Update get-fileshare-signed-url.sh script content
#1568
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![jenkins-infra-updatecli[bot]](https://avatars.githubusercontent.com/in/178728?s=60&v=4){kind=small}
Made with ❤️️ by updatecli
jenkins-infra-updatecli
bot
added
enhancement
dduportal
approved these changes
Dec 2, 2024
dduportal
deleted the
updatecli_main_f3523bdf33dc26cfc9fd2d0706db3c7127f3542375bb5a60b752d30e380c2d9d
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update get-fileshare-signed-url.sh script content
Update script content
1 file(s) updated with "#!/bin/bash\n# Purpose: Shell script to get a file share URL signed with a short-lived SAS token\n# --\n# Description: This script uses either a service principal or either a storage account access key to generate a SAS token\n# and returns the file share URL composed of the storage resource URI and the SAS token.\n# Ref: https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview\n# --\n# Usage:\n# - Return a file share signed URL: ./get-fileshare-signed-url.sh\n# - Interact with a file share and azcopy: azcopy list \"$(./get-fileshare-signed-url.sh)\"\n# --\n# Required parameters defined as environment variables:\n# - STORAGE_FILESHARE: the file share name\n# - STORAGE_NAME: the storage account name where the file share is located\n# - STORAGE_DURATION_IN_MINUTE: lifetime of the short-lived SAS token, in minute\n# - STORAGE_PERMISSIONS: the permission(s) granted on the file share, any of \"dlrw\" (note: the order matters)\n#\n# Depending on wether you want to use a service principal or an access key to generate the SAS token, you'll also need either:\n# - AZURE_STORAGE_KEY: the storage account access key\n# or\n# - JENKINS_INFRA_FILESHARE_CLIENT_ID: the service principal app registration client id\n# - JENKINS_INFRA_FILESHARE_CLIENT_SECRET: the service principal client secret\n# - JENKINS_INFRA_FILESHARE_TENANT_ID: the file share tenant id\n# --------------------------------------------------------------------------------\nset -Eeu -o pipefail\n\n# Don't print any trace\nset +x\n\n: \"${STORAGE_FILESHARE?}\" \"${STORAGE_NAME?}\" \"${STORAGE_DURATION_IN_MINUTE?}\" \"${STORAGE_PERMISSIONS?}\"\n\n# Ensure the script is re-entrant by using unique temporary `az` configuration directory for each call\n# Ref. https://learn.microsoft.com/en-us/cli/azure/use-azure-cli-successfully?tabs=bash%2Cbash2#concurrent-execution\nAZURE_CONFIG_DIR=\"$(mktemp -d)\"\nexport AZURE_CONFIG_DIR\n\naccountKeyArg=()\nshouldLogout=\"true\"\n# If a storage account key env var exists, use it instead of a service principal to generate a file share SAS token\nif [[ -n \"${AZURE_STORAGE_KEY:=\"\"}\" ]]; then\n accountKeyArg=(\"--account-key\" \"${AZURE_STORAGE_KEY}\")\n shouldLogout=\"false\"\nelse\n # If there is no account key env var defined, require env vars needed to use a service principal\n : \"${JENKINS_INFRA_FILESHARE_CLIENT_ID?}\" \"${JENKINS_INFRA_FILESHARE_CLIENT_SECRET?}\" \"${JENKINS_INFRA_FILESHARE_TENANT_ID?}\"\n\n # Login without the JSON output from az\n az login --service-principal \\\n --user \"${JENKINS_INFRA_FILESHARE_CLIENT_ID}\" \\\n --password \"${JENKINS_INFRA_FILESHARE_CLIENT_SECRET}\" \\\n --tenant \"${JENKINS_INFRA_FILESHARE_TENANT_ID}\" > /dev/null\nfi\n\n# date(1) isn't GNU compliant on MacOS, using gdate(1) in that case\n[[ \"$(uname || true)\" == \"Darwin\" ]] && dateCmd=\"gdate\" || dateCmd=\"date\"\nexpiry=\"$(\"${dateCmd}\" --utc --date \"+${STORAGE_DURATION_IN_MINUTE} minutes\" +\"%Y-%m-%dT%H:%MZ\")\"\n\n# Generate a SAS token, remove double quotes around it and replace potential '/' by '%2F'\ntoken=\"$ (az storage share generate-sas \"${accountKeyArg[@]}\" \\\n--name \"${STORAGE_FILESHARE}\" \\\n--account-name \"${STORAGE_NAME}\" \\\n--https-only \\\n--permissions \"${STORAGE_PERMISSIONS}\" \\\n--expiry \"${expiry}\" \\\n--only-show-errors \\\n| sed 's/\\\"//g' \\\n| sed 's|/|%2F|g')\"\n\n[[ \"${shouldLogout}\" == \"true\" ]] && az logout\n\necho \"https://${STORAGE_NAME}.file.core.windows.net/${STORAGE_FILESHARE}/?${token}\"\n":
* provisioning/get-fileshare-signed-url.sh
Created automatically by Updatecli
Options:
Most of Updatecli configuration is done via its manifest(s).
Feel free to report any issues at github.com/updatecli/updatecli.
If you find this tool useful, do not hesitate to star our GitHub repository as a sign of appreciation, and/or to tell us directly on our chat!