-
Notifications
You must be signed in to change notification settings - Fork 8
/
getConnections.sh
executable file
·93 lines (80 loc) · 3.23 KB
/
getConnections.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#!/bin/bash
#
# shellcheck disable=SC2207
# SC2207: Prefer mapfile or read -a to split command output (or quote to avoid splitting).
# Disabled because we want to split on newlines from deployment output
#
# getConnections.sh - retrieves output from a mockSpacestation.bicep deployment
# and grants the current user the 'get list' KeyVault secrets access policies
# and writes the private key to a local file
# and prints SSH commands to connect to the virtual machines
set -e
error_log() {
local message="$1"
echo "ERROR: $1!" 1>&2;
}
info_log() {
local message="$1"
echo "INFO: $message..."
}
# Check for Azure CLI
if ! command -v az &> /dev/null; then
error_log "az could not be found. This script requires the Azure CLI."
info_log "see https://docs.microsoft.com/en-us/cli/azure/install-azure-cli for installation instructions."
exit 1
fi
# parse arguments
if [[ "$#" -lt 2 ]]; then
echo "getConnections.sh: retrieves output from a mockSpacestation.bicep deployment and grants the current user the 'get list' KeyVault secrets access policies, writes the private key to a local file, and prints SSH commands to connect to the virtual machines"
echo "usage: getConnections.sh <resourceGroupName> <deploymentName>"
exit 1
fi
resourceGroupName="$1"
deploymentName="$2"
privateKeyFileName="mockSpacestationPrivateKey"
userObjectId=$(az ad signed-in-user show --query objectId --output tsv)
# get deployment output
info_log "Querying outputs from deployment $deploymentName into resource group $resourceGroupName"
outputs=($(az deployment group show \
--name "$deploymentName" \
--resource-group "$resourceGroupName" \
--query \
"[ \
properties.outputs.groundstationAdminUsername.value, \
properties.outputs.groundstationHostName.value, \
properties.outputs.keyvaultName.value, \
properties.outputs.privateKeySecretName.value, \
properties.outputs.spacestationAdminUsername.value, \
properties.outputs.spacestationHostName.value \
]" \
--output "tsv"))
# assign values from outputs
groundstationAdminUsername=${outputs[0]}
groundstationHostName=${outputs[1]}
keyvaultName=${outputs[2]}
privateKeySecretName=${outputs[3]}
spacestationAdminUsername=${outputs[4]}
spacestationHostName=${outputs[5]}
# add the secret permissions for the user
info_log "Adding secret policies for current user $userObjectId"
az keyvault set-policy \
--name "$keyvaultName" \
--secret-permissions get list \
--object-id "$userObjectId" \
--only-show-errors \
--output "none"
# write the private key to the specified file
info_log "Writing $privateKeySecretName to file $privateKeyFileName"
rm -f "$privateKeyFileName"
az keyvault secret show \
--vault-name "$keyvaultName" \
--name "$privateKeySecretName" \
--query "value" \
--output "tsv" >> "$privateKeyFileName"
# set the perms on the private key
info_log "Setting permissions on $privateKeySecretName to allow SSH"
chmod 600 "$privateKeyFileName"
# echo out the SSH command
info_log "Success! Private key written to ./$privateKeyFileName. Run these commands to SSH into your machines"
echo "ssh -i $privateKeyFileName $groundstationAdminUsername@$groundstationHostName"
echo "ssh -i $privateKeyFileName $spacestationAdminUsername@$spacestationHostName"