-
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathgen_bot_db.sh
executable file
·191 lines (157 loc) · 5.31 KB
/
gen_bot_db.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
#!/usr/bin/env bash
# Bash strict-mode
set -o errexit
set -o nounset
set -o pipefail
LOCAL_CONFIG="${HOME}/.cbi/config"
if [[ ! -f "${LOCAL_CONFIG}" ]]; then
echo "ERROR: File '$(readlink -f "${LOCAL_CONFIG}")' does not exists"
echo "Create one to configure the location of the password store. Example:"
echo '{"password-store": {"cbi-dir": "~/.password-store/cbi"}}'
fi
PASSWORD_STORE_DIR="$(jq -r '.["password-store"]["cbi-dir"]' "${LOCAL_CONFIG}")"
if [[ -z "${PASSWORD_STORE_DIR}" ]] || [[ "${PASSWORD_STORE_DIR}" == "null" ]]; then
printf "ERROR: 'cbi-dir' must be set in %s.\n" "$(readlink -f "${LOCAL_CONFIG}")"
exit 1
fi
PASSWORD_STORE_DIR="$(readlink -f "${PASSWORD_STORE_DIR/#~\//${HOME}/}")"
export PASSWORD_STORE_DIR
SCRIPT_NAME="$(basename "${0}")"
INPUT_FILE="${1:-}"
usage() {
printf "Usage: %s INPUT_FILE\n" "$SCRIPT_NAME"
printf "\t%-16s input file.\n" "INPUT_FILE"
}
verify_inputs() {
# check that input file exists
if [ -z "${INPUT_FILE:-}" ]; then
printf "ERROR: make sure an input file is given.\n"
usage
exit 1
fi
if [ ! -f "${INPUT_FILE:-}" ]; then
printf "ERROR: '%s' is not a regular file or does not exist.\n" "${INPUT_FILE}"
usage
exit 1
fi
}
request_access_token() {
local client_id client_secret
client_id="$(pass api.eclipse.org/client_id)"
client_secret="$(pass api.eclipse.org/client_secret)"
curl -sSLf --request POST \
--url 'https://accounts.eclipse.org/oauth2/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data 'grant_type=client_credentials' \
--data "client_id=${client_id}" \
--data "client_secret=${client_secret}" \
--data 'scope=eclipsefdn_view_all_profiles' | jq -r '.access_token'
}
query_email_by_user_id() {
local user_id="$1"
local user_profile
user_profile="$(mktemp)"
if curl -sLf --request GET \
--retry 8 \
--output "${user_profile}" \
--url "https://api.eclipse.org/account/profile/${user_id}" \
--header "Authorization: Bearer ${ACCESS_TOKEN}" >&2 ; then
jq -r '.mail' <"${user_profile}"
else
>&2 echo "DEBUG: unable to retrieve user profile from 'https://api.eclipse.org/account/profile/${user_id}'"
fi
rm -f "${user_profile}"
}
passEntry() {
local entry="${1}"
local passContent
passContent="$(mktemp)"
local retry=0
while ! pass "${entry}" > "${passContent}" 2>/dev/null && [[ ${retry} -lt 8 ]]; do
retry=$((retry++))
done
if [[ -s "${passContent}" ]]; then
cat "${passContent}"
else
>&2 echo "ERROR: unable to retrieve pass entry '${entry}'"
fi
rm -f "${passContent}"
}
printSiteIdentityJson() {
local projectId="${1}"
local siteName="${2}"
local pathPrefix="bots/${projectId}/${siteName}"
if [[ -d "${PASSWORD_STORE_DIR}/${pathPrefix}" ]]; then
printf '"%s": {' "${siteName}"
if [[ -f "${PASSWORD_STORE_DIR}/${pathPrefix}/username.gpg" ]]; then
jsonKV "username" "$(passEntry "${pathPrefix}/username")"
fi
if [[ -f "${PASSWORD_STORE_DIR}/${pathPrefix}/email.gpg" ]]; then
jsonKV "email" "$(passEntry "${pathPrefix}/email")"
fi
printf "},"
fi
}
jsonKVInt() {
printf '"%s": %s,' "${1}" "${2}"
}
jsonKV() {
printf '"%s": "%s",' "${1}" "${2}"
}
printProjectJson() {
local id="${1}"
local projectId="${2}"
local projectShortName="${projectId##*.}"
printf "{"
jsonKVInt "id" "${id}"
jsonKV "projectId" "${projectId}"
jsonKV "username" "genie.${projectShortName}"
local ldap_email
ldap_email="$(query_email_by_user_id "genie.${projectShortName}" | tr -d "[:space:]")"
if [[ -n "${ldap_email:-}" ]]; then
jsonKV "email" "${ldap_email}"
else
>&2 echo "WARNING: No LDAP email found for project '${projectId}'."
fi
printSiteIdentityJson "${projectId}" "github.com"
printSiteIdentityJson "${projectId}" "gitlab.eclipse.org"
printSiteIdentityJson "${projectId}" "oss.sonatype.org"
printSiteIdentityJson "${projectId}" "docker.com"
printf "}"
}
regenFromRemoteData() {
local inputFile="${1}"
local botId="${2}"
local projectId
projectId=$(jq -r '.[]|select(.id=='"${botId}"').projectId' < "${inputFile}")
local projectPath="${PASSWORD_STORE_DIR}/bots/${projectId:-undefined}"
if [ -d "${projectPath}" ]; then
>&2 echo "INFO: Re-generating json for bot ${botId}:${projectId}"
printProjectJson "${botId}" "${projectId}"
printf ",\n"
else
>&2 echo "WARNING: Bot does not exist in pass ${botId}:${projectPath}"
fi
}
verify_inputs
ACCESS_TOKEN="$(request_access_token)"
echo "["
export ACCESS_TOKEN
export -f regenFromRemoteData printProjectJson printSiteIdentityJson passEntry jsonKV jsonKVInt query_email_by_user_id
botId=$(jq -r '[.[]|.id]|max' < "${INPUT_FILE}")
# shellcheck disable=SC2094
jq -r '.[]|.id' < "${INPUT_FILE}" | \
SHELL=$(type -p bash) parallel --no-notice -j200% regenFromRemoteData "${INPUT_FILE}"
for projectPath in "${PASSWORD_STORE_DIR}/bots"/*; do
projectId="${projectPath##*/}"
if [ -z "$(jq -r '.[]|select(.projectId=="'"${projectId}"'")' < "${INPUT_FILE}")" ]; then
botId=$((botId+1))
>&2 echo "INFO: New project detected. Adding it to DB with bot ${botId}:${projectId}"
printProjectJson "${botId}" "${projectId}"
printf ",\n"
else
>&2 echo "DEBUG: No need to create new entry for project already in DB: ${projectId}"
fi
done
echo "]"
>&2 echo "INFO: Re-generated all bots!"