mirror of
https://github.com/hashicorp/vault.git
synced 2025-11-25 04:31:12 +01:00
4036485739
* (enos) Add KMIP Enos Test Suite * skip KMIP for CE runs * reads... * cleanup variables * fix
44 lines
1.4 KiB
Bash
44 lines
1.4 KiB
Bash
#!/usr/bin/env bash
|
|
# Copyright (c) HashiCorp, Inc.
|
|
# SPDX-License-Identifier: BUSL-1.1
|
|
|
|
set -e
|
|
|
|
fail() {
|
|
echo "$1" 1>&2
|
|
exit 1
|
|
}
|
|
|
|
[[ -z "${SERVER_CA}" ]] && fail "SERVER_CA env variable has not been set"
|
|
[[ -z "${CLIENT_CA}" ]] && fail "CLIENT_CA env variable has not been set"
|
|
[[ -z "${VAULT_ADDR}" ]] && fail "VAULT_ADDR env variable has not been set"
|
|
[[ -z "${KMIP_PORT}" ]] && fail "KMIP_PORT env variable has not been set"
|
|
|
|
cd ~ || fail "Failed to change directory to home"
|
|
echo "${SERVER_CA}" > TEMP_DIR/vault-ca.pem
|
|
echo "${CLIENT_CA}" > TEMP_DIR/client.pem
|
|
|
|
# Extract certificate and key from client bundle
|
|
cd TEMP_DIR
|
|
# Assuming CLIENT_CA contains both cert and key, split them
|
|
csplit -f client- client.pem '/-----BEGIN.*PRIVATE KEY-----/' '{*}'
|
|
mv client-00 cert.pem
|
|
mv client-01 key.pem
|
|
|
|
# Connect to the Percona Docker container
|
|
CONTAINER_CMD="sudo docker"
|
|
KMIP_DOCKER_NAME="kmip"
|
|
|
|
# Create MySQL data directory
|
|
${CONTAINER_CMD} exec -d "${KMIP_DOCKER_NAME}" sh -c 'mkdir -p /var/lib/mysql/testKMIP'
|
|
|
|
# Start MySQL with KMIP configuration
|
|
${CONTAINER_CMD} exec -d "${KMIP_DOCKER_NAME}" mysqld \
|
|
--datadir=/var/lib/mysql/testKMIP \
|
|
--early-plugin-load=keyring_kmip.so \
|
|
--keyring_kmip_server_name="${VAULT_ADDR}" \
|
|
--keyring_kmip_server_port="${KMIP_PORT}" \
|
|
--keyring_kmip_client_ca=/TEMP_DIR/vault-ca.pem \
|
|
--keyring_kmip_client_key=/TEMP_DIR/key.pem \
|
|
--keyring_kmip_client_cert=/TEMP_DIR/cert.pem
|