Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-09-23 14:34:57 -04:00
Code Issues Projects Releases Packages Wiki Activity

ci: format shellscripts

Browse source 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
This commit is contained in:
Paul Meyer 2022-11-10 14:17:04 +01:00
parent fd9dfb500d
commit 106b738fab
29 changed files with 923 additions and 888 deletions
Download patch file Download diff file Expand all files Collapse all files

63
image/secure-boot/azure/delete.sh
View file

@ -3,27 +3,27 @@
set -euo pipefail
shopt -s inherit_errexit
if [[ -z "${CONFIG_FILE-}" ]] && [[ -f "${CONFIG_FILE-}" ]]; then
# shellcheck source=/dev/null
. "${CONFIG_FILE}"
if [[ -z ${CONFIG_FILE-} ]] && [[ -f ${CONFIG_FILE-} ]]; then
# shellcheck source=/dev/null
. "${CONFIG_FILE}"
fi
POSITIONAL_ARGS=()
while [[ $# -gt 0 ]]; do
case $1 in
-n|--name)
AZURE_VM_NAME="$2"
shift # past argument
shift # past value
;;
-*)
echo "Unknown option $1"
exit 1
;;
*)
POSITIONAL_ARGS+=("$1") # save positional arg
shift # past argument
;;
-n | --name)
AZURE_VM_NAME="$2"
shift # past argument
shift # past value
;;
-*)
echo "Unknown option $1"
exit 1
;;
*)
POSITIONAL_ARGS+=("$1") # save positional arg
shift # past argument
;;
esac
done
@ -38,34 +38,33 @@ SUBNET=$(echo "${NIC_INFO}" | jq -r '.ipConfigurations[0].subnet.id')
VNET=${SUBNET//\/subnets\/.*/}
DISK=$(echo "${AZ_VM_INFO}" | jq -r '.storageProfile.osDisk.managedDisk.id')
delete_vm () {
az vm delete -y --name "${AZURE_VM_NAME}" \
--resource-group "${AZURE_RESOURCE_GROUP_NAME}" || true
delete_vm() {
az vm delete -y --name "${AZURE_VM_NAME}" \
--resource-group "${AZURE_RESOURCE_GROUP_NAME}" || true
}
delete_vnet () {
az network vnet delete --ids "${VNET}" || true
delete_vnet() {
az network vnet delete --ids "${VNET}" || true
}
delete_subnet () {
az network vnet subnet delete --ids "${SUBNET}" || true
delete_subnet() {
az network vnet subnet delete --ids "${SUBNET}" || true
}
delete_nsg () {
az network nsg delete --ids "${NSG}" || true
delete_nsg() {
az network nsg delete --ids "${NSG}" || true
}
delete_pubip () {
az network public-ip delete --ids "${PUBIP}" || true
delete_pubip() {
az network public-ip delete --ids "${PUBIP}" || true
}
delete_disk () {
az disk delete -y --ids "${DISK}" || true
delete_disk() {
az disk delete -y --ids "${DISK}" || true
}
delete_nic () {
az network nic delete --ids "${NIC}" || true
delete_nic() {
az network nic delete --ids "${NIC}" || true
}
delete_vm

58
image/secure-boot/azure/extract_vmgs.sh
View file

@ -3,28 +3,28 @@
set -euo pipefail
shopt -s inherit_errexit
if [[ -z "${CONFIG_FILE-}" ]] && [[ -f "${CONFIG_FILE-}" ]]; then
# shellcheck source=/dev/null
. "${CONFIG_FILE}"
if [[ -z ${CONFIG_FILE-} ]] && [[ -f ${CONFIG_FILE-} ]]; then
# shellcheck source=/dev/null
. "${CONFIG_FILE}"
fi
AZURE_SUBSCRIPTION=$(az account show --query id -o tsv)
POSITIONAL_ARGS=()
while [[ $# -gt 0 ]]; do
case $1 in
-n|--name)
AZURE_VM_NAME="$2"
shift # past argument
shift # past value
;;
-*)
echo "Unknown option $1"
exit 1
;;
*)
POSITIONAL_ARGS+=("$1") # save positional arg
shift # past argument
;;
-n | --name)
AZURE_VM_NAME="$2"
shift # past argument
shift # past value
;;
-*)
echo "Unknown option $1"
exit 1
;;
*)
POSITIONAL_ARGS+=("$1") # save positional arg
shift # past argument
;;
esac
done
@ -34,10 +34,10 @@ VM_DISK=$(az vm show -g "${AZURE_RESOURCE_GROUP_NAME}" --name "${AZURE_VM_NAME}"
LOCATION=$(az disk show --ids "${VM_DISK}" --query "location" -o tsv)
az snapshot create \
-g "${AZURE_RESOURCE_GROUP_NAME}" \
--source "${VM_DISK}" \
--name "${AZURE_SNAPSHOT_NAME}" \
-l "${LOCATION}"
-g "${AZURE_RESOURCE_GROUP_NAME}" \
--source "${VM_DISK}" \
--name "${AZURE_SNAPSHOT_NAME}" \
-l "${LOCATION}"
# Azure CLI does not implement getSecureVMGuestStateSAS for snapshots yet
# az snapshot grant-access \
@ -47,11 +47,11 @@ az snapshot create \
# -g "${AZURE_RESOURCE_GROUP_NAME}"
BEGIN=$(az rest \
--method post \
--url "https://management.azure.com/subscriptions/${AZURE_SUBSCRIPTION}/resourceGroups/${AZURE_RESOURCE_GROUP_NAME}/providers/Microsoft.Compute/snapshots/${AZURE_SNAPSHOT_NAME}/beginGetAccess" \
--uri-parameters api-version="2021-12-01" \
--body '{"access": "Read", "durationInSeconds": 3600, "getSecureVMGuestStateSAS": true}' \
--verbose 2>&1)
--method post \
--url "https://management.azure.com/subscriptions/${AZURE_SUBSCRIPTION}/resourceGroups/${AZURE_RESOURCE_GROUP_NAME}/providers/Microsoft.Compute/snapshots/${AZURE_SNAPSHOT_NAME}/beginGetAccess" \
--uri-parameters api-version="2021-12-01" \
--body '{"access": "Read", "durationInSeconds": 3600, "getSecureVMGuestStateSAS": true}' \
--verbose 2>&1)
ASYNC_OPERATION_URI=$(echo "${BEGIN}" | grep Azure-AsyncOperation | cut -d ' ' -f 7 | tr -d "'")
sleep 10
ACCESS=$(az rest --method get --url "${ASYNC_OPERATION_URI}")
@ -60,9 +60,9 @@ VMGS_URL=$(echo "${ACCESS}" | jq -r '.properties.output.securityDataAccessSAS')
curl -L -o "${AZURE_VMGS_FILENAME}" "${VMGS_URL}"
az snapshot revoke-access \
--name "${AZURE_SNAPSHOT_NAME}" \
-g "${AZURE_RESOURCE_GROUP_NAME}"
--name "${AZURE_SNAPSHOT_NAME}" \
-g "${AZURE_RESOURCE_GROUP_NAME}"
az snapshot delete \
--name "${AZURE_SNAPSHOT_NAME}" \
-g "${AZURE_RESOURCE_GROUP_NAME}"
--name "${AZURE_SNAPSHOT_NAME}" \
-g "${AZURE_RESOURCE_GROUP_NAME}"
echo "VMGS saved to ${AZURE_VMGS_FILENAME}"

146
image/secure-boot/azure/launch.sh
View file

@ -3,101 +3,101 @@
set -euo pipefail
shopt -s inherit_errexit
if [[ -z "${CONFIG_FILE-}" ]] && [[ -f "${CONFIG_FILE-}" ]]; then
# shellcheck source=/dev/null
. "${CONFIG_FILE}"
if [[ -z ${CONFIG_FILE-} ]] && [[ -f ${CONFIG_FILE-} ]]; then
# shellcheck source=/dev/null
. "${CONFIG_FILE}"
fi
POSITIONAL_ARGS=()
while [[ $# -gt 0 ]]; do
case $1 in
-n|--name)
AZURE_VM_NAME="$2"
shift # past argument
shift # past value
;;
-g|--gallery)
CREATE_FROM_GALLERY=YES
shift # past argument
;;
-d|--disk)
CREATE_FROM_GALLERY=NO
shift # past argument
;;
--secure-boot)
AZURE_SECURE_BOOT="$2"
shift # past argument
shift # past value
;;
--disk-name)
AZURE_DISK_NAME="$2"
shift # past argument
shift # past value
;;
-*)
echo "Unknown option $1"
exit 1
;;
*)
POSITIONAL_ARGS+=("$1") # save positional arg
shift # past argument
;;
-n | --name)
AZURE_VM_NAME="$2"
shift # past argument
shift # past value
;;
-g | --gallery)
CREATE_FROM_GALLERY=YES
shift # past argument
;;
-d | --disk)
CREATE_FROM_GALLERY=NO
shift # past argument
;;
--secure-boot)
AZURE_SECURE_BOOT="$2"
shift # past argument
shift # past value
;;
--disk-name)
AZURE_DISK_NAME="$2"
shift # past argument
shift # past value
;;
-*)
echo "Unknown option $1"
exit 1
;;
*)
POSITIONAL_ARGS+=("$1") # save positional arg
shift # past argument
;;
esac
done
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
if [[ "${AZURE_SECURITY_TYPE}" == "ConfidentialVM" ]]; then
if [[ ${AZURE_SECURITY_TYPE} == "ConfidentialVM" ]]; then
VMSIZE="Standard_DC2as_v5"
elif [[ "${AZURE_SECURITY_TYPE}" == "TrustedLaunch" ]]; then
elif [[ ${AZURE_SECURITY_TYPE} == "TrustedLaunch" ]]; then
VMSIZE="standard_D2as_v5"
else
echo "Unknown security type: ${AZURE_SECURITY_TYPE}"
exit 1
fi
create_vm_from_disk () {
AZURE_DISK_REFERENCE=$(az disk show --resource-group "${AZURE_RESOURCE_GROUP_NAME}" --name "${AZURE_DISK_NAME}" --query id -o tsv)
az vm create --name "${AZURE_VM_NAME}" \
--resource-group "${AZURE_RESOURCE_GROUP_NAME}" \
-l "${AZURE_REGION}" \
--size "${VMSIZE}" \
--public-ip-sku Standard \
--os-type Linux \
--attach-os-disk "${AZURE_DISK_REFERENCE}" \
--security-type "${AZURE_SECURITY_TYPE}" \
--os-disk-security-encryption-type VMGuestStateOnly \
--enable-vtpm true \
--enable-secure-boot "${AZURE_SECURE_BOOT}" \
--boot-diagnostics-storage "" \
--no-wait
create_vm_from_disk() {
AZURE_DISK_REFERENCE=$(az disk show --resource-group "${AZURE_RESOURCE_GROUP_NAME}" --name "${AZURE_DISK_NAME}" --query id -o tsv)
az vm create --name "${AZURE_VM_NAME}" \
--resource-group "${AZURE_RESOURCE_GROUP_NAME}" \
-l "${AZURE_REGION}" \
--size "${VMSIZE}" \
--public-ip-sku Standard \
--os-type Linux \
--attach-os-disk "${AZURE_DISK_REFERENCE}" \
--security-type "${AZURE_SECURITY_TYPE}" \
--os-disk-security-encryption-type VMGuestStateOnly \
--enable-vtpm true \
--enable-secure-boot "${AZURE_SECURE_BOOT}" \
--boot-diagnostics-storage "" \
--no-wait
}
create_vm_from_sig () {
AZURE_IMAGE_REFERENCE=$(az sig image-version show \
--gallery-image-definition "${AZURE_IMAGE_DEFINITION}" \
--gallery-image-version "${AZURE_IMAGE_VERSION}" \
--gallery-name "${AZURE_GALLERY_NAME}" \
-g "${AZURE_RESOURCE_GROUP_NAME}" \
--query id -o tsv)
az vm create --name "${AZURE_VM_NAME}" \
--resource-group "${AZURE_RESOURCE_GROUP_NAME}" \
-l "${AZURE_REGION}" \
--size "${VMSIZE}" \
--public-ip-sku Standard \
--image "${AZURE_IMAGE_REFERENCE}" \
--security-type "${AZURE_SECURITY_TYPE}" \
--os-disk-security-encryption-type VMGuestStateOnly \
--enable-vtpm true \
--enable-secure-boot "${AZURE_SECURE_BOOT}" \
--boot-diagnostics-storage "" \
--no-wait
create_vm_from_sig() {
AZURE_IMAGE_REFERENCE=$(az sig image-version show \
--gallery-image-definition "${AZURE_IMAGE_DEFINITION}" \
--gallery-image-version "${AZURE_IMAGE_VERSION}" \
--gallery-name "${AZURE_GALLERY_NAME}" \
-g "${AZURE_RESOURCE_GROUP_NAME}" \
--query id -o tsv)
az vm create --name "${AZURE_VM_NAME}" \
--resource-group "${AZURE_RESOURCE_GROUP_NAME}" \
-l "${AZURE_REGION}" \
--size "${VMSIZE}" \
--public-ip-sku Standard \
--image "${AZURE_IMAGE_REFERENCE}" \
--security-type "${AZURE_SECURITY_TYPE}" \
--os-disk-security-encryption-type VMGuestStateOnly \
--enable-vtpm true \
--enable-secure-boot "${AZURE_SECURE_BOOT}" \
--boot-diagnostics-storage "" \
--no-wait
}
if [[ "${CREATE_FROM_GALLERY}" = "YES" ]]; then
create_vm_from_sig
if [[ ${CREATE_FROM_GALLERY} == "YES" ]]; then
create_vm_from_sig
else
create_vm_from_disk
create_vm_from_disk
fi
sleep 30