Improve Vault login in smile-exec.

- Some environments don't have Vault deployed, don't set the VAULT_ADDR environment variable. - Add a check for VPN connectivity (otherwise Vault isn't accessible). - Login to Vault only if the environment has Vault deployed and I'm connected to the VPN.

Improve Vault login in smile-exec.
7f33b9ac · nimrod · 0c8aca17 · 7f33b9ac
Commit 7f33b9ac authored 3 years ago by nimrod
--- a/Documents/bin/smile-exec
+++ b/Documents/bin/smile-exec
@@ -13,10 +13,16 @@ vault_addr() {
    case "$1" in
        stage) echo "https://vault.smile-staging.aws";;
        prod) echo "https://vault.smile-production.aws";;
+        security) return;;
+        shared-services) return;;
        *) echo "https://vault.smile.aws";;
    esac
 }

+connected_to_vpn() {
+    [ "$(dig env.smile.config TXT)" = "$SMILE_ENV" ]
+}
+
 aws_account() {
    case "$1" in
        sandbox-1) echo "696774765305";;
@@ -77,6 +83,9 @@ export VAULT_ADDR="$(vault_addr "$SMILE_ENV")"
 VAULT_CAPATH="$(bundle show smile-cli)/lib/vault_ca"
 export VAULT_CAPATH

+if [ -n "$VAULT_ADDR" ] && connected_to_vpn
+then
    aws-vault exec "smile-$SMILE_ENV-admin" -- \
            vault login -method aws -no-print role=smile-ops
+fi
 eval exec aws-vault exec "smile-$SMILE_ENV-admin" -- "$@"