def9c2fd7a
Add named instance support matching the existing cloudflare pattern:
- credentials.sh: woodpecker-<name> loads .woodpecker.<name>.{url,token}
- credentials.sh: bare woodpecker resolves via .woodpecker.default or
WOODPECKER_INSTANCE env, with legacy flat-key fallback
- All 3 pipeline tools accept -a <instance> flag to select instance
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
220 lines
8.9 KiB
Bash
Executable File
220 lines
8.9 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
#
|
|
# credentials.sh — Shared credential loader for Mosaic tool suites
|
|
#
|
|
# Usage: source ~/.config/mosaic/tools/_lib/credentials.sh
|
|
# load_credentials <service-name>
|
|
#
|
|
# Loads credentials from environment variables first, then falls back
|
|
# to ~/src/jarvis-brain/credentials.json (or MOSAIC_CREDENTIALS_FILE).
|
|
#
|
|
# Supported services:
|
|
# portainer, coolify, authentik, glpi, github,
|
|
# gitea-mosaicstack, gitea-usc, woodpecker, cloudflare
|
|
#
|
|
# After loading, service-specific env vars are exported.
|
|
# Run `load_credentials --help` for details.
|
|
|
|
MOSAIC_CREDENTIALS_FILE="${MOSAIC_CREDENTIALS_FILE:-$HOME/src/jarvis-brain/credentials.json}"
|
|
|
|
_mosaic_require_jq() {
|
|
if ! command -v jq &>/dev/null; then
|
|
echo "Error: jq is required but not installed" >&2
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
_mosaic_read_cred() {
|
|
local jq_path="$1"
|
|
if [[ ! -f "$MOSAIC_CREDENTIALS_FILE" ]]; then
|
|
echo "Error: Credentials file not found: $MOSAIC_CREDENTIALS_FILE" >&2
|
|
return 1
|
|
fi
|
|
jq -r "$jq_path // empty" "$MOSAIC_CREDENTIALS_FILE"
|
|
}
|
|
|
|
load_credentials() {
|
|
local service="$1"
|
|
|
|
if [[ -z "$service" || "$service" == "--help" ]]; then
|
|
cat <<'EOF'
|
|
Usage: load_credentials <service>
|
|
|
|
Services and exported variables:
|
|
portainer → PORTAINER_URL, PORTAINER_API_KEY
|
|
coolify → COOLIFY_URL, COOLIFY_TOKEN
|
|
authentik → AUTHENTIK_URL, AUTHENTIK_TOKEN, AUTHENTIK_USERNAME, AUTHENTIK_PASSWORD
|
|
glpi → GLPI_URL, GLPI_APP_TOKEN, GLPI_USER_TOKEN
|
|
github → GITHUB_TOKEN
|
|
gitea-mosaicstack → GITEA_URL, GITEA_TOKEN
|
|
gitea-usc → GITEA_URL, GITEA_TOKEN
|
|
woodpecker → WOODPECKER_URL, WOODPECKER_TOKEN (uses default instance)
|
|
woodpecker-<name> → WOODPECKER_URL, WOODPECKER_TOKEN (specific instance, e.g. woodpecker-usc)
|
|
cloudflare → CLOUDFLARE_API_TOKEN (uses default instance)
|
|
cloudflare-<name> → CLOUDFLARE_API_TOKEN (specific instance, e.g. cloudflare-personal)
|
|
EOF
|
|
return 0
|
|
fi
|
|
|
|
_mosaic_require_jq || return 1
|
|
|
|
case "$service" in
|
|
portainer)
|
|
export PORTAINER_URL="${PORTAINER_URL:-$(_mosaic_read_cred '.portainer.url')}"
|
|
export PORTAINER_API_KEY="${PORTAINER_API_KEY:-$(_mosaic_read_cred '.portainer.api_key')}"
|
|
PORTAINER_URL="${PORTAINER_URL%/}"
|
|
[[ -n "$PORTAINER_URL" ]] || { echo "Error: portainer.url not found" >&2; return 1; }
|
|
[[ -n "$PORTAINER_API_KEY" ]] || { echo "Error: portainer.api_key not found" >&2; return 1; }
|
|
;;
|
|
coolify)
|
|
export COOLIFY_URL="${COOLIFY_URL:-$(_mosaic_read_cred '.coolify.url')}"
|
|
export COOLIFY_TOKEN="${COOLIFY_TOKEN:-$(_mosaic_read_cred '.coolify.app_token')}"
|
|
COOLIFY_URL="${COOLIFY_URL%/}"
|
|
[[ -n "$COOLIFY_URL" ]] || { echo "Error: coolify.url not found" >&2; return 1; }
|
|
[[ -n "$COOLIFY_TOKEN" ]] || { echo "Error: coolify.app_token not found" >&2; return 1; }
|
|
;;
|
|
authentik)
|
|
export AUTHENTIK_URL="${AUTHENTIK_URL:-$(_mosaic_read_cred '.authentik.url')}"
|
|
export AUTHENTIK_TOKEN="${AUTHENTIK_TOKEN:-$(_mosaic_read_cred '.authentik.token')}"
|
|
export AUTHENTIK_USERNAME="${AUTHENTIK_USERNAME:-$(_mosaic_read_cred '.authentik.username')}"
|
|
export AUTHENTIK_PASSWORD="${AUTHENTIK_PASSWORD:-$(_mosaic_read_cred '.authentik.password')}"
|
|
AUTHENTIK_URL="${AUTHENTIK_URL%/}"
|
|
[[ -n "$AUTHENTIK_URL" ]] || { echo "Error: authentik.url not found" >&2; return 1; }
|
|
;;
|
|
glpi)
|
|
export GLPI_URL="${GLPI_URL:-$(_mosaic_read_cred '.glpi.url')}"
|
|
export GLPI_APP_TOKEN="${GLPI_APP_TOKEN:-$(_mosaic_read_cred '.glpi.app_token')}"
|
|
export GLPI_USER_TOKEN="${GLPI_USER_TOKEN:-$(_mosaic_read_cred '.glpi.user_token')}"
|
|
GLPI_URL="${GLPI_URL%/}"
|
|
[[ -n "$GLPI_URL" ]] || { echo "Error: glpi.url not found" >&2; return 1; }
|
|
;;
|
|
github)
|
|
export GITHUB_TOKEN="${GITHUB_TOKEN:-$(_mosaic_read_cred '.github.token')}"
|
|
[[ -n "$GITHUB_TOKEN" ]] || { echo "Error: github.token not found" >&2; return 1; }
|
|
;;
|
|
gitea-mosaicstack)
|
|
export GITEA_URL="${GITEA_URL:-$(_mosaic_read_cred '.gitea.mosaicstack.url')}"
|
|
export GITEA_TOKEN="${GITEA_TOKEN:-$(_mosaic_read_cred '.gitea.mosaicstack.token')}"
|
|
GITEA_URL="${GITEA_URL%/}"
|
|
[[ -n "$GITEA_URL" ]] || { echo "Error: gitea.mosaicstack.url not found" >&2; return 1; }
|
|
[[ -n "$GITEA_TOKEN" ]] || { echo "Error: gitea.mosaicstack.token not found" >&2; return 1; }
|
|
;;
|
|
gitea-usc)
|
|
export GITEA_URL="${GITEA_URL:-$(_mosaic_read_cred '.gitea.usc.url')}"
|
|
export GITEA_TOKEN="${GITEA_TOKEN:-$(_mosaic_read_cred '.gitea.usc.token')}"
|
|
GITEA_URL="${GITEA_URL%/}"
|
|
[[ -n "$GITEA_URL" ]] || { echo "Error: gitea.usc.url not found" >&2; return 1; }
|
|
[[ -n "$GITEA_TOKEN" ]] || { echo "Error: gitea.usc.token not found" >&2; return 1; }
|
|
;;
|
|
woodpecker-*)
|
|
local wp_instance="${service#woodpecker-}"
|
|
export WOODPECKER_URL="${WOODPECKER_URL:-$(_mosaic_read_cred ".woodpecker.${wp_instance}.url")}"
|
|
export WOODPECKER_TOKEN="${WOODPECKER_TOKEN:-$(_mosaic_read_cred ".woodpecker.${wp_instance}.token")}"
|
|
export WOODPECKER_INSTANCE="$wp_instance"
|
|
WOODPECKER_URL="${WOODPECKER_URL%/}"
|
|
[[ -n "$WOODPECKER_URL" ]] || { echo "Error: woodpecker.${wp_instance}.url not found" >&2; return 1; }
|
|
[[ -n "$WOODPECKER_TOKEN" ]] || { echo "Error: woodpecker.${wp_instance}.token not found" >&2; return 1; }
|
|
;;
|
|
woodpecker)
|
|
# Resolve default instance, then load it
|
|
local wp_default
|
|
wp_default="${WOODPECKER_INSTANCE:-$(_mosaic_read_cred '.woodpecker.default')}"
|
|
if [[ -z "$wp_default" ]]; then
|
|
# Fallback: try legacy flat structure (.woodpecker.url / .woodpecker.token)
|
|
local legacy_url
|
|
legacy_url="$(_mosaic_read_cred '.woodpecker.url')"
|
|
if [[ -n "$legacy_url" ]]; then
|
|
export WOODPECKER_URL="${WOODPECKER_URL:-$legacy_url}"
|
|
export WOODPECKER_TOKEN="${WOODPECKER_TOKEN:-$(_mosaic_read_cred '.woodpecker.token')}"
|
|
WOODPECKER_URL="${WOODPECKER_URL%/}"
|
|
[[ -n "$WOODPECKER_URL" ]] || { echo "Error: woodpecker.url not found" >&2; return 1; }
|
|
[[ -n "$WOODPECKER_TOKEN" ]] || { echo "Error: woodpecker.token not found" >&2; return 1; }
|
|
else
|
|
echo "Error: woodpecker.default not set and no WOODPECKER_INSTANCE env var" >&2
|
|
echo "Available instances: $(jq -r '.woodpecker | keys | join(", ")' "$MOSAIC_CREDENTIALS_FILE" 2>/dev/null)" >&2
|
|
return 1
|
|
fi
|
|
else
|
|
load_credentials "woodpecker-${wp_default}"
|
|
fi
|
|
;;
|
|
cloudflare-*)
|
|
local cf_instance="${service#cloudflare-}"
|
|
export CLOUDFLARE_API_TOKEN="${CLOUDFLARE_API_TOKEN:-$(_mosaic_read_cred ".cloudflare.${cf_instance}.api_token")}"
|
|
export CLOUDFLARE_INSTANCE="$cf_instance"
|
|
[[ -n "$CLOUDFLARE_API_TOKEN" ]] || { echo "Error: cloudflare.${cf_instance}.api_token not found" >&2; return 1; }
|
|
;;
|
|
cloudflare)
|
|
# Resolve default instance, then load it
|
|
local cf_default
|
|
cf_default="${CLOUDFLARE_INSTANCE:-$(_mosaic_read_cred '.cloudflare.default')}"
|
|
if [[ -z "$cf_default" ]]; then
|
|
echo "Error: cloudflare.default not set and no CLOUDFLARE_INSTANCE env var" >&2
|
|
return 1
|
|
fi
|
|
load_credentials "cloudflare-${cf_default}"
|
|
;;
|
|
*)
|
|
echo "Error: Unknown service '$service'" >&2
|
|
echo "Supported: portainer, coolify, authentik, glpi, github, gitea-mosaicstack, gitea-usc, woodpecker[-<name>], cloudflare[-<name>]" >&2
|
|
return 1
|
|
;;
|
|
esac
|
|
}
|
|
|
|
# Common HTTP helper — makes a curl request and separates body from status code
|
|
# Usage: mosaic_http GET "/api/v1/endpoint" "Authorization: Bearer $TOKEN" [base_url]
|
|
# Returns: body on stdout, sets MOSAIC_HTTP_CODE
|
|
mosaic_http() {
|
|
local method="$1"
|
|
local endpoint="$2"
|
|
local auth_header="$3"
|
|
local base_url="${4:-}"
|
|
|
|
local response
|
|
response=$(curl -sk -w "\n%{http_code}" -X "$method" \
|
|
-H "$auth_header" \
|
|
-H "Content-Type: application/json" \
|
|
"${base_url}${endpoint}")
|
|
|
|
MOSAIC_HTTP_CODE=$(echo "$response" | tail -n1)
|
|
echo "$response" | sed '$d'
|
|
}
|
|
|
|
# POST variant with body
|
|
# Usage: mosaic_http_post "/api/v1/endpoint" "Authorization: Bearer $TOKEN" '{"key":"val"}' [base_url]
|
|
mosaic_http_post() {
|
|
local endpoint="$1"
|
|
local auth_header="$2"
|
|
local data="$3"
|
|
local base_url="${4:-}"
|
|
|
|
local response
|
|
response=$(curl -sk -w "\n%{http_code}" -X POST \
|
|
-H "$auth_header" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$data" \
|
|
"${base_url}${endpoint}")
|
|
|
|
MOSAIC_HTTP_CODE=$(echo "$response" | tail -n1)
|
|
echo "$response" | sed '$d'
|
|
}
|
|
|
|
# PATCH variant with body
|
|
mosaic_http_patch() {
|
|
local endpoint="$1"
|
|
local auth_header="$2"
|
|
local data="$3"
|
|
local base_url="${4:-}"
|
|
|
|
local response
|
|
response=$(curl -sk -w "\n%{http_code}" -X PATCH \
|
|
-H "$auth_header" \
|
|
-H "Content-Type: application/json" \
|
|
-d "$data" \
|
|
"${base_url}${endpoint}")
|
|
|
|
MOSAIC_HTTP_CODE=$(echo "$response" | tail -n1)
|
|
echo "$response" | sed '$d'
|
|
}
|