forked from spiffe/spire-tutorials
-
Notifications
You must be signed in to change notification settings - Fork 0
/
3-create-registration-entries.sh
executable file
·30 lines (24 loc) · 1.21 KB
/
3-create-registration-entries.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#/bin/bash
set -e
bb=$(tput bold)
nn=$(tput sgr0)
fingerprint() {
# calculate the SHA1 digest of the DER bytes of the certificate using the
# "coreutils" output format (`-r`) to provide uniform output from
# `openssl sha1` on macOS and linux.
cat $1 | openssl x509 -outform DER | openssl sha1 -r | awk '{print $1}'
}
BROKER_WEBAPP_AGENT_FINGERPRINT=$(fingerprint docker/broker-webapp/conf/agent.crt.pem)
QUOTES_SERVICE_AGENT_FINGERPRINT=$(fingerprint docker/stock-quotes-service/conf/agent.crt.pem)
echo "${bb}Creating registration entry for the broker-webapp...${nn}"
docker-compose exec spire-server-broker bin/spire-server entry create \
-parentID spiffe://broker.example/spire/agent/x509pop/${BROKER_WEBAPP_AGENT_FINGERPRINT} \
-spiffeID spiffe://broker.example/webapp \
-selector unix:user:root \
-federatesWith "spiffe://stockmarket.example"
echo "${bb}Creating registration entry for the stock-quotes-service...${nn}"
docker-compose exec spire-server-stock bin/spire-server entry create \
-parentID spiffe://stockmarket.example/spire/agent/x509pop/${QUOTES_SERVICE_AGENT_FINGERPRINT} \
-spiffeID spiffe://stockmarket.example/quotes-service \
-selector unix:user:root \
-federatesWith "spiffe://broker.example"