-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfigure.sh
More file actions
executable file
·56 lines (43 loc) · 1.39 KB
/
configure.sh
File metadata and controls
executable file
·56 lines (43 loc) · 1.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/usr/bin/env bash
# Copyright 2026 Snowflake Inc.
# SPDX-License-Identifier: MPL-2.0
PLUGIN_DIR=$1
PLUGIN_NAME=$2
CONNECTION_URL=$3
PRIVATE_KEY=$4
SNOWFLAKE_USERNAME=$5
# validate these are set
[ "${PLUGIN_DIR:?}" ]
[ "${PLUGIN_NAME:?}" ]
[ "${CONNECTION_URL:?}" ]
[ "${PRIVATE_KEY:?}" ]
[ "${SNOWFLAKE_USERNAME:?}" ]
CONFIG=snowflake
ROLE=test-role
# Try to clean-up previous runs
vault secrets disable database
vault plugin deregister database "${PLUGIN_NAME}"
sleep 1
# Copy the binary so text file is not busy when rebuilding & the plugin is registered
cp ./bin/"$PLUGIN_NAME" "$PLUGIN_DIR"
SHASUM="$(shasum -a 256 "$PLUGIN_DIR"/"$PLUGIN_NAME" | awk '{print $1}')"
if [[ -z "$SHASUM" ]]; then echo "error: shasum not set"; exit 1; fi
# Sets up the binary with local changes
vault plugin register \
-sha256="${SHASUM}" \
database "${PLUGIN_NAME}"
vault secrets enable database
vault write database/config/${CONFIG} \
plugin_name=${PLUGIN_NAME} \
allowed_roles=${ROLE} \
connection_url=${CONNECTION_URL} \
private_key=${PRIVATE_KEY} \
username=${SNOWFLAKE_USERNAME}
vault write database/roles/${ROLE} \
db_name=${CONFIG} \
creation_statements="CREATE USER {{name}} PASSWORD = '{{password}}'
DAYS_TO_EXPIRY = {{expiration}} DEFAULT_ROLE=public;
GRANT ROLE public TO USER {{name}};" \
default_ttl="1h" \
max_ttl="24h"
vault read database/creds/${ROLE}