bkoehn@diaspora.koehn.com
Brad Koehn ☑️

More fun with #just recipes. This one pulls together a bunch of tasks I need to do when I create a bucket, account, user, and policy for s3, storing the credentials in 1Password. I’ll probably have it output a #k8s secret as well. 

# create a new bucket, account, and policy
new-bucket-account bucket:
  #!/usr/bin/env bash
  set -uo pipefail
  mc mb "$TARGET/{{ bucket }}"
  USER="$(pwgen 20 1)"
  PASSWORD="$(pwgen 40 1)"
  mc admin user add "$TARGET" "$USER" "$PASSWORD"
  ACCOUNT="{{bucket}} s3 account"
  op item create --vault k8s --title "$ACCOUNT" --tags k8s,minio - username="$USER" password="$PASSWORD"
  mc admin policy create "$TARGET" "{{bucket}}" <(sed 's/BUCKET/{{bucket}}/' < policy-template.json)
  mc admin policy attach "$TARGET" "{{bucket}}" --user "$USER"
  @echo "added \"$ACCOUNT\" to 1password"

There are no comments yet.