updating script

hashicorp · Mar 5, 2025 · 630a208 · 630a208
1 parent 7ceea79
commit 630a208
Showing 1 changed file with 13 additions and 14 deletions.
diff --git a/enos/modules/verify_secrets_engines/scripts/aws-generate-roles.sh b/enos/modules/verify_secrets_engines/scripts/aws-generate-roles.sh
@@ -9,15 +9,15 @@ fail() {
   exit 1
 }
 
-## # -------PKI TESTING
-# MOUNT=aws
-# AWS_REGION=us-east-1
-# AWS_ROLE=test-role
-# VAULT_ADDR=http://127.0.0.1:8200
-# VAULT_INSTALL_DIR=/opt/homebrew/bin
-# VAULT_TOKEN=root
-# vault secrets enable --path=${MOUNT} aws > /dev/null 2>&1  || echo "AWS Engine already enabled!"
-echo -e "------------|${AWS_REGION}|-----------|${AWS_ACCESS_KEY_ID}|--------\n"
+# # -------PKI TESTING
+ MOUNT=aws
+ AWS_REGION=us-east-1
+ AWS_ROLE=test-role
+ VAULT_ADDR=http://127.0.0.1:8200
+ VAULT_INSTALL_DIR=/opt/homebrew/bin
+ VAULT_TOKEN=root
+ vault secrets enable --path=${MOUNT} aws > /dev/null 2>&1  || echo "AWS Engine already enabled!"
+echo -e "------------|${AWS_REGION}|-----------|${AWS_ACCESS_KEY_ID}|-------|${AWS_SECRET_ACCESS_KEY}|-----\n"
 [[ -z "$AWS_REGION" ]] && fail "AWS_REGION env variable has not been set"
 [[ -z "$AWS_ACCESS_KEY_ID" ]] && fail "AWS_ACCESS_KEY_ID env variable has not been set"
 [[ -z "$AWS_SECRET_ACCESS_KEY" ]] && fail "AWS_SECRET_ACCESS_KEY env variable has not been set"
@@ -35,11 +35,10 @@ export VAULT_FORMAT=json
 echo "Configuring Vault AWS"
 "$binpath" write "${MOUNT}/config/root" access_key="${AWS_ACCESS_KEY_ID}" secret_key="${AWS_SECRET_ACCESS_KEY}" region=${AWS_REGION} || fail "Cannot set vault AWS credentials"
 
-echo "Creating AWS Role"
+echo "Setup Vault/AWS role.."
 #"$binpath" write "${MOUNT}/roles/${AWS_ROLE}" credential_type=iam_user policy_arns="arn:aws:iam::aws:policy/AdministratorAccess" ttl="1h" max_ttl="24h" || fail "Cannot create AWS role"
 "$binpath" write "aws/roles/${AWS_ROLE}" \
     credential_type=iam_user \
-    ttl="1h" max_ttl="24h" \
     policy_document=-<<EOF
 {
   "Version": "2012-10-17",
@@ -58,9 +57,9 @@ ROLE=$("$binpath" list "${MOUNT}/roles" | jq -r '.[]')
 [[ -z "$ROLE" ]] && fail "No AWS roles created!"
 
 echo "Verifying Root Access Key"
-"$binpath" read "${MOUNT}/config/root" | jq -r '.data.access_key'
+"$binpath" read "${MOUNT}/config/root"
 ROOT_ACCESS_KEY=$("$binpath" read "${MOUNT}/config/root" | jq -r '.data.access_key')
 [[ "$ROOT_ACCESS_KEY" != "$AWS_ACCESS_KEY_ID" ]] && fail "AWS Access Key does not match: $ROOT_ACCESS_KEY, $AWS_ACCESS_KEY_ID"
 
-# Read role
-"$binpath" read "${MOUNT}/creds/${AWS_ROLE}"
+## Read role
+#"$binpath" read "${MOUNT}/creds/${AWS_ROLE}"