-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcarl.sh
53 lines (37 loc) · 1.24 KB
/
carl.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/usr/bin/env bash
ACCESSOR_ID="$(vault auth list -format=json | jq -r '.["oidc/"].accessor')"
echo "Accessor ID: ${ACCESSOR_ID}"
#for id in $(vault list -format=json identity/entity/id | jq -r '.[]' ); do
# vault delete identity/entity/id/"${id}"
#done
#for id in $(vault list -format=json identity/entity/id | jq -r '.[]' ); do
# vault read identity/entity/id/"${id}"
#done
#for id in $(vault list -format=json identity/entity-alias/id | jq -r '.[]' ); do
# vault read identity/entity-alias/id/"${id}"
#done
#
# elevate carl
#
echo
echo "Elevate Carl"
echo
ENTITY_ID="$(vault write -field=id -format=json identity/lookup/entity \
alias_name='carldoe@contoso.com' \
alias_mount_accessor="${ACCESSOR_ID}" | jq -r '.')"
if [[ -z "${ENTITY_ID}" ]]; then
ENTITY_ID="$(vault write -field=id identity/entity \
name='carl' \
policies='oidc-admin' \
metadata=scope=hacker \
metadata=responsibility='system takeover')"
echo "Entity ID: ${ENTITY_ID}"
ALIAS_ID="$(vault write -field=id identity/entity-alias \
name='carldoe@contoso.com' \
canonical_id="${ENTITY_ID}" \
mount_accessor="${ACCESSOR_ID}")"
echo "Entity Alias ID: ${ALIAS_ID}"
else
vault write identity/entity/id/"${ENTITY_ID}" \
policies='oidc-admin'
fi