NRL-1595 Create script to pull truststore certs for all environments in a given account

Author: atrace

Makefile

@@ -12,6 +12,7 @@ SMOKE_TEST_ARGS ?=
 FEATURE_TEST_ARGS ?= ./tests/features --format progress2
 TF_WORKSPACE_NAME ?= $(shell terraform -chdir=terraform/infrastructure workspace show)
 ENV ?= dev
+ACCOUNT ?= dev
 APP_ALIAS ?= default
 HOST ?= $(TF_WORKSPACE_NAME).api.record-locator.$(ENV).national.nhs.uk
 ENV_TYPE ?= $(ENV)
@@ -201,6 +202,9 @@ truststore-build-ca: check-warn ## Build a CA (Certificate Authority)
 truststore-build-cert: check-warn ## Build a certificate
 	@./scripts/truststore.sh build-cert "$(CA_NAME)" "$(CERT_NAME)" "$(CERT_SUBJECT)"
 
+truststore-pull-all-for-account: check-warn ## Pull all certificates for each environment in a given account
+	@./scripts/truststore.sh pull-all-for-account "$(ACCOUNT)"
+
 truststore-pull-all: check-warn ## Pull all certificates
 	@./scripts/truststore.sh pull-all "$(ENV)"
 

scripts/get-envs-for-account.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+# Get the name of all environments in a provided NRLF account
+set -o errexit -o nounset -o pipefail
+
+if [ $# -ne 1 ]; then
+    echo "Usage: get-envs-for-account.sh <account>"
+    exit 1
+fi
+
+account="$1"
+
+case "${account}" in
+    dev)
+        envs_array=("dev") # "dev-sandbox")
+        echo ${envs_array[@]}
+        ;;
+    test)
+        envs_array=("qa" "perftest" "ref" "int") # "int-sandbox" "qa-sandbox") - I don't have perms for these!
+        echo ${envs_array[@]}
+        ;;
+    prod)
+        envs_array=("prod")
+        echo ${envs_array[@]}
+        ;;
+    *)
+        echo "Unknown account ${account}"
+        exit 1
+esac

scripts/truststore.sh

@@ -303,6 +303,7 @@ function _truststore_pull_server() {
 
 function _truststore_pull_all() {
     env=$1
+
     _truststore_pull_ca $env
     _truststore_pull_client $env
     _truststore_pull_server $env
@@ -311,6 +312,25 @@ function _truststore_pull_all() {
     return 0
 }
 
+function _truststore_pull_all_for_account() {
+    account=$1
+
+    # sets envs_array
+    source ./scripts/get-envs-for-account.sh $account
+
+    echo "Pulling certs for environments ${envs_array[@]} in ${account} account"
+
+    for env in ${envs_array[@]}; do
+        echo "⏳ Pulling ${env} truststore certs"
+        _truststore_pull_ca $env
+        _truststore_pull_client $env
+        _truststore_pull_server $env
+    done
+
+    echo -e "✅ Successfully pulled all ${account} truststore files from s3://${BUCKET}"
+    return 0
+}
+
 function _truststore_push_all() {
     env=$1
 
@@ -364,6 +384,7 @@ function _truststore() {
         "build-ca") _truststore_build_ca $args ;;
         "build-cert") _truststore_build_cert $args ;;
         "pull-all") _truststore_pull_all $args ;;
+        "pull-all-for-account") _truststore_pull_all_for_account $args ;;
         "pull-server") _truststore_pull_server $args ;;
         "pull-client") _truststore_pull_client $args ;;
         "pull-ca") _truststore_pull_ca $args ;;