AllardDCS/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4b6f071349a2ca5d8268c47de4610b99fac38ce3
kubernetes/dev/tekton/examples/example-bank/scripts/mapAppIDtoSecrets.sh
allard 376a944abc initial commit
2025-11-23 18:58:51 +01:00

72 lines
3.2 KiB
Bash
Executable File
Raw Blame History

# Check if ibmcloud is in user's account
ibmcloud_accountname=$(ibmcloud target --output json | jq -j '.account.name')
## check if account is in quicklabs (labs.cognitiveclass.ai) or workshop clusters account in DEG
if [ "$ibmcloud_accountname" = "QuickLabs - IBM Skills Network" ]; then
echo "\n"
echo "WARNING: You're logged in as ${ibmcloud_accountname}"
echo "Please log in again using -- ibmcloud login -u YOUR_IBM_CLOUD_EMAIL"
echo "and run this script again"
exit 1
elif [ "$ibmcloud_accountname" = "DEGCloud DEGCloud's Account" ]; then
echo "\n"
echo "WARNING: You're logged in as ${ibmcloud_accountname}"
echo "Please log in again using -- ibmcloud login -u YOUR_IBM_CLOUD_EMAIL"
echo "and run this script again"
exit 1
fi
# end check
# Grabs appid-example-bank instance and gets api key and management url from appid-example-bank-credentials
credentials=$(ibmcloud resource service-keys --instance-name appid-example-bank --output JSON | jq -c '[ .[] | select( .name | contains("appid-example-bank-credentials")) ]' | jq -j '.[0].credentials')
APIKEY=$(echo "${credentials}" | jq -j '.apikey')
MGMTEP=$(echo "${credentials}" | jq -j '.managementUrl')
echo $APIKEY
echo $MGMTEP
response=$(curl -k -v -X POST -w "\n%{http_code}" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Accept: application/json" \
--data-urlencode "grant_type=urn:ibm:params:oauth:grant-type:apikey" \
--data-urlencode "apikey=$APIKEY" \
"https://iam.cloud.ibm.com/identity/token")
echo $response
code=$(echo "${response}" | tail -n1)
[ "$code" -ne "200" ] && exit 1
accesstoken=$(echo "${response}" | head -n1 | jq -j '.access_token')
response=$(curl -v -X GET -w "\n%{http_code}" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $accesstoken" \
$MGMTEP/applications)
echo $response
code=$(echo "${response}" | tail -n1)
[ "$code" -ne "200" ] && exit 1
tenantid=$(echo "${response}"| head -n1 | jq -j '.applications[0].tenantId')
clientid=$(echo "${response}"| head -n1 | jq -j '.applications[0].clientId')
secret=$(echo "${response}"| head -n1 | jq -j '.applications[0].secret')
oauthserverurl=$(echo "${response}"| head -n1 | jq -j '.applications[0].oAuthServerUrl')
appidhost=$(echo "${oauthserverurl}" | awk -F/ '{print $3}')
# Creates secret from application credentials
oc create secret generic bank-oidc-secret --from-literal=OIDC_JWKENDPOINTURL=$oauthserverurl/publickeys --from-literal=OIDC_ISSUERIDENTIFIER=$oauthserverurl --from-literal=OIDC_AUDIENCES=$clientid
oc create secret generic bank-appid-secret --from-literal=APPID_TENANTID=$tenantid --from-literal=APPID_SERVICE_URL=https://$appidhost
oc create secret generic bank-iam-secret --from-literal=IAM_APIKEY=$APIKEY --from-literal=IAM_SERVICE_URL=https://iam.cloud.ibm.com/identity/token
oc create secret generic mobile-simulator-secrets \
--from-literal=APP_ID_IAM_APIKEY=$APIKEY \
--from-literal=APP_ID_MANAGEMENT_URL=$MGMTEP \
--from-literal=APP_ID_CLIENT_ID=$clientid \
--from-literal=APP_ID_CLIENT_SECRET=$secret \
--from-literal=APP_ID_TOKEN_URL=$oauthserverurl \
--from-literal=PROXY_USER_MICROSERVICE=user-service:9080 \
--from-literal=PROXY_TRANSACTION_MICROSERVICE=transaction-service:9080
Reference in New Issue View Git Blame Copy Permalink