From 7f33b9acaf56d22774c3dc013d3f64e929301616 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Tue, 21 Dec 2021 10:35:25 +0200
Subject: [PATCH] Improve Vault login in smile-exec.

- Some environments don't have Vault deployed, don't set the VAULT_ADDR
  environment variable.
- Add a check for VPN connectivity (otherwise Vault isn't accessible).
- Login to Vault only if the environment has Vault deployed and I'm
  connected to the VPN.
---
 Documents/bin/smile-exec | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/Documents/bin/smile-exec b/Documents/bin/smile-exec
index 3abe020..220ca5c 100755
--- a/Documents/bin/smile-exec
+++ b/Documents/bin/smile-exec
@@ -13,10 +13,16 @@ vault_addr() {
     case "$1" in
         stage) echo "https://vault.smile-staging.aws";;
         prod) echo "https://vault.smile-production.aws";;
+        security) return;;
+        shared-services) return;;
         *) echo "https://vault.smile.aws";;
     esac
 }
 
+connected_to_vpn() {
+    [ "$(dig env.smile.config TXT)" = "$SMILE_ENV" ]
+}
+
 aws_account() {
     case "$1" in
         sandbox-1) echo "696774765305";;
@@ -77,6 +83,9 @@ export VAULT_ADDR="$(vault_addr "$SMILE_ENV")"
 VAULT_CAPATH="$(bundle show smile-cli)/lib/vault_ca"
 export VAULT_CAPATH
 
-aws-vault exec "smile-$SMILE_ENV-admin" -- \
-        vault login -method aws -no-print role=smile-ops
+if [ -n "$VAULT_ADDR" ] && connected_to_vpn
+then
+    aws-vault exec "smile-$SMILE_ENV-admin" -- \
+            vault login -method aws -no-print role=smile-ops
+fi
 eval exec aws-vault exec "smile-$SMILE_ENV-admin" -- "$@"
-- 
GitLab