-
Notifications
You must be signed in to change notification settings - Fork 1
/
tunnel.sh
executable file
·140 lines (113 loc) · 3.72 KB
/
tunnel.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
#!/usr/bin/env bash
# set -x
# gh CLI from https://cli.github.com/
# ghsecret from https://github.com/rschmied/ghsecret
#
# change these two to local requirements:
REPO="ciscodevnet/terraform-provider-cml2"
CML="https://cml-controller.cml.lab:443"
# nothing to be changed further down
function help() {
cmd=$(basename $0)
cat << EOT
$cmd usage:
$cmd start -- starts ngrok in tmux and provisions credentials to GH
$cmd stop -- stops tmux (and ngrok) and removes credentials from GH
$cmd force -- forcefully removes credentials from GH
$cmd status -- shows the status (also the default)
$cmd open -- opens the tmux session
$cmd -h | --help | help -- shows this help
Requirements:
- TF_VAR_username and TF_VAR_password environment variables with CML credentials
- authorized gh tool (Github cli)
- curl, ghsecret, jq, ngrok and tmux in the path
- ngrok authtoken provided via ~/.ngrok2/ngrok.yml
Repo name and CML controller URL can be configured at the top of this script.
They currently are:
GH Repository name: https://github.com/$REPO
Local CML2 address: $CML
EOT
}
function get_status() {
if ! tmux list-sessions -F "#S" | grep -qs ^NGROK; then
echo -n "no "
fi
echo "session exists"
}
function remove_secrets() {
gh api -XDELETE /repos/$REPO/actions/secrets/NGROK_URL
gh api -XDELETE /repos/$REPO/actions/secrets/USERNAME
gh api -XDELETE /repos/$REPO/actions/secrets/PASSWORD
}
function open() {
status=$(get_status)
if [ "$status" = "session exists" ]; then
tmux attach -t NGROK
fi
}
function stop() {
status=$(get_status)
if [ "$status" = "session exists" ]; then
tmux kill-session -t NGROK
remove_secrets
else
echo $status
fi
}
function start() {
# check if ngrok is running
if ! curl >/dev/null -sf localhost:4040/api; then
echo "starting tmux and ngrok"
tmux &>/dev/null kill-session -t NGROK
tmux new-session -d -s NGROK
tmux new-window -t NGROK -n "ngrok" ngrok start --none
sleep 1
if ! >/dev/null curl -sf localhost:4040/api; then
echo "can't start ngrok, failing"
exit 1
else
echo "tmux and ngrok started"
fi
fi
# get the tunnel from the agent and start it, if no tunnel
TUNNEL=$(curl -sf localhost:4040/api/tunnels | jq -r '.tunnels|map(select(.config.addr == "'$CML'"))[0]|.public_url')
if [ "$TUNNEL" = "null" ]; then
DATA='{"proto": "http","addr": "'$CML'","name": "cml"}'
TUNNEL=$(echo $DATA | curl -sf -XPOST -d@- -H "Content-Type: application/json" localhost:4040/api/tunnels | jq -r '.public_url')
fi
# read the public github key for our repo
read -d' ' GH_KEY_ID GH_KEY <<< "$(gh api /repos/$REPO/actions/secrets/public-key | jq -r '.|.key_id, .key')"
# make them visible to the ghsecret tool
export GH_KEY GH_KEY_ID TUNNEL
# create/update the needed secrets on Github
ghsecret TUNNEL | gh api -XPUT /repos/$REPO/actions/secrets/NGROK_URL --input -
ghsecret TF_VAR_username | gh api -XPUT /repos/$REPO/actions/secrets/USERNAME --input -
ghsecret TF_VAR_password | gh api -XPUT /repos/$REPO/actions/secrets/PASSWORD --input -
}
# check if we have everything...
if ! which &>/dev/null ngrok jq gh curl tmux ghsecret; then
# color="\033[31;40m"
color="\033[31m"
nocolor="\033[0m"
echo
echo -e $color"Required command is missing!"$nocolor
echo
help
exit 1
fi
if [ "$1" == "start" ]; then
start
elif [ "$1" == "stop" ]; then
stop
elif [ "$1" == "open" ]; then
open
elif [ "$1" == "force" ]; then
remove_secrets
elif [[ "$1" =~ -h|--help|help ]]; then
help
elif [ -z "$1" -o "$1" = "status" ]; then
get_status
else
help
fi
exit 0