-
Notifications
You must be signed in to change notification settings - Fork 8.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'upstream/main' into ml-fix-smv-metric-n…
…ot-showing-n-mismatch-tooltip
- Loading branch information
Showing
1,102 changed files
with
12,280 additions
and
3,922 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -euo pipefail | ||
|
||
source "$(dirname "${BASH_SOURCE[0]}")/vault_fns.sh" | ||
|
||
BUCKET_OR_EMAIL="${1:-}" | ||
GCLOUD_EMAIL_POSTFIX="elastic-kibana-ci.iam.gserviceaccount.com" | ||
GCLOUD_SA_PROXY_EMAIL="kibana-ci-sa-proxy@$GCLOUD_EMAIL_POSTFIX" | ||
|
||
if [[ -z "$BUCKET_OR_EMAIL" ]]; then | ||
echo "Usage: $0 <bucket_name|email>" | ||
exit 1 | ||
elif [[ "$BUCKET_OR_EMAIL" == "--unset-impersonation" ]]; then | ||
echo "Unsetting impersonation" | ||
gcloud config unset auth/impersonate_service_account | ||
exit 0 | ||
elif [[ "$BUCKET_OR_EMAIL" == "--logout-gcloud" ]]; then | ||
echo "Logging out of gcloud" | ||
if [[ -x "$(command -v gcloud)" ]] && [[ "$(gcloud auth list 2>/dev/null | grep $GCLOUD_SA_PROXY_EMAIL)" != "" ]]; then | ||
gcloud auth revoke $GCLOUD_SA_PROXY_EMAIL --no-user-output-enabled | ||
fi | ||
exit 0 | ||
fi | ||
|
||
CURRENT_GCLOUD_USER=$(gcloud auth list --filter="status=ACTIVE" --format="value(account)") | ||
|
||
# Verify that the service account proxy is activated | ||
if [[ "$CURRENT_GCLOUD_USER" != "$GCLOUD_SA_PROXY_EMAIL" ]]; then | ||
if [[ -x "$(command -v gcloud)" ]]; then | ||
if [[ -z "${KIBANA_SERVICE_ACCOUNT_PROXY_KEY:-}" ]]; then | ||
echo "KIBANA_SERVICE_ACCOUNT_PROXY_KEY is not set, cannot activate service account $GCLOUD_SA_PROXY_EMAIL." | ||
exit 1 | ||
fi | ||
|
||
AUTH_RESULT=$(gcloud auth activate-service-account --key-file="$KIBANA_SERVICE_ACCOUNT_PROXY_KEY" || "FAILURE") | ||
if [[ "$AUTH_RESULT" == "FAILURE" ]]; then | ||
echo "Failed to activate service account $GCLOUD_SA_PROXY_EMAIL." | ||
exit 1 | ||
else | ||
echo "Activated service account $GCLOUD_SA_PROXY_EMAIL" | ||
fi | ||
else | ||
echo "gcloud is not installed, cannot activate service account $GCLOUD_SA_PROXY_EMAIL." | ||
exit 1 | ||
fi | ||
fi | ||
|
||
# Check if the arg is a service account e-mail or a bucket name | ||
EMAIL="" | ||
if [[ "$BUCKET_OR_EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then | ||
EMAIL="$BUCKET_OR_EMAIL" | ||
elif [[ "$BUCKET_OR_EMAIL" =~ ^gs://* ]]; then | ||
BUCKET_NAME="${BUCKET_OR_EMAIL:5}" | ||
else | ||
BUCKET_NAME="$BUCKET_OR_EMAIL" | ||
fi | ||
|
||
if [[ -z "$EMAIL" ]]; then | ||
case "$BUCKET_NAME" in | ||
"elastic-kibana-coverage-live") | ||
EMAIL="kibana-ci-access-coverage@$GCLOUD_EMAIL_POSTFIX" | ||
;; | ||
"kibana-ci-es-snapshots-daily") | ||
EMAIL="kibana-ci-access-es-snapshots@$GCLOUD_EMAIL_POSTFIX" | ||
;; | ||
"kibana-so-types-snapshots") | ||
EMAIL="kibana-ci-access-so-snapshots@$GCLOUD_EMAIL_POSTFIX" | ||
;; | ||
"kibana-performance") | ||
EMAIL="kibana-ci-access-perf-stats@$GCLOUD_EMAIL_POSTFIX" | ||
;; | ||
"ci-artifacts.kibana.dev") | ||
EMAIL="kibana-ci-access-artifacts@$GCLOUD_EMAIL_POSTFIX" | ||
;; | ||
*) | ||
EMAIL="$BUCKET_NAME@$GCLOUD_EMAIL_POSTFIX" | ||
;; | ||
esac | ||
fi | ||
|
||
# Activate the service account | ||
echo "Impersonating $EMAIL" | ||
gcloud config set auth/impersonate_service_account "$EMAIL" | ||
echo "Activated service account $EMAIL" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
#!/bin/bash | ||
|
||
# TODO: remove after https://github.com/elastic/kibana-operations/issues/15 is done | ||
if [[ "${VAULT_ADDR:-}" == *"secrets.elastic.co"* ]]; then | ||
VAULT_PATH_PREFIX="secret/kibana-issues/dev" | ||
VAULT_KV_PREFIX="secret/kibana-issues/dev" | ||
IS_LEGACY_VAULT_ADDR=true | ||
else | ||
VAULT_PATH_PREFIX="secret/ci/elastic-kibana" | ||
VAULT_KV_PREFIX="kv/ci-shared/kibana-deployments" | ||
IS_LEGACY_VAULT_ADDR=false | ||
fi | ||
export IS_LEGACY_VAULT_ADDR | ||
|
||
retry() { | ||
local retries=$1; shift | ||
local delay=$1; shift | ||
local attempts=1 | ||
|
||
until "$@"; do | ||
retry_exit_status=$? | ||
echo "Exited with $retry_exit_status" >&2 | ||
if (( retries == "0" )); then | ||
return $retry_exit_status | ||
elif (( attempts == retries )); then | ||
echo "Failed $attempts retries" >&2 | ||
return $retry_exit_status | ||
else | ||
echo "Retrying $((retries - attempts)) more times..." >&2 | ||
attempts=$((attempts + 1)) | ||
sleep "$delay" | ||
fi | ||
done | ||
} | ||
|
||
vault_get() { | ||
key_path=${1:-} | ||
field=${2:-} | ||
|
||
fullPath="$VAULT_PATH_PREFIX/$key_path" | ||
|
||
if [[ -z "$field" || "$field" =~ ^-.* ]]; then | ||
retry 5 5 vault read "$fullPath" "${@:2}" | ||
else | ||
retry 5 5 vault read -field="$field" "$fullPath" "${@:3}" | ||
fi | ||
} | ||
|
||
vault_set() { | ||
key_path=$1 | ||
shift | ||
fields=("$@") | ||
|
||
|
||
fullPath="$VAULT_PATH_PREFIX/$key_path" | ||
|
||
# shellcheck disable=SC2068 | ||
retry 5 5 vault write "$fullPath" ${fields[@]} | ||
} | ||
|
||
vault_kv_set() { | ||
kv_path=$1 | ||
shift | ||
fields=("$@") | ||
|
||
vault kv put "$VAULT_KV_PREFIX/$kv_path" "${fields[@]}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.