Skip to content

Commit

Permalink
Switch to new μpkg package format
Browse files Browse the repository at this point in the history
  • Loading branch information
andsens committed May 23, 2024
1 parent b0a8b47 commit 8efa993
Show file tree
Hide file tree
Showing 19 changed files with 325 additions and 284 deletions.
21 changes: 16 additions & 5 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,24 @@ name: Release

on:
push:
branches: [ '*' ]
tags: [ 'v*' ]
tags: ['v*']

jobs:
create-release:
test:
uses: ./.github/workflows/test.yaml
secrets: inherit
release:
needs: [test]
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- id: version
uses: orbit-online/image-version@v0.9.1
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
- name: Set up buildx
uses: docker/setup-buildx-action@v2
- name: Login to docker hub
Expand All @@ -21,11 +28,15 @@ jobs:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN_RW }}
- name: Build & push
uses: docker/build-push-action@v4
uses: docker/build-push-action@v5
with:
context: "."
file: k8s-secrets/Dockerfile
tags: secoya/pkidb-k8s-secrets:${{ steps.version.outputs.version }}
push: true
build-args: |
"BUILD_TOOL=github"
"BUILT_BY=${{ github.actor }}"
- uses: orbit-online/upkg-release@v1
with:
paths: bin common.sh LICENSE README.md
25 changes: 25 additions & 0 deletions .github/workflows/test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Test

on:
push:
branches: ['*']
tags: ['!v*']
workflow_call: {}

jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: orbit-online/upkg-install@v1
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
env:
SHELLCHECK_OPTS: -x
with:
ignore_paths: .upkg
- name: Show --help menus
run: for cmd in bin/*; do ! grep -q docopt "$cmd" || "$cmd" --help; done
env:
PKIDBURL: "https://example.org"
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1 +1 @@
/.upkg/
/.upkg
37 changes: 18 additions & 19 deletions pkidb-browser.sh → bin/pkidb-browser
Original file line number Diff line number Diff line change
@@ -1,32 +1,31 @@
#!/usr/bin/env bash
# shellcheck source-path=..

pkidb_browser() {
set -eo pipefail; shopt -s inherit_errexit
local pkgroot; pkgroot=$(dirname "$(realpath "${BASH_SOURCE[0]}")")
local pkgroot; pkgroot=$(realpath "$(dirname "$(realpath "${BASH_SOURCE[0]}")")/..")
PATH=$("$pkgroot/.upkg/.bin/path_prepend" "$pkgroot/.upkg/.bin")
source "$pkgroot/.upkg/orbit-online/records.sh/records.sh"
source "$pkgroot/common.sh"

DOC="pkidb-browser - Exclusively manage Browser CAs
Usage:
pkidb-browser FINGERPRINT...
"
# docopt parser below, refresh this parser with `docopt.sh pkidb-browser.sh`
# shellcheck disable=2016,1090,1091,2034,2154
docopt() { source "$pkgroot/.upkg/andsens/docopt.sh/docopt-lib.sh" '1.0.0' || {
ret=$?; printf -- "exit %d\n" "$ret"; exit "$ret"; }; set -e
trimmed_doc=${DOC:0:84}; usage=${DOC:47:37}; digest=a0056; shorts=(); longs=()
argcounts=(); node_0(){ value FINGERPRINT a true; }; node_1(){ oneormore 0; }
node_2(){ required 1; }; node_3(){ required 2; }; cat <<<' docopt_exit() {
[[ -n $1 ]] && printf "%s\n" "$1" >&2; printf "%s\n" "${DOC:47:37}" >&2; exit 1
}'; unset var_FINGERPRINT; parse 3 "$@"; local prefix=${DOCOPT_PREFIX:-''}
unset "${prefix}FINGERPRINT"
if declare -p var_FINGERPRINT >/dev/null 2>&1; then
eval "${prefix}"'FINGERPRINT=("${var_FINGERPRINT[@]}")'; else
eval "${prefix}"'FINGERPRINT=()'; fi; local docopt_i=1
[[ $BASH_VERSION =~ ^4.3 ]] && docopt_i=2; for ((;docopt_i>0;docopt_i--)); do
declare -p "${prefix}FINGERPRINT"; done; }
# docopt parser above, complete command for generating this parser is `docopt.sh --library='"$pkgroot/.upkg/andsens/docopt.sh/docopt-lib.sh"' pkidb-browser.sh`
# docopt parser below, refresh this parser with `docopt.sh pkidb-browser`
# shellcheck disable=2016,2086,2317,1090,1091,2034,2154
docopt() { source "$pkgroot/.upkg/docopt-lib.sh/docopt-lib.sh" '2.0.0' || {
ret=$?;printf -- "exit %d\n" "$ret";exit "$ret";};set -e;trimmed_doc=${DOC:0:84}
usage=${DOC:47:37};digest=a0056;options=();node_0(){ value FINGERPRINT a true;}
node_1(){ repeatable 0;};cat <<<' docopt_exit() { [[ -n $1 ]] && printf "%s\n" \
"$1" >&2;printf "%s\n" "${DOC:47:37}" >&2;exit 1;}';local \
varnames=(FINGERPRINT) varname;for varname in "${varnames[@]}"; do unset \
"var_$varname";done;parse 1 "$@";local p=${DOCOPT_PREFIX:-''};for varname in \
"${varnames[@]}"; do unset "$p$varname";done;if declare -p var_FINGERPRINT \
>/dev/null 2>&1; then eval $p'FINGERPRINT=("${var_FINGERPRINT[@]}")';else eval \
$p'FINGERPRINT=()';fi;eval ;local docopt_i=1;[[ $BASH_VERSION =~ ^4.3 ]] && \
docopt_i=2;for ((;docopt_i>0;docopt_i--)); do for varname in "${varnames[@]}"; \
do declare -p "$p$varname";done;done;}
# docopt parser above, complete command for generating this parser is `docopt.sh --library='"$pkgroot/.upkg/docopt-lib.sh/docopt-lib.sh"' pkidb-browser`
eval "$(docopt "$@")"
check_all_deps

Expand Down Expand Up @@ -76,7 +75,7 @@ declare -p "${prefix}FINGERPRINT"; done; }
tmp_ca_path=$(mktemp)
# shellcheck disable=2064
trap "rm '$tmp_ca_path'" EXIT
"$pkgroot/pkidb-ca.sh" "$fingerprint" > "$tmp_ca_path"
"$pkgroot/bin/pkidb-ca" "$fingerprint" > "$tmp_ca_path"
certutil -d "$nssdbpath" -A -n "$fingerprint" -t "$expected_trust" -i "$tmp_ca_path" 2> >(LOGPROGRAM=certutil tee_verbose)
changed=true
rm "$tmp_ca_path"
Expand Down
35 changes: 17 additions & 18 deletions pkidb-ca.sh → bin/pkidb-ca
Original file line number Diff line number Diff line change
@@ -1,32 +1,31 @@
#!/usr/bin/env bash
# shellcheck source-path=..

pkidb_ca() {
set -eo pipefail; shopt -s inherit_errexit
local pkgroot; pkgroot=$(dirname "$(realpath "${BASH_SOURCE[0]}")")
local pkgroot; pkgroot=$(realpath "$(dirname "$(realpath "${BASH_SOURCE[0]}")")/..")
PATH=$("$pkgroot/.upkg/.bin/path_prepend" "$pkgroot/.upkg/.bin")
source "$pkgroot/.upkg/orbit-online/records.sh/records.sh"
source "$pkgroot/common.sh"

DOC="pkidb-ca - Retrieve a CA certificate using the SHA-256 fingerprint
Usage:
pkidb-ca [--dest=CAPATH] FINGERPRINT
"
# docopt parser below, refresh this parser with `docopt.sh pkidb-ca.sh`
# shellcheck disable=2016,1090,1091,2034
docopt() { source "$pkgroot/.upkg/andsens/docopt.sh/docopt-lib.sh" '1.0.0' || {
ret=$?; printf -- "exit %d\n" "$ret"; exit "$ret"; }; set -e
trimmed_doc=${DOC:0:112}; usage=${DOC:67:45}; digest=ca1f7; shorts=('')
longs=(--dest); argcounts=(1); node_0(){ value __dest 0; }; node_1(){
value FINGERPRINT a; }; node_2(){ optional 0; }; node_3(){ required 2 1; }
node_4(){ required 3; }; cat <<<' docopt_exit() {
[[ -n $1 ]] && printf "%s\n" "$1" >&2; printf "%s\n" "${DOC:67:45}" >&2; exit 1
}'; unset var___dest var_FINGERPRINT; parse 4 "$@"
local prefix=${DOCOPT_PREFIX:-''}; unset "${prefix}__dest" \
"${prefix}FINGERPRINT"; eval "${prefix}"'__dest=${var___dest:-}'
eval "${prefix}"'FINGERPRINT=${var_FINGERPRINT:-}'; local docopt_i=1
[[ $BASH_VERSION =~ ^4.3 ]] && docopt_i=2; for ((;docopt_i>0;docopt_i--)); do
declare -p "${prefix}__dest" "${prefix}FINGERPRINT"; done; }
# docopt parser above, complete command for generating this parser is `docopt.sh --library='"$pkgroot/.upkg/andsens/docopt.sh/docopt-lib.sh"' pkidb-ca.sh`
# docopt parser below, refresh this parser with `docopt.sh pkidb-ca`
# shellcheck disable=2016,2086,2317,1090,1091,2034
docopt() { source "$pkgroot/.upkg/docopt-lib.sh/docopt-lib.sh" '2.0.0' || {
ret=$?;printf -- "exit %d\n" "$ret";exit "$ret";};set -e
trimmed_doc=${DOC:0:112};usage=${DOC:67:45};digest=ca1f7;options=(' --dest 1')
node_0(){ value __dest 0;};node_1(){ value FINGERPRINT a;};node_2(){ optional 0
};node_3(){ sequence 2 1;};cat <<<' docopt_exit() { [[ -n $1 ]] && printf \
"%s\n" "$1" >&2;printf "%s\n" "${DOC:67:45}" >&2;exit 1;}';local \
varnames=(__dest FINGERPRINT) varname;for varname in "${varnames[@]}"; do
unset "var_$varname";done;parse 3 "$@";local p=${DOCOPT_PREFIX:-''};for \
varname in "${varnames[@]}"; do unset "$p$varname";done;eval $p'__dest=${var__'\
'_dest:-};'$p'FINGERPRINT=${var_FINGERPRINT:-};';local docopt_i=1;[[ \
$BASH_VERSION =~ ^4.3 ]] && docopt_i=2;for ((;docopt_i>0;docopt_i--)); do for \
varname in "${varnames[@]}"; do declare -p "$p$varname";done;done;}
# docopt parser above, complete command for generating this parser is `docopt.sh --library='"$pkgroot/.upkg/docopt-lib.sh/docopt-lib.sh"' pkidb-ca`
eval "$(docopt "$@")"
check_all_deps

Expand Down
45 changes: 22 additions & 23 deletions pkidb-client-krl.sh → bin/pkidb-client-krl
Original file line number Diff line number Diff line change
@@ -1,36 +1,33 @@
#!/usr/bin/env bash
# shellcheck source-path=..

pkidb_client_krl() {
set -eo pipefail; shopt -s inherit_errexit
local pkgroot; pkgroot=$(dirname "$(realpath "${BASH_SOURCE[0]}")")
local pkgroot; pkgroot=$(realpath "$(dirname "$(realpath "${BASH_SOURCE[0]}")")/..")
PATH=$("$pkgroot/.upkg/.bin/path_prepend" "$pkgroot/.upkg/.bin")
source "$pkgroot/.upkg/orbit-online/records.sh/records.sh"
source "$pkgroot/.upkg/orbit-online/collections.sh/collections.sh"
source "$pkgroot/common.sh"

DOC="pkidb-client-krl - Retrieve a CMS signed KRL and verify it against CAs
Usage:
pkidb-client-krl --dest=KRLPATH KRLNAME CAFILE...
"
# docopt parser below, refresh this parser with `docopt.sh pkidb-client-krl.sh`
# shellcheck disable=2016,1090,1091,2034,2154
docopt() { source "$pkgroot/.upkg/andsens/docopt.sh/docopt-lib.sh" '1.0.0' || {
ret=$?; printf -- "exit %d\n" "$ret"; exit "$ret"; }; set -e
trimmed_doc=${DOC:0:129}; usage=${DOC:71:58}; digest=67a0d; shorts=('')
longs=(--dest); argcounts=(1); node_0(){ value __dest 0; }; node_1(){
value KRLNAME a; }; node_2(){ value CAFILE a true; }; node_3(){ oneormore 2; }
node_4(){ required 0 1 3; }; node_5(){ required 4; }; cat <<<' docopt_exit() {
[[ -n $1 ]] && printf "%s\n" "$1" >&2; printf "%s\n" "${DOC:71:58}" >&2; exit 1
}'; unset var___dest var_KRLNAME var_CAFILE; parse 5 "$@"
local prefix=${DOCOPT_PREFIX:-''}; unset "${prefix}__dest" "${prefix}KRLNAME" \
"${prefix}CAFILE"; eval "${prefix}"'__dest=${var___dest:-}'
eval "${prefix}"'KRLNAME=${var_KRLNAME:-}'
if declare -p var_CAFILE >/dev/null 2>&1; then
eval "${prefix}"'CAFILE=("${var_CAFILE[@]}")'; else eval "${prefix}"'CAFILE=()'
fi; local docopt_i=1; [[ $BASH_VERSION =~ ^4.3 ]] && docopt_i=2
for ((;docopt_i>0;docopt_i--)); do declare -p "${prefix}__dest" \
"${prefix}KRLNAME" "${prefix}CAFILE"; done; }
# docopt parser above, complete command for generating this parser is `docopt.sh --library='"$pkgroot/.upkg/andsens/docopt.sh/docopt-lib.sh"' pkidb-client-krl.sh`
# docopt parser below, refresh this parser with `docopt.sh pkidb-client-krl`
# shellcheck disable=2016,2086,2317,1090,1091,2034,2154
docopt() { source "$pkgroot/.upkg/docopt-lib.sh/docopt-lib.sh" '2.0.0' || {
ret=$?;printf -- "exit %d\n" "$ret";exit "$ret";};set -e
trimmed_doc=${DOC:0:129};usage=${DOC:71:58};digest=67a0d;options=(' --dest 1')
node_0(){ value __dest 0;};node_1(){ value KRLNAME a;};node_2(){ value CAFILE \
a true;};node_3(){ repeatable 2;};node_4(){ sequence 0 1 3;};cat <<<' \
docopt_exit() { [[ -n $1 ]] && printf "%s\n" "$1" >&2;printf "%s\n" \
"${DOC:71:58}" >&2;exit 1;}';local varnames=(__dest KRLNAME CAFILE) varname
for varname in "${varnames[@]}"; do unset "var_$varname";done;parse 4 "$@"
local p=${DOCOPT_PREFIX:-''};for varname in "${varnames[@]}"; do unset \
"$p$varname";done;if declare -p var_CAFILE >/dev/null 2>&1; then eval $p'CAFIL'\
'E=("${var_CAFILE[@]}")';else eval $p'CAFILE=()';fi;eval $p'__dest=${var___des'\
't:-};'$p'KRLNAME=${var_KRLNAME:-};';local docopt_i=1;[[ $BASH_VERSION =~ ^4.3 \
]] && docopt_i=2;for ((;docopt_i>0;docopt_i--)); do for varname in \
"${varnames[@]}"; do declare -p "$p$varname";done;done;}
# docopt parser above, complete command for generating this parser is `docopt.sh --library='"$pkgroot/.upkg/docopt-lib.sh/docopt-lib.sh"' pkidb-client-krl`
eval "$(docopt "$@")"
check_all_deps

Expand All @@ -39,7 +36,7 @@ for ((;docopt_i>0;docopt_i--)); do declare -p "${prefix}__dest" \
# e.g. "warning: command substitution: ignored null byte in input"

# shellcheck disable=2154
local pem pem_dest=${__dest}.pem
local pem_dest=${__dest}.pem
# shellcheck disable=2153
if [[ -e $__dest ]] && ! check_krlcms "${CAFILE[@]}" <"$pem_dest"; then
info 'Current KRL invalid, deleting'
Expand All @@ -52,6 +49,7 @@ for ((;docopt_i>0;docopt_i--)); do declare -p "${prefix}__dest" \
# shellcheck disable=2154
has_changed "$url" "$pem_dest" || chg=$?

local pem krlb64
if [[ $chg = 0 ]]; then
pem=$(download "$url") || fatal $? "Unable to fetch the KRL '%s'" "$KRLNAME"
krlb64=$(check_krlcms "${CAFILE[@]}" <<<"$pem")
Expand All @@ -74,6 +72,7 @@ check_krlcms() {
debug "Verifying the KRL using CAs at '%s'" "$(join_by , "${capaths[@]}")"
if out=$(openssl cms -verify -inform PEM -CAfile <(cat "${capaths[@]}") -certfile <(cat "${capaths[@]}") -binary | base64); then
verbose 'The KRL is valid'
printf "%s" "$out"
else
ret=$?
error "Unable to verify the KRL CMS signature with CAs at '%s'. Error was: %s" "$(join_by , "${capaths[@]}")" "$out"
Expand Down
41 changes: 19 additions & 22 deletions pkidb-crl.sh → bin/pkidb-crl
Original file line number Diff line number Diff line change
@@ -1,36 +1,33 @@
#!/usr/bin/env bash
# shellcheck source-path=..

pkidb_crl() {
set -eo pipefail; shopt -s inherit_errexit
local pkgroot; pkgroot=$(dirname "$(realpath "${BASH_SOURCE[0]}")")
local pkgroot; pkgroot=$(realpath "$(dirname "$(realpath "${BASH_SOURCE[0]}")")/..")
PATH=$("$pkgroot/.upkg/.bin/path_prepend" "$pkgroot/.upkg/.bin")
source "$pkgroot/.upkg/orbit-online/records.sh/records.sh"
source "$pkgroot/.upkg/orbit-online/collections.sh/collections.sh"
source "$pkgroot/common.sh"

DOC="pkidb-crl - Retrieve a CRL and verify it against CAs
Usage:
pkidb-crl --dest=CRLPATH CRLNAME CAFILE...
"
# docopt parser below, refresh this parser with `docopt.sh pkidb-crl.sh`
# shellcheck disable=2016,1090,1091,2034,2154
docopt() { source "$pkgroot/.upkg/andsens/docopt.sh/docopt-lib.sh" '1.0.0' || {
ret=$?; printf -- "exit %d\n" "$ret"; exit "$ret"; }; set -e
trimmed_doc=${DOC:0:104}; usage=${DOC:53:51}; digest=8e2d5; shorts=('')
longs=(--dest); argcounts=(1); node_0(){ value __dest 0; }; node_1(){
value CRLNAME a; }; node_2(){ value CAFILE a true; }; node_3(){ oneormore 2; }
node_4(){ required 0 1 3; }; node_5(){ required 4; }; cat <<<' docopt_exit() {
[[ -n $1 ]] && printf "%s\n" "$1" >&2; printf "%s\n" "${DOC:53:51}" >&2; exit 1
}'; unset var___dest var_CRLNAME var_CAFILE; parse 5 "$@"
local prefix=${DOCOPT_PREFIX:-''}; unset "${prefix}__dest" "${prefix}CRLNAME" \
"${prefix}CAFILE"; eval "${prefix}"'__dest=${var___dest:-}'
eval "${prefix}"'CRLNAME=${var_CRLNAME:-}'
if declare -p var_CAFILE >/dev/null 2>&1; then
eval "${prefix}"'CAFILE=("${var_CAFILE[@]}")'; else eval "${prefix}"'CAFILE=()'
fi; local docopt_i=1; [[ $BASH_VERSION =~ ^4.3 ]] && docopt_i=2
for ((;docopt_i>0;docopt_i--)); do declare -p "${prefix}__dest" \
"${prefix}CRLNAME" "${prefix}CAFILE"; done; }
# docopt parser above, complete command for generating this parser is `docopt.sh --library='"$pkgroot/.upkg/andsens/docopt.sh/docopt-lib.sh"' pkidb-crl.sh`
# docopt parser below, refresh this parser with `docopt.sh pkidb-crl`
# shellcheck disable=2016,2086,2317,1090,1091,2034,2154
docopt() { source "$pkgroot/.upkg/docopt-lib.sh/docopt-lib.sh" '2.0.0' || {
ret=$?;printf -- "exit %d\n" "$ret";exit "$ret";};set -e
trimmed_doc=${DOC:0:104};usage=${DOC:53:51};digest=8e2d5;options=(' --dest 1')
node_0(){ value __dest 0;};node_1(){ value CRLNAME a;};node_2(){ value CAFILE \
a true;};node_3(){ repeatable 2;};node_4(){ sequence 0 1 3;};cat <<<' \
docopt_exit() { [[ -n $1 ]] && printf "%s\n" "$1" >&2;printf "%s\n" \
"${DOC:53:51}" >&2;exit 1;}';local varnames=(__dest CRLNAME CAFILE) varname
for varname in "${varnames[@]}"; do unset "var_$varname";done;parse 4 "$@"
local p=${DOCOPT_PREFIX:-''};for varname in "${varnames[@]}"; do unset \
"$p$varname";done;if declare -p var_CAFILE >/dev/null 2>&1; then eval $p'CAFIL'\
'E=("${var_CAFILE[@]}")';else eval $p'CAFILE=()';fi;eval $p'__dest=${var___des'\
't:-};'$p'CRLNAME=${var_CRLNAME:-};';local docopt_i=1;[[ $BASH_VERSION =~ ^4.3 \
]] && docopt_i=2;for ((;docopt_i>0;docopt_i--)); do for varname in \
"${varnames[@]}"; do declare -p "$p$varname";done;done;}
# docopt parser above, complete command for generating this parser is `docopt.sh --library='"$pkgroot/.upkg/docopt-lib.sh/docopt-lib.sh"' pkidb-crl`
eval "$(docopt "$@")"
check_all_deps

Expand Down
56 changes: 56 additions & 0 deletions bin/pkidb-k8s-secrets
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
#!/usr/bin/env bash
# shellcheck source-path=..

pkidb_k8s_secrets() {
set -eo pipefail; shopt -s inherit_errexit
local pkgroot; pkgroot=$(realpath "$(dirname "$(realpath "${BASH_SOURCE[0]}")")/..")
PATH=$("$pkgroot/.upkg/.bin/path_prepend" "$pkgroot/.upkg/.bin")
source "$pkgroot/common.sh"
DOC="pkidb-k8s-secrets - Retrieve CAs via fingerprint and create k8s secrets from them
Usage:
pkidb-k8s-secrets [--namespace=NS] FINGERPRINT...
Notes:
* Make sure to specify \$PKIDBURL
* The namespace can also be specified via \$POD_NAMESPACE
"
# docopt parser below, refresh this parser with `docopt.sh pkidb-k8s-secrets`
# shellcheck disable=2016,2086,2317,1090,1091,2034,2154
docopt() { source "$pkgroot/.upkg/docopt-lib.sh/docopt-lib.sh" '2.0.0' || {
ret=$?;printf -- "exit %d\n" "$ret";exit "$ret";};set -e
trimmed_doc=${DOC:0:238};usage=${DOC:82:58};digest=8eced;options=(' --namespac'\
'e 1');node_0(){ value __namespace 0;};node_1(){ value FINGERPRINT a true;}
node_2(){ optional 0;};node_3(){ repeatable 1;};node_4(){ sequence 2 3;};cat \
<<<' docopt_exit() { [[ -n $1 ]] && printf "%s\n" "$1" >&2;printf "%s\n" \
"${DOC:82:58}" >&2;exit 1;}';local varnames=(__namespace FINGERPRINT) varname
for varname in "${varnames[@]}"; do unset "var_$varname";done;parse 4 "$@"
local p=${DOCOPT_PREFIX:-''};for varname in "${varnames[@]}"; do unset \
"$p$varname";done;if declare -p var_FINGERPRINT >/dev/null 2>&1; then eval \
$p'FINGERPRINT=("${var_FINGERPRINT[@]}")';else eval $p'FINGERPRINT=()';fi;eval \
$p'__namespace=${var___namespace:-};';local docopt_i=1;[[ $BASH_VERSION =~ \
^4.3 ]] && docopt_i=2;for ((;docopt_i>0;docopt_i--)); do for varname in \
"${varnames[@]}"; do declare -p "$p$varname";done;done;}
# docopt parser above, complete command for generating this parser is `docopt.sh --library='"$pkgroot/.upkg/docopt-lib.sh/docopt-lib.sh"' pkidb-k8s-secrets`
eval "$(docopt "$@")"

# shellcheck disable=2154
local fingerprint namespace=$__namespace cert secret_name
[[ -n $namespace ]] || namespace=${POD_NAMESPACE:?"Either --namespace or \$POD_NAMESPACE must be specified"}
# shellcheck disable=2153
for fingerprint in "${FINGERPRINT[@]}"; do
secret_name=${fingerprint,,}
cert=$("$pkgroot/bin/pkidb-ca" "$fingerprint")
printf '
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: %s
namespace: %s
data:
ca.crt: %s
' "$secret_name" "$namespace" "$(base64 -w0 <<<"$cert")" | kubectl apply -f - | LOGPROGRAM=kubectl tee_info
done
}

pkidb_k8s_secrets "$@"
Loading

0 comments on commit 8efa993

Please sign in to comment.