_key" -d "$private_key_content" > /dev/null
curl -s -X PUT "${CONSUL_ADDR}/v1/kv/${base_path}/compartment_ocid" -d "$compartment_ocid" > /dev/null
log_success "Oracle Cloud 配置已存储到 Consul"
}
# 获取 Oracle Cloud 配置
get_oracle_config() {
log_info "从 Consul 获取 Oracle Cloud 配置..."
local base_path="config/${ENVIRONMENT}/oracle"
echo "Oracle Cloud 配置:"
echo "租户 OCID: $(curl -s "${CONSUL_ADDR}/v1/kv/${base_path}/tenancy_ocid?raw" 2>/dev/null || echo "未设置")"
echo "用户 OCID: $(curl -s "${CONSUL_ADDR}/v1/kv/${base_path}/user_ocid?raw" 2>/dev/null || echo "未设置")"
echo "指纹: $(curl -s "${CONSUL_ADDR}/v1/kv/${base_path}/fingerprint?raw" 2>/dev/null || echo "未设置")"
echo "区间 OCID: $(curl -s "${CONSUL_ADDR}/v1/kv/${base_path}/compartment_ocid?raw" 2>/dev/null || echo "未设置")"
echo "私钥: $(curl -s "${CONSUL_ADDR}/v1/kv/${base_path}/private_key?raw" 2>/dev/null | head -1 || echo "未设置")"
}
# 删除 Oracle Cloud 配置
delete_oracle_config() {
log_warning "删除 Oracle Cloud 配置..."
read -p "确定要删除所有 Oracle Cloud 配置吗?(y/N): " confirm
if [[ "$confirm" != "y" && "$confirm" != "Y" ]]; then
log_info "操作已取消"
return
fi
local base_path="config/${ENVIRONMENT}/oracle"
curl -s -X DELETE "${CONSUL_ADDR}/v1/kv/${base_path}?recurse" > /dev/null
log_success "Oracle Cloud 配置已删除"
}
# 生成 Terraform 变量文件
generate_terraform_vars() {
log_info "生成 Terraform 变量文件..."
local base_path="config/${ENVIRONMENT}/oracle"
local output_file="infrastructure/environments/${ENVIRONMENT}/terraform.tfvars.consul"
# 从 Consul 获取配置
local tenancy_ocid=$(curl -s "${CONSUL_ADDR}/v1/kv/${base_path}/tenancy_ocid?raw" 2>/dev/null || echo "")
local user_ocid=$(curl -s "${CONSUL_ADDR}/v1/kv/${base_path}/user_ocid?raw" 2>/dev/null || echo "")
local fingerprint=$(curl -s "${CONSUL_ADDR}/v1/kv/${base_path}/fingerprint?raw" 2>/dev/null || echo "")
local compartment_ocid=$(curl -s "${CONSUL_ADDR}/v1/kv/${base_path}/compartment_ocid?raw" 2>/dev/null || echo "")
if [[ -z "$tenancy_ocid" ]]; then
log_error "Consul 中没有找到 Oracle Cloud 配置"
exit 1
fi
# 创建临时私钥文件
local temp_key_file="/tmp/oci_private_key_${ENVIRONMENT}.pem"
curl -s "${CONSUL_ADDR}/v1/kv/${base_path}/private_key?raw" > "$temp_key_file"
chmod 600 "$temp_key_file"
# 生成 Terraform 变量文件
cat > "$output_file" << EOF
# 从 Consul 生成的 Oracle Cloud 配置
# 生成时间: $(date)
# 环境: ${ENVIRONMENT}
oci_config = {
tenancy_ocid = "$tenancy_ocid"
user_ocid = "$user_ocid"
fingerprint = "$fingerprint"
private_key_path = "$temp_key_file"
region = "ap-seoul-1"
compartment_ocid = "$compartment_ocid"
}
EOF
log_success "Terraform 变量文件已生成: $output_file"
log_warning "私钥文件位置: $temp_key_file"
log_warning "请在使用完毕后删除临时私钥文件"
}
# 清理临时文件
cleanup_temp_files() {
log_info "清理临时文件..."
rm -f /tmp/oci_private_key_*.pem
rm -f infrastructure/environments/*/terraform.tfvars.consul
log_success "临时文件已清理"
}
# 显示帮助信息
show_help() {
cat << EOF
Consul 密钥管理脚本
用法: $0 [选项]
选项:
set-oracle 设置 Oracle Cloud 配置到 Consul
get-oracle 从 Consul 获取 Oracle Cloud 配置
delete-oracle 从 Consul 删除 Oracle Cloud 配置
generate-vars 从 Consul 生成 Terraform 变量文件
cleanup 清理临时文件
help 显示此帮助信息
环境变量:
CONSUL_ADDR Consul 地址 (默认: http://localhost:8500)
CONSUL_TOKEN Consul ACL Token (可选)
ENVIRONMENT 环境名称 (默认: dev)
示例:
# 设置 Oracle Cloud 配置
$0 set-oracle
# 生成 Terraform 变量文件
$0 generate-vars
# 查看配置
$0 get-oracle
# 清理临时文件
$0 cleanup
EOF
}
# 主函数
main() {
case "${1:-help}" in
"set-oracle")
check_consul
set_oracle_config
;;
"get-oracle")
check_consul
get_oracle_config
;;
"delete-oracle")
check_consul
delete_oracle_config
;;
"generate-vars")
check_consul
generate_terraform_vars
;;
"cleanup")
cleanup_temp_files
;;
"help"|*)
show_help
;;
esac
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink