mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-23 15:41:07 +02:00
Code Issues Projects Releases Wiki Activity
vault/enos/modules/vault_verify_version/scripts/verify-cli-version.sh
Luis (LT) Carbonell ed52371b10
Upgrade FIPS 1402 -> 1403 (#30576) 
* Upgrade FIPS 1402 -> 1403

* Clean up

* changelog
2025-05-12 15:01:30 -05:00

56 lines
2.2 KiB
Bash
Raw Permalink Blame History

#!/usr/bin/env bash
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
# Verify the Vault "version" includes the correct base version, build date,
# revision SHA, and edition metadata.
set -e
fail() {
echo "$1" 1>&2
exit 1
}
[[ -z "$VAULT_ADDR" ]] && fail "VAULT_ADDR env variable has not been set"
[[ -z "$VAULT_BUILD_DATE" ]] && fail "VAULT_BUILD_DATE env variable has not been set"
[[ -z "$VAULT_EDITION" ]] && fail "VAULT_EDITION env variable has not been set"
[[ -z "$VAULT_INSTALL_DIR" ]] && fail "VAULT_INSTALL_DIR env variable has not been set"
[[ -z "$VAULT_REVISION" ]] && fail "VAULT_REVISION env variable has not been set"
[[ -z "$VAULT_TOKEN" ]] && fail "VAULT_TOKEN env variable has not been set"
[[ -z "$VAULT_VERSION" ]] && fail "VAULT_VERSION env variable has not been set"
binpath=${VAULT_INSTALL_DIR}/vault
edition=${VAULT_EDITION}
version=${VAULT_VERSION}
sha=${VAULT_REVISION}
build_date=${VAULT_BUILD_DATE}
test -x "$binpath" || fail "unable to locate vault binary at $binpath"
version_expected="Vault v$version ($sha), built $build_date"
case "$edition" in
*ce) ;;
*ent) ;;
*ent.hsm) version_expected="$version_expected (cgo)" ;;
*ent.fips1403) version_expected="$version_expected (cgo)" ;;
*ent.hsm.fips1403) version_expected="$version_expected (cgo)" ;;
*) fail "Unknown Vault edition: ($edition)" ;;
esac
version_expected_nosha=$(echo "$version_expected" | awk '!($3="")' | sed 's/ / /' | sed -e 's/[[:space:]]*$//')
version_output=$("$binpath" version)
if [[ "$version_output" == "$version_expected_nosha" ]] || [[ "$version_output" == "$version_expected" ]]; then
echo "Version verification succeeded!"
else
msg="$(printf "\nThe Vault cluster did not match the expected version, expected:\n%s\nor\n%s\ngot:\n%s" "$version_expected" "$version_expected_nosha" "$version_output")"
if type diff &> /dev/null; then
# Diff exits non-zero if we have a diff, which we want, so we'll guard against failing early.
if ! version_diff=$(diff <(echo "$version_expected") <(echo "$version_output") -u -L expected -L got); then
msg="$(printf "\nThe Vault cluster did not match the expected version:\n%s" "$version_diff")"
fi
fi
fail "$msg"
fi
Reference in New Issue View Git Blame Copy Permalink