1*e7b1675dSTing-Kang Chang#!/bin/bash 2*e7b1675dSTing-Kang Chang 3*e7b1675dSTing-Kang Chang# Copyright 2021 Google LLC 4*e7b1675dSTing-Kang Chang# 5*e7b1675dSTing-Kang Chang# Licensed under the Apache License, Version 2.0 (the "License"); 6*e7b1675dSTing-Kang Chang# you may not use this file except in compliance with the License. 7*e7b1675dSTing-Kang Chang# You may obtain a copy of the License at 8*e7b1675dSTing-Kang Chang# 9*e7b1675dSTing-Kang Chang# http://www.apache.org/licenses/LICENSE-2.0 10*e7b1675dSTing-Kang Chang# 11*e7b1675dSTing-Kang Chang# Unless required by applicable law or agreed to in writing, software 12*e7b1675dSTing-Kang Chang# distributed under the License is distributed on an "AS IS" BASIS, 13*e7b1675dSTing-Kang Chang# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14*e7b1675dSTing-Kang Chang# See the License for the specific language governing permissions and 15*e7b1675dSTing-Kang Chang# limitations under the License. 16*e7b1675dSTing-Kang Chang#################################################################################### 17*e7b1675dSTing-Kang Chang 18*e7b1675dSTing-Kang Chang# This script takes credentials injected into the environment via the Kokoro job 19*e7b1675dSTing-Kang Chang# configuration and copies them to the expected locations. 20*e7b1675dSTing-Kang Chang# 21*e7b1675dSTing-Kang Chang# The second argument indicates whether all KMS service credentials should be 22*e7b1675dSTing-Kang Chang# copied (all) or only credentials for a specific KMS service (gcp|aws). 23*e7b1675dSTing-Kang Chang# 24*e7b1675dSTing-Kang Chang# Usage insructions: 25*e7b1675dSTing-Kang Chang# 26*e7b1675dSTing-Kang Chang# ./kokoro/testutils/copy_credentials.sh <testdata dir> <all|aws|gcp> 27*e7b1675dSTing-Kang Chang# 28*e7b1675dSTing-Kang Chang 29*e7b1675dSTing-Kang ChangTESTDATA_DIR= 30*e7b1675dSTing-Kang ChangKMS_SERVICE= 31*e7b1675dSTing-Kang Chang 32*e7b1675dSTing-Kang Chang####################################### 33*e7b1675dSTing-Kang Chang# Process command line arguments. 34*e7b1675dSTing-Kang Chang# 35*e7b1675dSTing-Kang Chang# Globals: 36*e7b1675dSTing-Kang Chang# TESTDATA_DIR 37*e7b1675dSTing-Kang Chang# KMS_SERVICE 38*e7b1675dSTing-Kang Chang####################################### 39*e7b1675dSTing-Kang Changprocess_args() { 40*e7b1675dSTing-Kang Chang TESTDATA_DIR="$1" 41*e7b1675dSTing-Kang Chang readonly TESTDATA_DIR 42*e7b1675dSTing-Kang Chang KMS_SERVICE="$2" 43*e7b1675dSTing-Kang Chang readonly KMS_SERVICE 44*e7b1675dSTing-Kang Chang 45*e7b1675dSTing-Kang Chang if [[ -z "${TESTDATA_DIR}" ]]; then 46*e7b1675dSTing-Kang Chang echo "Testdata directory must be set" >&2 47*e7b1675dSTing-Kang Chang exit 1 48*e7b1675dSTing-Kang Chang fi 49*e7b1675dSTing-Kang Chang 50*e7b1675dSTing-Kang Chang if [[ ! -d "${TESTDATA_DIR}" ]]; then 51*e7b1675dSTing-Kang Chang echo "Testdata directory \"${TESTDATA_DIR}\" doesn't exist" >&2 52*e7b1675dSTing-Kang Chang exit 1 53*e7b1675dSTing-Kang Chang fi 54*e7b1675dSTing-Kang Chang 55*e7b1675dSTing-Kang Chang if [[ -z "${KMS_SERVICE}" ]]; then 56*e7b1675dSTing-Kang Chang echo "KMS service must be specified" >&2 57*e7b1675dSTing-Kang Chang exit 1 58*e7b1675dSTing-Kang Chang fi 59*e7b1675dSTing-Kang Chang} 60*e7b1675dSTing-Kang Chang 61*e7b1675dSTing-Kang Chang####################################### 62*e7b1675dSTing-Kang Chang# Copy GCP credentials. 63*e7b1675dSTing-Kang Chang# 64*e7b1675dSTing-Kang Chang# Globals: 65*e7b1675dSTing-Kang Chang# TESTDATA_DIR 66*e7b1675dSTing-Kang Chang# TINK_TEST_SERVICE_ACCOUNT 67*e7b1675dSTing-Kang Chang####################################### 68*e7b1675dSTing-Kang Changcopy_gcp_credentials() { 69*e7b1675dSTing-Kang Chang if [[ -z "${TINK_TEST_SERVICE_ACCOUNT}" ]]; then 70*e7b1675dSTing-Kang Chang echo "ERROR: TINK_TEST_SERVICE_ACCOUNT is expected to be set" >&2 71*e7b1675dSTing-Kang Chang exit 1 72*e7b1675dSTing-Kang Chang fi 73*e7b1675dSTing-Kang Chang cp "${TINK_TEST_SERVICE_ACCOUNT}" "${TESTDATA_DIR}/gcp/credential.json" 74*e7b1675dSTing-Kang Chang} 75*e7b1675dSTing-Kang Chang 76*e7b1675dSTing-Kang Chang####################################### 77*e7b1675dSTing-Kang Chang# Copy AWS credentials. 78*e7b1675dSTing-Kang Chang# 79*e7b1675dSTing-Kang Chang# Globals: 80*e7b1675dSTing-Kang Chang# TESTDATA_DIR 81*e7b1675dSTing-Kang Chang# AWS_TINK_TEST_SERVICE_ACCOUNT 82*e7b1675dSTing-Kang Chang####################################### 83*e7b1675dSTing-Kang Changcopy_aws_credentials() { 84*e7b1675dSTing-Kang Chang if [[ -z "${AWS_TINK_TEST_SERVICE_ACCOUNT}" ]]; then 85*e7b1675dSTing-Kang Chang echo "ERROR: AWS_TINK_TEST_SERVICE_ACCOUNT is expected to be set" >&2 86*e7b1675dSTing-Kang Chang exit 1 87*e7b1675dSTing-Kang Chang fi 88*e7b1675dSTing-Kang Chang 89*e7b1675dSTing-Kang Chang # Create the different format for the AWS credentials 90*e7b1675dSTing-Kang Chang local -r aws_key_id="AKIATNYZMJOHVMN7MSYH" 91*e7b1675dSTing-Kang Chang local -r aws_key="$(cat ${AWS_TINK_TEST_SERVICE_ACCOUNT})" 92*e7b1675dSTing-Kang Chang 93*e7b1675dSTing-Kang Chang cat <<END > "${TESTDATA_DIR}/aws/credentials.ini" 94*e7b1675dSTing-Kang Chang[default] 95*e7b1675dSTing-Kang Changaws_access_key_id = ${aws_key_id} 96*e7b1675dSTing-Kang Changaws_secret_access_key = ${aws_key} 97*e7b1675dSTing-Kang ChangEND 98*e7b1675dSTing-Kang Chang 99*e7b1675dSTing-Kang Chang cat <<END > "${TESTDATA_DIR}/aws/credentials.cred" 100*e7b1675dSTing-Kang Chang[default] 101*e7b1675dSTing-Kang ChangaccessKey = ${aws_key_id} 102*e7b1675dSTing-Kang ChangsecretKey = ${aws_key} 103*e7b1675dSTing-Kang ChangEND 104*e7b1675dSTing-Kang Chang 105*e7b1675dSTing-Kang Chang cat <<END > "${TESTDATA_DIR}/aws/credentials.csv" 106*e7b1675dSTing-Kang ChangUser name,Password,Access key ID,Secret access key,Console login link 107*e7b1675dSTing-Kang Changtink-user1,,${aws_key_id},${aws_key},https://235739564943.signin.aws.amazon.com/console 108*e7b1675dSTing-Kang ChangEND 109*e7b1675dSTing-Kang Chang} 110*e7b1675dSTing-Kang Chang 111*e7b1675dSTing-Kang Changmain() { 112*e7b1675dSTing-Kang Chang if [[ -z "${KOKORO_ROOT}" ]]; then 113*e7b1675dSTing-Kang Chang echo "Not running on Kokoro, skipping copying credentials." 114*e7b1675dSTing-Kang Chang exit 0 115*e7b1675dSTing-Kang Chang fi 116*e7b1675dSTing-Kang Chang 117*e7b1675dSTing-Kang Chang process_args "$@" 118*e7b1675dSTing-Kang Chang 119*e7b1675dSTing-Kang Chang case "${KMS_SERVICE}" in 120*e7b1675dSTing-Kang Chang aws) 121*e7b1675dSTing-Kang Chang copy_aws_credentials 122*e7b1675dSTing-Kang Chang ;; 123*e7b1675dSTing-Kang Chang gcp) 124*e7b1675dSTing-Kang Chang copy_gcp_credentials 125*e7b1675dSTing-Kang Chang ;; 126*e7b1675dSTing-Kang Chang all) 127*e7b1675dSTing-Kang Chang copy_aws_credentials 128*e7b1675dSTing-Kang Chang copy_gcp_credentials 129*e7b1675dSTing-Kang Chang ;; 130*e7b1675dSTing-Kang Chang *) 131*e7b1675dSTing-Kang Chang echo "Invalid KMS service \"${KMS_SERVICE}\"" >&2 132*e7b1675dSTing-Kang Chang exit 1 133*e7b1675dSTing-Kang Chang esac 134*e7b1675dSTing-Kang Chang} 135*e7b1675dSTing-Kang Chang 136*e7b1675dSTing-Kang Changmain "$@" 137