bootstrap_schema.sh 2.6 KB
Newer Older
1
#!/usr/bin/env bash
2
3
4
5
6
7
8
9
#
# Script that bootstraps schema service using Python scripts, that make requests to schema service
# Contains logic for both onprem and gcp version
#
# Expected environment variables:
# (both environments):
# - DATA_PARTITION
# - SCHEMA_URL
Aliaksei Kruk2's avatar
Aliaksei Kruk2 committed
10
# - ENTITLEMENTS_HOST
11
12
13
14
15
16
17
# (for gcp):
# - AUDIENCES
# (for onprem):
# - OPENID_PROVIDER_URL
# - OPENID_PROVIDER_CLIENT_ID
# - OPENID_PROVIDER_CLIENT_SECRET
# 
18

19
set -e
20

21
22
source ./validate-env.sh "DATA_PARTITION"
source ./validate-env.sh "SCHEMA_URL"
Aliaksei Kruk2's avatar
Aliaksei Kruk2 committed
23
source ./validate-env.sh "ENTITLEMENTS_HOST"
24

Aliaksei Kruk2's avatar
Aliaksei Kruk2 committed
25
bootstrap_schema_gettoken_onprem() {
26

27
  ID_TOKEN="$(curl --location --request POST "${OPENID_PROVIDER_URL}/protocol/openid-connect/token" \
28
29
30
31
32
  --header "Content-Type: application/x-www-form-urlencoded" \
  --data-urlencode "grant_type=client_credentials" \
  --data-urlencode "scope=openid" \
  --data-urlencode "client_id=${OPENID_PROVIDER_CLIENT_ID}" \
  --data-urlencode "client_secret=${OPENID_PROVIDER_CLIENT_SECRET}" | jq -r ".id_token")"
33
  export BEARER_TOKEN="Bearer ${ID_TOKEN}"
34
35
}

Aliaksei Kruk2's avatar
Aliaksei Kruk2 committed
36
bootstrap_schema_gettoken_gcp() {
37

38
39
40
  BEARER_TOKEN=$(gcloud auth print-identity-token --audiences="${AUDIENCES}")
  export BEARER_TOKEN
  
41
42
43
  # FIXME CleanUP script needed only for TF installation
  # echo "Clean-up for Datastore schemas"
  # python3 ./scripts/GcpDatastoreCleanUp.py
44
45
  
  # FIXME find a better solution about datastore cleaning completion
46
  # sleep 5
Aliaksei Kruk2's avatar
Aliaksei Kruk2 committed
47
}
48

Aliaksei Kruk2's avatar
Aliaksei Kruk2 committed
49
bootstrap_schema_prechek_env() {
50
51
  status_code=$(curl --retry 1 --location -globoff --request GET \
  "${ENTITLEMENTS_HOST}/api/entitlements/v2/groups" \
Aliaksei Kruk2's avatar
Aliaksei Kruk2 committed
52
53
54
55
  --write-out "%{http_code}" --silent --output "/dev/null"\
  --header 'Content-Type: application/json' \
  --header "data-partition-id: ${DATA_PARTITION}" \
  --header "Authorization: ${BEARER_TOKEN}")
56

Aliaksei Kruk2's avatar
Aliaksei Kruk2 committed
57
58
59
60
  if [ "$status_code" == 200 ]
  then
    echo "$status_code: Entitlements provisioning completed successfully!"
  else
61
    echo "$status_code: Entitlements provisioning is in progress or failed!"
Aliaksei Kruk2's avatar
Aliaksei Kruk2 committed
62
63
64
65
66
67
    exit 1
  fi
}

bootstrap_schema_deploy_shared_schemas() {
  python3 ./scripts/DeploySharedSchemas.py -u "${SCHEMA_URL}"/api/schema-service/v1/schemas/system
68
69
70
71
72
73
74
}

if [ "${ONPREM_ENABLED}" == "true" ]
then
  source ./validate-env.sh "OPENID_PROVIDER_URL"
  source ./validate-env.sh "OPENID_PROVIDER_CLIENT_ID"
  source ./validate-env.sh "OPENID_PROVIDER_CLIENT_SECRET"
Aliaksei Kruk2's avatar
Aliaksei Kruk2 committed
75
76
77
78

  # Get credentials for onprem
  bootstrap_schema_gettoken_onprem

79
80
else
  source ./validate-env.sh "AUDIENCES"
Aliaksei Kruk2's avatar
Aliaksei Kruk2 committed
81
82
83
84

  # Get credentials for GCP
  bootstrap_schema_gettoken_gcp

85
fi
86

Aliaksei Kruk2's avatar
Aliaksei Kruk2 committed
87
88
89
90
91
92
# Precheck entitlements
bootstrap_schema_prechek_env

# Deploy shared schemas
bootstrap_schema_deploy_shared_schemas

93
touch /tmp/bootstrap_ready