-
Notifications
You must be signed in to change notification settings - Fork 162
/
pipeline.sh
executable file
·61 lines (48 loc) · 2.43 KB
/
pipeline.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/bin/sh
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -e
PROJECT_ID="$(gcloud config get-value project)"
SA_NAME='no-roles-sa'
SA_EMAIL="$SA_NAME@$PROJECT_ID.iam.gserviceaccount.com"
SCRIPTPATH="$( cd "$(dirname "$0")" || exit >/dev/null 2>&1 ; pwd -P )"
export PATH="$PATH:$SCRIPTPATH/../../tools/apigee-sackmesser/bin"
# create a service account without any roles if it doesn't exist
EXISTING_EMAIL=$(gcloud iam service-accounts list --filter="email=$SA_EMAIL" --format="get(email)")
if [ "$EXISTING_EMAIL" != "$SA_EMAIL" ]; then
gcloud iam service-accounts create "$SA_NAME"
fi
# Cleaning up existing service account keys for that SA
for SA_KEY_NAME in $(gcloud iam service-accounts keys list --iam-account="$SA_EMAIL" --format="get(name)" --filter="keyType=USER_MANAGED")
do
gcloud iam service-accounts keys delete "$SA_KEY_NAME" --iam-account="$SA_EMAIL" -q
done
# Create and download service account key
gcloud iam service-accounts keys create "$SCRIPTPATH/$SA_NAME-key.json" \
--iam-account "$SA_EMAIL"
# Apigee Edge Pipeline
"$SCRIPTPATH"/deploy.sh "$SCRIPTPATH/$SA_NAME-key.json" --apigeeapi
sackmesser deploy --apigeeapi -d "$SCRIPTPATH"/test/token-validation \
-u "$APIGEE_USER" -p "$APIGEE_PASS" -o "$APIGEE_ORG" -e "$APIGEE_ENV" \
-n token-validation-v0
curl --fail "https://$APIGEE_ORG-$APIGEE_ENV.apigee.net/token-validation/v0/oauth"
curl --fail "https://$APIGEE_ORG-$APIGEE_ENV.apigee.net/token-validation/v0/jwt"
# Apigee X Pipeline
"$SCRIPTPATH"/deploy.sh "$SCRIPTPATH/$SA_NAME-key.json" --googleapi
APIGEE_TOKEN="$(gcloud config config-helper --force-auth-refresh --format json | jq -r '.credential.access_token')"
sackmesser deploy --googleapi -d "$SCRIPTPATH"/test/token-validation \
-t "$APIGEE_TOKEN" -o "$APIGEE_X_ORG" -e "$APIGEE_X_ENV" \
-n token-validation-v0
curl -k --fail "https://$APIGEE_X_HOSTNAME/token-validation/v0/oauth"
curl -k --fail "https://$APIGEE_X_HOSTNAME/token-validation/v0/jwt"