etcd-io__etcd/hack/scripts-dev/docker-dns/certs-common-name-auth/run.sh

#!/bin/sh
rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data

/etc/init.d/bind9 start

# get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost
cat /dev/null >/etc/hosts

goreman -f /certs-common-name-auth/Procfile start &

# TODO: remove random sleeps
sleep 7s

ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379 \
  endpoint health --cluster

ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  put abc def

ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  get abc

sleep 1s && printf "\n"
echo "Step 1. creating root role"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  role add root

sleep 1s && printf "\n"
echo "Step 2. granting readwrite 'foo' permission to role 'root'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  role grant-permission root readwrite foo

sleep 1s && printf "\n"
echo "Step 3. getting role 'root'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  role get root

sleep 1s && printf "\n"
echo "Step 4. creating user 'root'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  --interactive=false \
  user add root:123

sleep 1s && printf "\n"
echo "Step 5. granting role 'root' to user 'root'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  user grant-role root root

sleep 1s && printf "\n"
echo "Step 6. getting user 'root'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  user get root

sleep 1s && printf "\n"
echo "Step 7. enabling auth"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  auth enable

sleep 1s && printf "\n"
echo "Step 8. writing 'foo' with 'root:123'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  --user=root:123 \
  put foo bar

sleep 1s && printf "\n"
echo "Step 9. writing 'aaa' with 'root:123'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  --user=root:123 \
  put aaa bbb

sleep 1s && printf "\n"
echo "Step 10. writing 'foo' without 'root:123'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  put foo bar

sleep 1s && printf "\n"
echo "Step 11. reading 'foo' with 'root:123'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  --user=root:123 \
  get foo

sleep 1s && printf "\n"
echo "Step 12. reading 'aaa' with 'root:123'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  --user=root:123 \
  get aaa

sleep 1s && printf "\n"
echo "Step 13. creating a new user 'test-common-name:test-pass'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  --user=root:123 \
  --interactive=false \
  user add test-common-name:test-pass

sleep 1s && printf "\n"
echo "Step 14. creating a role 'test-role'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  --user=root:123 \
  role add test-role

sleep 1s && printf "\n"
echo "Step 15. granting readwrite 'aaa' --prefix permission to role 'test-role'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  --user=root:123 \
  role grant-permission test-role readwrite aaa --prefix

sleep 1s && printf "\n"
echo "Step 16. getting role 'test-role'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  --user=root:123 \
  role get test-role

sleep 1s && printf "\n"
echo "Step 17. granting role 'test-role' to user 'test-common-name'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  --user=root:123 \
  user grant-role test-common-name test-role

sleep 1s && printf "\n"
echo "Step 18. writing 'aaa' with 'test-common-name:test-pass'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  --user=test-common-name:test-pass \
  put aaa bbb

sleep 1s && printf "\n"
echo "Step 19. writing 'bbb' with 'test-common-name:test-pass'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  --user=test-common-name:test-pass \
  put bbb bbb

sleep 1s && printf "\n"
echo "Step 20. reading 'aaa' with 'test-common-name:test-pass'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  --user=test-common-name:test-pass \
  get aaa

sleep 1s && printf "\n"
echo "Step 21. reading 'bbb' with 'test-common-name:test-pass'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  --user=test-common-name:test-pass \
  get bbb

sleep 1s && printf "\n"
echo "Step 22. writing 'aaa' with CommonName 'test-common-name'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  put aaa ccc

sleep 1s && printf "\n"
echo "Step 23. reading 'aaa' with CommonName 'test-common-name'"
ETCDCTL_API=3 ./etcdctl \
  --cacert=/certs-common-name-auth/ca.crt \
  --cert=/certs-common-name-auth/server.crt \
  --key=/certs-common-name-auth/server.key.insecure \
  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
  get aaa