jefferai · May 12, 2018 02:51
diff --git a/find_destroy_consul_tokens.sh b/find_destroy_consul_tokens.sh
 #!/bin/bash

 # Tested with jq 1.5. Should work with jq >= 1.4.

 # Note: this script is an example to show how tokens can be listed
 # and managed by jq into a removal function. You should not use this
 # script as-is, in particular without examining the list output to
 # exclude unwanted tokens from being removed. For instance, if
 # your management token for Vault itself (storage, or the Consul
 # dynamic backend) has a name that begins with "Vault", this
 # script will not differentiate.

 set -e

 CONSUL_TOKEN="test"
 CONSUL_ADDR="http://127.0.0.1:8500"

 for i in $(curl -s -X GET -H "X-Consul-Token: ${CONSUL_TOKEN}" "${CONSUL_ADDR}/v1/acl/list" | jq -r 'map(select(.Name | startswith("Vault")))|.[].ID')
  do
    echo "${i}"
    # Commented out for safety
    #curl -X PUT -H "X-Consul-Token: ${CONSUL_TOKEN}" "${CONSUL_ADDR}/v1/acl/destroy/${i}"
  done
	#!/bin/bash

	# Tested with jq 1.5. Should work with jq >= 1.4.

	# Note: this script is an example to show how tokens can be listed
	# and managed by jq into a removal function. You should not use this
	# script as-is, in particular without examining the list output to
	# exclude unwanted tokens from being removed. For instance, if
	# your management token for Vault itself (storage, or the Consul
	# dynamic backend) has a name that begins with "Vault", this
	# script will not differentiate.

	set -e

	CONSUL_TOKEN="test"
	CONSUL_ADDR="http://127.0.0.1:8500"

	for i in $(curl -s -X GET -H "X-Consul-Token: ${CONSUL_TOKEN}" "${CONSUL_ADDR}/v1/acl/list" \| jq -r 'map(select(.Name \| startswith("Vault")))\|.[].ID')
	do
	echo "${i}"
	# Commented out for safety
	#curl -X PUT -H "X-Consul-Token: ${CONSUL_TOKEN}" "${CONSUL_ADDR}/v1/acl/destroy/${i}"
	done