#!/bin/bash # -*- mode:shell-script; coding:utf-8; -*- # # mapProxiesToTruststores.sh # # A bash script for mapping a set of proxies to the truststores they use. # # Last saved: <2017-May-09 15:30:04> # verbosity=1 waittime=2 netrccreds=0 apiproxy="" envname="" defaultmgmtserver="https://api.enterprise.apigee.com" credentials="" TAB=$'\t' usage() { local CMD=`basename $0` echo "$CMD: " echo " Inquires the proxies in an org, and maps them to the set of truststores." echo "usage: " echo " $CMD [options] " echo "options: " echo " -o org the org to use." echo " -u user Edge admin user for the Admin API calls." echo " -n use .netrc to retrieve credentials (in lieu of -u)" echo " -m url the base url for the mgmt server." echo " -q quiet; decrease verbosity by 1" echo " -v verbose; increase verbosity by 1" echo echo "Current parameter values:" echo " mgmt api url: $defaultmgmtserver" echo " verbosity: $verbosity" echo exit 1 } ## function MYCURL ## Print the curl command, omitting sensitive parameters, then run it. ## There are side effects: ## 1. puts curl output into file named ${CURL_OUT}. If the CURL_OUT ## env var is not set prior to calling this function, it is created ## and the name of a tmp file in /tmp is placed there. ## 2. puts curl http_status into variable CURL_RC MYCURL() { [[ -z "${CURL_OUT}" ]] && CURL_OUT=`mktemp /tmp/apigee-edge-provision-demo-org.curl.out.XXXXXX` [[ -f "${CURL_OUT}" ]] && rm ${CURL_OUT} [[ $verbosity -gt 0 ]] && echo "curl $@" # run the curl command CURL_RC=`curl $credentials -s -w "%{http_code}" -o "${CURL_OUT}" "$@"` [[ $verbosity -gt 0 ]] && echo "==> ${CURL_RC}" } CleanUp() { [[ -f ${CURL_OUT} ]] && rm -rf ${CURL_OUT} } echoerror() { echo "$@" 1>&2; } choose_mgmtserver() { local name echo read -p " Which mgmt server (${defaultmgmtserver}) :: " name name="${name:-$defaultmgmtserver}" mgmtserver=$name echo " mgmt server = ${mgmtserver}" } choose_credentials() { local username password read -p "username for Edge org ${orgname} at ${mgmtserver} ? (blank to use .netrc): " username echo if [[ "$username" = "" ]] ; then credentials="-n" else echo -n "Org Admin Password: " read -s password echo credentials="-u ${username}:${password}" fi } maybe_ask_password() { local password if [[ ${credentials} =~ ":" ]]; then credentials="-u ${credentials}" else echo -n "password for ${credentials}?: " read -s password echo credentials="-u ${credentials}:${password}" fi } check_org() { [[ $verbosity -gt 1 ]] && echo "checking org ${orgname}..." MYCURL -X GET ${mgmtserver}/v1/o/${orgname} if [[ ${CURL_RC} -eq 200 ]]; then check_org=0 else check_org=1 fi } get_apis() { [[ $verbosity -gt 1 ]] && echo "querying apis ${orgname}..." MYCURL -X GET ${mgmtserver}/v1/o/${orgname}/apis if [[ ${CURL_RC} -eq 200 ]]; then IFS=' '; api_array=($(cat ${CURL_OUT} | sed -e 's/[][",]//g')) [[ $verbosity -gt 1 ]] && echo "found ${#api_array[@]} apis..." fi } walk_revisions() { local m=${#api_array[@]} local api rev targ n t rev_array targ_array [[ $verbosity -gt 1 ]] && echo "inquiring ${m} apis...." echo printf "%-34s %5s %34s %s\n" "API Proxy" "Rev" "Target" "Truststore" printf "====================================================================================================\n" let m-=1 while [[ $m -ge 0 ]]; do api=${api_array[m]} MYCURL -X GET ${mgmtserver}/v1/o/${orgname}/apis/${api}/revisions if [[ ${CURL_RC} -eq 200 ]]; then IFS=' '; rev_array=($(cat ${CURL_OUT} | sed -e 's/[][",]//g')) n=${#rev_array[@]} let n-=1 while [[ $n -ge 0 ]]; do rev=${rev_array[n]} MYCURL -X GET ${mgmtserver}/v1/o/${orgname}/apis/${api}/revisions/${rev}/targets if [[ ${CURL_RC} -eq 200 ]]; then IFS=' '; targ_array=($(cat ${CURL_OUT} | sed -e 's/[][",]//g')) t=${#targ_array[@]} let t-=1 while [[ $t -ge 0 ]]; do targ=${targ_array[t]} MYCURL -X GET ${mgmtserver}/v1/o/${orgname}/apis/${api}/revisions/${rev}/targets/${targ} oneline=$(cat ${CURL_OUT} | grep trustStore) if [ $? -eq 0 ]; then truststore=$(echo -n $oneline | sed -e 's/trustStore//' | sed -e 's/[][",:]//g') printf "%-34s %5s %34s %s\n" ${api} ${rev} ${targ} ${truststore} else printf "%-34s %5s %34s -none-\n" ${api} ${rev} ${targ} fi let t-=1 done fi let n-=1 done fi let m-=1 done } ## ======================================================= echo echo "This script queries proxies and targets within them." echo "==============================================================================" while getopts "ho:e:u:nm:a:A:P:qv" opt; do case $opt in h) usage ;; m) mgmtserver=$OPTARG ;; o) orgname=$OPTARG ;; u) credentials=$OPTARG ;; n) netrccreds=1 ;; q) verbosity=$(($verbosity-1)) ;; v) verbosity=$(($verbosity+1)) ;; *) echo "unknown arg" && usage ;; esac done echo if [[ "X$mgmtserver" = "X" ]]; then mgmtserver="$defaultmgmtserver" fi if [[ "X$orgname" = "X" ]]; then echo "You must specify an org name (-o)." echo usage exit 1 fi if [[ "X$credentials" = "X" ]]; then if [[ ${netrccreds} -eq 1 ]]; then credentials='-n' else choose_credentials fi else maybe_ask_password fi check_org if [[ ${check_org} -ne 0 ]]; then echo "that org cannot be validated" CleanUp exit 1 fi get_apis if [[ ${#api_array} -gt 0 ]]; then walk_revisions fi CleanUp exit 0