mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-13 00:19:32 -05:00
a31d79e9cb
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
69 lines
2.1 KiB
Bash
Executable File
69 lines
2.1 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
set -euo pipefail
|
|
shopt -s inherit_errexit
|
|
|
|
if [[ -z ${CONFIG_FILE-} ]] && [[ -f ${CONFIG_FILE-} ]]; then
|
|
# shellcheck source=/dev/null
|
|
. "${CONFIG_FILE}"
|
|
fi
|
|
AZURE_SUBSCRIPTION=$(az account show --query id -o tsv)
|
|
POSITIONAL_ARGS=()
|
|
|
|
while [[ $# -gt 0 ]]; do
|
|
case $1 in
|
|
-n | --name)
|
|
AZURE_VM_NAME="$2"
|
|
shift # past argument
|
|
shift # past value
|
|
;;
|
|
-*)
|
|
echo "Unknown option $1"
|
|
exit 1
|
|
;;
|
|
*)
|
|
POSITIONAL_ARGS+=("$1") # save positional arg
|
|
shift # past argument
|
|
;;
|
|
esac
|
|
done
|
|
|
|
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
|
|
|
|
VM_DISK=$(az vm show -g "${AZURE_RESOURCE_GROUP_NAME}" --name "${AZURE_VM_NAME}" --query "storageProfile.osDisk.managedDisk.id" -o tsv)
|
|
LOCATION=$(az disk show --ids "${VM_DISK}" --query "location" -o tsv)
|
|
|
|
az snapshot create \
|
|
-g "${AZURE_RESOURCE_GROUP_NAME}" \
|
|
--source "${VM_DISK}" \
|
|
--name "${AZURE_SNAPSHOT_NAME}" \
|
|
-l "${LOCATION}"
|
|
|
|
# Azure CLI does not implement getSecureVMGuestStateSAS for snapshots yet
|
|
# az snapshot grant-access \
|
|
# --duration-in-seconds 3600 \
|
|
# --access-level Read \
|
|
# --name "${AZURE_SNAPSHOT_NAME}" \
|
|
# -g "${AZURE_RESOURCE_GROUP_NAME}"
|
|
|
|
BEGIN=$(az rest \
|
|
--method post \
|
|
--url "https://management.azure.com/subscriptions/${AZURE_SUBSCRIPTION}/resourceGroups/${AZURE_RESOURCE_GROUP_NAME}/providers/Microsoft.Compute/snapshots/${AZURE_SNAPSHOT_NAME}/beginGetAccess" \
|
|
--uri-parameters api-version="2021-12-01" \
|
|
--body '{"access": "Read", "durationInSeconds": 3600, "getSecureVMGuestStateSAS": true}' \
|
|
--verbose 2>&1)
|
|
ASYNC_OPERATION_URI=$(echo "${BEGIN}" | grep Azure-AsyncOperation | cut -d ' ' -f 7 | tr -d "'")
|
|
sleep 10
|
|
ACCESS=$(az rest --method get --url "${ASYNC_OPERATION_URI}")
|
|
VMGS_URL=$(echo "${ACCESS}" | jq -r '.properties.output.securityDataAccessSAS')
|
|
|
|
curl -fsSL -o "${AZURE_VMGS_FILENAME}" "${VMGS_URL}"
|
|
|
|
az snapshot revoke-access \
|
|
--name "${AZURE_SNAPSHOT_NAME}" \
|
|
-g "${AZURE_RESOURCE_GROUP_NAME}"
|
|
az snapshot delete \
|
|
--name "${AZURE_SNAPSHOT_NAME}" \
|
|
-g "${AZURE_RESOURCE_GROUP_NAME}"
|
|
echo "VMGS saved to ${AZURE_VMGS_FILENAME}"
|