proxy

#!/bin/bash

VLT_CONT_NAME=vault-proxy

usage(){
        printf "Usage:\n"
        printf "\t build\t\t: Build Vault IAM auth proxy container specified by image name.\n"
        printf "\t down\t\t: Teardown Vault IAM auth proxy.\n"
        printf "\t enter\t\t: Enter Vault IAM auth proxy.\n"
        printf "\t health\t\t: Run health check.\n"
        printf "\t read\t\t: Read secrets for keys configured in /etc/kv-data.json.\n"
        printf "\t run\t\t: Setup BATS and run tests.\n"
        printf "\t up\t\t: Spin up Vault proxy specified by server type (e.g. ./proxy up [stub]).\n"
        printf "\t help\t\t: Show this help.\n"
}

build_image(){
        local image_name=${1:-yamaszone/vault-proxy:latest}
        docker build --no-cache -t "$image_name" .
}

spinup_client(){
        local server_type="$1"
        [[ -z "$VAULT_ADDR" ]] && printf "ERROR: VAULT_ADDR not set.\n" && exit 1
        [[ -z "$VAULT_AUTH_ROLE" ]] && printf "ERROR: VAULT_AUTH_ROLE not set.\n" && exit 1
        [[ -z "$VAULT_AUTH_PROVIDER" ]] && printf "ERROR: VAULT_AUTH_PROVIDER not set.\n" && exit 1

        docker rm -f "$VLT_CONT_NAME"
	if [[ "$server_type" == "stub" ]]; then
		docker run \
			-d \
			-e VAULT_ADDR="$VAULT_ADDR" \
			-e VAULT_IS_STUB="yes" \
			-e VAULT_AUTH_ROLE="$VAULT_AUTH_ROLE" \
			-e VAULT_AUTH_PROVIDER="$VAULT_AUTH_PROVIDER" \
			--name "$VLT_CONT_NAME" \
			-v $(pwd)/kv-data.json.sample:/etc/vault/kv-data.json \
			-p 8888:8888 \
			yamaszone/vault-proxy:latest
	else
		docker run \
			-d \
			-e VAULT_ADDR="$VAULT_ADDR" \
			-e VAULT_AUTH_ROLE="$VAULT_AUTH_ROLE" \
			-e VAULT_AUTH_PROVIDER="$VAULT_AUTH_PROVIDER" \
			--name "$VLT_CONT_NAME" \
			-v $(pwd)/kv-data.json.sample:/etc/vault/kv-data.json \
			-p 8888:8888 \
			yamaszone/vault-proxy:latest
	fi
}

if [[ -z "$1" ]];then
        usage
        exit 1
fi

case "$1" in
        build)
                build_image $2
        ;;
        down)
                docker rm -f "$VLT_CONT_NAME"
                ;;
        enter)
                docker exec -it "$VLT_CONT_NAME" sh
                ;;
        up)
                spinup_client $2
                ;;
        read)
                docker exec "$VLT_CONT_NAME" curl -sS http://localhost:8888/v1/secrets | jq .
                ;;
        health)
                docker exec "$VLT_CONT_NAME" curl -v -sS http://localhost:8888/v1/healthz
                ;;
        run)
                ./run "${@:2}"
                ;;
        * | usage)
                usage
                ;;
esac