More fun with #just recipes. This one pulls together a bunch of tasks I need to do when I create a bucket, account, user, and policy for s3, storing the credentials in 1Password. I’ll probably have it output a #k8s secret as well.
# create a new bucket, account, and policy
new-bucket-account bucket:
#!/usr/bin/env bash
set -uo pipefail
mc mb "$TARGET/{{ bucket }}"
USER="$(pwgen 20 1)"
PASSWORD="$(pwgen 40 1)"
mc admin user add "$TARGET" "$USER" "$PASSWORD"
ACCOUNT="{{bucket}} s3 account"
op item create --vault k8s --title "$ACCOUNT" --tags k8s,minio - username="$USER" password="$PASSWORD"
mc admin policy create "$TARGET" "{{bucket}}" <(sed 's/BUCKET/{{bucket}}/' < policy-template.json)
mc admin policy attach "$TARGET" "{{bucket}}" --user "$USER"
@echo "added \"$ACCOUNT\" to 1password"
There are no comments yet.