xref: /aosp_15_r20/external/tink/kokoro/testutils/copy_credentials.sh (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1#!/bin/bash
2
3# Copyright 2021 Google LLC
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9#      http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16####################################################################################
17
18# This script takes credentials injected into the environment via the Kokoro job
19# configuration and copies them to the expected locations.
20#
21# The second argument indicates whether all KMS service credentials should be
22# copied (all) or only credentials for a specific KMS service (gcp|aws).
23#
24# Usage insructions:
25#
26#   ./kokoro/testutils/copy_credentials.sh <testdata dir> <all|aws|gcp>
27#
28
29TESTDATA_DIR=
30KMS_SERVICE=
31
32#######################################
33# Process command line arguments.
34#
35# Globals:
36#   TESTDATA_DIR
37#   KMS_SERVICE
38#######################################
39process_args() {
40  TESTDATA_DIR="$1"
41  readonly TESTDATA_DIR
42  KMS_SERVICE="$2"
43  readonly KMS_SERVICE
44
45  if [[ -z "${TESTDATA_DIR}" ]]; then
46    echo "Testdata directory must be set" >&2
47    exit 1
48  fi
49
50  if [[ ! -d "${TESTDATA_DIR}" ]]; then
51    echo "Testdata directory \"${TESTDATA_DIR}\" doesn't exist" >&2
52    exit 1
53  fi
54
55  if [[ -z "${KMS_SERVICE}" ]]; then
56    echo "KMS service must be specified" >&2
57    exit 1
58  fi
59}
60
61#######################################
62# Copy GCP credentials.
63#
64# Globals:
65#   TESTDATA_DIR
66#   TINK_TEST_SERVICE_ACCOUNT
67#######################################
68copy_gcp_credentials() {
69  if [[ -z "${TINK_TEST_SERVICE_ACCOUNT}" ]]; then
70    echo "ERROR: TINK_TEST_SERVICE_ACCOUNT is expected to be set" >&2
71    exit 1
72  fi
73  cp "${TINK_TEST_SERVICE_ACCOUNT}" "${TESTDATA_DIR}/gcp/credential.json"
74}
75
76#######################################
77# Copy AWS credentials.
78#
79# Globals:
80#   TESTDATA_DIR
81#   AWS_TINK_TEST_SERVICE_ACCOUNT
82#######################################
83copy_aws_credentials() {
84  if [[ -z "${AWS_TINK_TEST_SERVICE_ACCOUNT}" ]]; then
85    echo "ERROR: AWS_TINK_TEST_SERVICE_ACCOUNT is expected to be set" >&2
86    exit 1
87  fi
88
89  # Create the different format for the AWS credentials
90  local -r aws_key_id="AKIATNYZMJOHVMN7MSYH"
91  local -r aws_key="$(cat ${AWS_TINK_TEST_SERVICE_ACCOUNT})"
92
93  cat <<END > "${TESTDATA_DIR}/aws/credentials.ini"
94[default]
95aws_access_key_id = ${aws_key_id}
96aws_secret_access_key = ${aws_key}
97END
98
99  cat <<END > "${TESTDATA_DIR}/aws/credentials.cred"
100[default]
101accessKey = ${aws_key_id}
102secretKey = ${aws_key}
103END
104
105  cat <<END > "${TESTDATA_DIR}/aws/credentials.csv"
106User name,Password,Access key ID,Secret access key,Console login link
107tink-user1,,${aws_key_id},${aws_key},https://235739564943.signin.aws.amazon.com/console
108END
109}
110
111main() {
112  if [[ -z "${KOKORO_ROOT}" ]]; then
113    echo "Not running on Kokoro, skipping copying credentials."
114    exit 0
115  fi
116
117  process_args "$@"
118
119  case "${KMS_SERVICE}" in
120    aws)
121      copy_aws_credentials
122      ;;
123    gcp)
124      copy_gcp_credentials
125      ;;
126    all)
127      copy_aws_credentials
128      copy_gcp_credentials
129      ;;
130    *)
131      echo "Invalid KMS service \"${KMS_SERVICE}\"" >&2
132      exit 1
133  esac
134}
135
136main "$@"
137