update-lagoon-registry-with-aws-token.sh

update-lagoon-registry-with-aws-token.sh

# !/bin/bash
# README
#
# This script gets an AWS ECR Registry Token and stores it as a variable within a specified Lagoon.
# This is usefull as the AWS ECR Registry Token are only valid for 12 hours and therefore need to be updated regularly.
#
# # Usage
# ```
# export AWS_ACCESS_KEY_ID=xxxx
# export AWS_SECRET_ACCESS_KEY=xxxx
# ./update-lagoon-registry-with-aws-token.sh -p rasch-backend-k8s -v AWS_ECR_REGISTRY_TOKEN
# ```

usage() {
  echo "Usage: ./update-lagoon-registry-with-aws-token.sh -p rasch-backend-k8s "
  echo "  -p <lagoon-project-name>     #required"
  echo "  -v <variable>                #required, variable that should be updated with AWS token"
  exit 1
}

if [[ ! $@ =~ ^\-.+ ]]
then
  usage
fi

while getopts ":p:v:" opt; do
  case ${opt} in
    p )
      project=$OPTARG;;
    v )
      variable=$OPTARG;;
    *)
      usage;;
  esac
done

# need these, make sure we have them
if [[ -z "$project" ]] || [[ -z "$variable" ]]; then
  usage
fi

if [[ ! -z "${project}" ]] && [[ ! -z "${variable}" ]]; then

  arch=$(uname | tr '[:upper:]' '[:lower:]')
  curl -sL "https://github.com/amazeeio/lagoon-cli/releases/download/0.9.1/lagoon-cli-0.9.1-${arch}-amd64" -o ./lagoon
  chmod a+x ./lagoon

  AWS_REGISTRY_TOKEN=$(docker run -e AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} -e AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} -e AWS_DEFAULT_REGION=eu-central-1 shreddedbacon/aws-cli aws ecr get-authorization-token --output text --query 'authorizationData[].authorizationToken'  | base64 -d | cut -d: -f2)

  ./lagoon login

  if ./lagoon list variables --project ${project} | grep ${variable} -q; then
    ./lagoon delete variable --project ${project} --name ${variable} --force
  fi
  set -x
  ./lagoon add variable --project ${project} --name ${variable} --value ${AWS_REGISTRY_TOKEN} --scope global --force

fi