mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-25 16:41:08 +02:00
Code Issues Projects Releases Wiki Activity
vault/enos/modules/vault_get_cluster_ips/scripts/get-follower-ipv6s.sh
Ryan Cragun b5d32b7bec
enos: add shfmt formatting to enos module scripts (#28142) 
Signed-off-by: Ryan Cragun <me@ryan.ec>
2024-08-23 13:45:30 -06:00

88 lines
2.4 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
set -e
function fail() {
echo "$1" 1>&2
exit 1
}
[[ -z "$IP_VERSION" ]] && fail "IP_VERSION env variable has not been set"
[[ -z "$VAULT_ADDR" ]] && fail "VAULT_ADDR env variable has not been set"
[[ -z "$VAULT_INSTALL_DIR" ]] && fail "VAULT_INSTALL_DIR env variable has not been set"
[[ -z "$VAULT_TOKEN" ]] && fail "VAULT_TOKEN env variable has not been set"
echo "$VAULT_IPV6S" > /tmp/vaultipv6s
binpath=${VAULT_INSTALL_DIR}/vault
test -x "$binpath" || fail "Unable to locate vault binary at $binpath"
getFollowerIPV6sFromOperatorMembers() {
if members=$($binpath operator members -format json); then
if followers=$(echo "$members" | jq -e --argjson expected "$VAULT_IPV6S" -c '.Nodes | map(select(any(.; .active_node==false)) | .api_address | scan("\\[(.+)\\]") | .[0]) as $followers | $expected - ($expected - $followers)'); then
# Make sure that we got all the followers
if jq -e --argjson expected "$VAULT_IPV6S" --argjson followers "$followers" -ne '$expected | length as $el | $followers | length as $fl | $fl == $el-1' > /dev/null; then
echo "$followers"
return 0
fi
fi
fi
return 1
}
removeIP() {
local needle
local haystack
needle=$1
haystack=$2
if remain=$(jq -e --arg ip "$needle" -c '. | map(select(.!=$ip))' <<< "$haystack"); then
if [[ -n "$remain" ]]; then
echo "$remain"
return 0
fi
fi
return 1
}
count=0
retries=10
while :; do
case $IP_VERSION in
4)
echo "[]"
exit 0
;;
6)
[[ -z "$VAULT_IPV6S" ]] && fail "VAULT_IPV6S env variable has not been set"
[[ -z "$VAULT_LEADER_IPV6" ]] && fail "VAULT_LEADER_IPV6 env variable has not been set"
# Vault >= 1.10.x has the operator members. If we have that then we'll use it.
if $binpath operator -h 2>&1 | grep members &> /dev/null; then
if followers=$(getFollowerIPV6sFromOperatorMembers); then
echo "$followers"
exit 0
fi
else
[[ -z "$VAULT_LEADER_IPV6" ]] && fail "VAULT_LEADER_IPV6 env variable has not been set"
removeIP "$VAULT_LEADER_IPV6" "$VAULT_IPV6S"
exit $?
fi
;;
*)
fail "unknown IP_VERSION: $IP_VERSION"
;;
esac
wait=$((2 ** count))
count=$((count + 1))
if [ "$count" -lt "$retries" ]; then
sleep "$wait"
else
fail "Timed out trying to obtain the cluster followers"
fi
done
Reference in New Issue View Git Blame Copy Permalink