Skip to content

[CHANGE] New feature "vault" #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Feb 15, 2025
Merged

[CHANGE] New feature "vault" #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions src/vault/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@

# HashiCorp Vault (vault)

Installs the HashiCorp Vault binary.

## Example Usage

```json
"features": {
"ghcr.io/RouL/devcontainer-features/vault:1": {}
}
```

## Options

| Options Id | Description | Type | Default Value |
|-----|-----|-----|-----|
| version | Provides the version to be installed. Defaults to newest available version. | string | - |



---

_Note: This file was auto-generated from the [devcontainer-feature.json](https://github.com/RouL/devcontainer-features/blob/main/src/vault/devcontainer-feature.json). Add additional notes to a `NOTES.md`._
13 changes: 13 additions & 0 deletions src/vault/devcontainer-feature.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{
"id": "vault",
"version": "1.0.0",
"name": "HashiCorp Vault",
"description": "Installs the HashiCorp Vault binary.",
"options": {
"version": {
"description": "Provides the version to be installed. Defaults to newest available version.",
"type": "string",
"default": ""
}
}
}
90 changes: 90 additions & 0 deletions src/vault/install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
#!/bin/sh
set -e

SERVER_BASE="${SERVER_BASE}"
SERVER_API="${SERVER_API}"
SERVER_IDENTITY="${SERVER_IDENTITY}"

REQUIRED_PACKAGES="curl unzip sudo ca-certificates jq gpg"
TARGET_PATH=/usr/local/bin/vault

# check: https://developer.hashicorp.com/well-architected-framework/operational-excellence/verify-hashicorp-binary#verify-pgp-key-id-and-fingerprint
GPG_FINGERPRINT="C874011F0AB405110D02105534365D9472D7468F"

PRODUCT="vault"
OS="linux"

error() {
echo "$1" >&2
echo "Exiting..." >&2
exit 1
}

apt_get_update()
{
if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
echo "Running apt-get update..."
apt-get update -y
fi
}

check_packages() {
if ! dpkg -s "$@" > /dev/null 2>&1; then
apt_get_update
apt-get -y install --no-install-recommends "$@"
fi
}

arch_detect() {
if [ "$(uname -m)" = "x86_64" ]; then
ARCH="amd64"
elif [ "$(uname -m)" = "aarch64" ]; then
ARCH="arm64"
else
error "Unsupported architecture: $(uname -m)"
fi
}

export DEBIAN_FRONTEND=noninteractive

check_packages $REQUIRED_PACKAGES

CURRENT_TAG="$(curl -L https://api.github.com/repos/hashicorp/vault/releases/latest | jq --raw-output '.tag_name')"
CURRENT_VERSION="${CURRENT_TAG#v}"
VERSION="${VERSION:-$CURRENT_VERSION}"

arch_detect

install() {
# create gpg env for signature validation
export GNUPGHOME=./.gnupg
gpg --no-tty --quick-generate-key --batch --passphrase "" human@example.com
curl -L --remote-name https://www.hashicorp.com/.well-known/pgp-key.txt
gpg --no-tty --import pgp-key.txt
gpg --no-tty --quick-sign-key $GPG_FINGERPRINT # trust HashiCorp Key

# download vault, sha256 sums and signature
curl -L --remote-name https://releases.hashicorp.com/"${PRODUCT}"/"${VERSION}"/"${PRODUCT}"_"${VERSION}"_"${OS}_${ARCH}".zip
curl -L --remote-name https://releases.hashicorp.com/"${PRODUCT}"/"${VERSION}"/"${PRODUCT}"_"${VERSION}"_SHA256SUMS
curl -L --remote-name https://releases.hashicorp.com/"${PRODUCT}"/"${VERSION}"/"${PRODUCT}"_"${VERSION}"_SHA256SUMS.sig

# verify integrity
gpg --no-tty --verify ${PRODUCT}_${VERSION}_SHA256SUMS.sig ${PRODUCT}_${VERSION}_SHA256SUMS
sha256sum --check --ignore-missing ${PRODUCT}_${VERSION}_SHA256SUMS

unzip "${PRODUCT}"_"${VERSION}"_"${OS}_${ARCH}".zip
rm -f "${PRODUCT}"_"${VERSION}"_"${OS}_${ARCH}".zip LICENSE.txt "${PRODUCT}"_"${VERSION}"_SHA256SUMS "${PRODUCT}"_"${VERSION}"_SHA256SUMS.sig

chmod a+x vault
mv vault $TARGET_PATH
}

echo "(*) Installing HashiCorp Vault binary..."

install

# Clean up
rm -rf /var/lib/apt/lists/*
rm -rf .gnupg

echo "Done!"
18 changes: 18 additions & 0 deletions test/vault/scenarios.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"version-1_17_6": {
"image": "mcr.microsoft.com/devcontainers/base:ubuntu",
"features": {
"vault": {
"version": "1.17.6"
}
}
},
"version-1_10_11-ent": {
"image": "mcr.microsoft.com/devcontainers/base:ubuntu",
"features": {
"vault": {
"version": "1.10.11+ent"
}
}
}
}
6 changes: 6 additions & 0 deletions test/vault/test.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/bin/bash
set -e

source dev-container-features-test-lib

check "vault --version" bash -c "vault --version | grep -E '^Vault v[1-9][0-9]*\\.[0-9]+\\.[0-9]+ '"
6 changes: 6 additions & 0 deletions test/vault/version-1_10_11-ent.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/bin/bash
set -e

source dev-container-features-test-lib

check "vault --version" bash -c "vault --version | grep -E '^Vault v1\\.10\\.11\+ent '"
6 changes: 6 additions & 0 deletions test/vault/version-1_17_6.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#!/bin/bash
set -e

source dev-container-features-test-lib

check "vault --version" bash -c "vault --version | grep -E '^Vault v1\\.17\\.6 '"