vitalvas · May 18, 2021 07:53
diff --git a/readme.md b/readme.md
diff --git a/vault_state.sh b/vault_state.sh
 #!/usr/bin/env bash
 ## Written by: Vitaliy Vasilenko - [email protected]

 TF_STATE=${2:-terraform.tfstate}
 export VAULT_TOKEN=$(vault write -format=json auth/approle/login role_id="${VAULT_ROLE_ID}" secret_id="${VAULT_SECRET_ID}" | jq -r '.auth.client_token')

 function hashsum () {
  file=$1
  if [ $(uname -s) == "Darwin" ]; then
    echo $(md5 ${file} | awk '{print $NF}' | tr -d '\n')
  else
    echo $(md5sum ${file} | awk '{print $1}' | tr -d '\n')
  fi
 }

 case $1 in
  download)
    if tf_state_b64=$(vault kv get -field=state ${VAULT_KV_PATH}) 2>/dev/null ; then
      echo ${tf_state_b64} | base64 -d | gzip -d > ${TF_STATE}
    fi
    ;;

  validate)
    if [ -f "${TF_STATE}" ]; then
      tf_state_hashsum=$(hashsum ${TF_STATE})

      if vault_state_hashsum=$(vault kv get -field=hashsum ${VAULT_KV_PATH}) 2>/dev/null ; then
        if [ "${vault_state_hashsum}" == "${tf_state_hashsum}" ]; then
          echo "State was not changed"
        else
          echo "The state has changed"
        fi
      else
        echo "No state in vault"
      fi
    else
      echo "No state file"
    fi
    ;;

  upload)
    if [ -f "${TF_STATE}" ]; then
      tf_state_b64=$(cat ${TF_STATE} | gzip -9 | base64 | tr -d '\n')
      tf_state_hashsum=$(hashsum ${TF_STATE})

      if vault_state_hashsum=$(vault kv get -field=hashsum ${VAULT_KV_PATH}) 2>/dev/null ; then
        if [ "${vault_state_hashsum}" == "${tf_state_hashsum}" ]; then
          echo "State was not changed"
          exit 0
        fi
      fi

      vault kv put ${VAULT_KV_PATH} state=${tf_state_b64} hashsum=${tf_state_hashsum} time=$(date +%s)
    else
      echo "No state file to upload"
    fi
    ;;

  *)
    echo "Unknown action"
    exit 1
    ;;
 esac
	#!/usr/bin/env bash
	## Written by: Vitaliy Vasilenko - [email protected]

	TF_STATE=${2:-terraform.tfstate}
	export VAULT_TOKEN=$(vault write -format=json auth/approle/login role_id="${VAULT_ROLE_ID}" secret_id="${VAULT_SECRET_ID}" \| jq -r '.auth.client_token')

	function hashsum () {
	file=$1
	if [ $(uname -s) == "Darwin" ]; then
	echo $(md5 ${file} \| awk '{print $NF}' \| tr -d '\n')
	else
	echo $(md5sum ${file} \| awk '{print $1}' \| tr -d '\n')
	fi
	}

	case $1 in
	download)
	if tf_state_b64=$(vault kv get -field=state ${VAULT_KV_PATH}) 2>/dev/null ; then
	echo ${tf_state_b64} \| base64 -d \| gzip -d > ${TF_STATE}
	fi
	;;

	validate)
	if [ -f "${TF_STATE}" ]; then
	tf_state_hashsum=$(hashsum ${TF_STATE})

	if vault_state_hashsum=$(vault kv get -field=hashsum ${VAULT_KV_PATH}) 2>/dev/null ; then
	if [ "${vault_state_hashsum}" == "${tf_state_hashsum}" ]; then
	echo "State was not changed"
	else
	echo "The state has changed"
	fi
	else
	echo "No state in vault"
	fi
	else
	echo "No state file"
	fi
	;;

	upload)
	if [ -f "${TF_STATE}" ]; then
	tf_state_b64=$(cat ${TF_STATE} \| gzip -9 \| base64 \| tr -d '\n')
	tf_state_hashsum=$(hashsum ${TF_STATE})

	if vault_state_hashsum=$(vault kv get -field=hashsum ${VAULT_KV_PATH}) 2>/dev/null ; then
	if [ "${vault_state_hashsum}" == "${tf_state_hashsum}" ]; then
	echo "State was not changed"
	exit 0
	fi
	fi

	vault kv put ${VAULT_KV_PATH} state=${tf_state_b64} hashsum=${tf_state_hashsum} time=$(date +%s)
	else
	echo "No state file to upload"
	fi
	;;

	*)
	echo "Unknown action"
	exit 1
	;;
	esac
No results found