-
Notifications
You must be signed in to change notification settings - Fork 13
/
check-database-roles.sh
executable file
·48 lines (43 loc) · 1.55 KB
/
check-database-roles.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/bin/bash
# -----------------------------------------------------------------------------
# Script that invokes the database role-manager AWS Lambda function to check
# that the Postgres users were configured properly.
#
# Positional parameters:
# APP_NAME (required) – the name of subdirectory of /infra that holds the
# application's infrastructure code.
# ENVIRONMENT (required) - the name of the application environment (e.g. dev
# staging, prod)
# -----------------------------------------------------------------------------
set -euo pipefail
APP_NAME=$1
ENVIRONMENT=$2
./bin/terraform-init.sh "infra/$APP_NAME/database" "$ENVIRONMENT"
DB_ROLE_MANAGER_FUNCTION_NAME=$(terraform -chdir="infra/$APP_NAME/database" output -raw role_manager_function_name)
echo "======================="
echo "Checking database roles"
echo "======================="
echo "Input parameters"
echo " APP_NAME=$APP_NAME"
echo " ENVIRONMENT=$ENVIRONMENT"
echo
echo "Invoking Lambda function: $DB_ROLE_MANAGER_FUNCTION_NAME"
echo
CLI_RESPONSE=$(aws lambda invoke \
--function-name "$DB_ROLE_MANAGER_FUNCTION_NAME" \
--no-cli-pager \
--log-type Tail \
--payload "$(echo -n '"check"' | base64)" \
--output json \
response.json)
# Print logs out (they are returned base64 encoded)
echo "$CLI_RESPONSE" | jq -r '.LogResult' | base64 --decode
echo
echo "Lambda function response:"
cat response.json
rm response.json
# Exit with nonzero status if function failed
FUNCTION_ERROR=$(echo "$CLI_RESPONSE" | jq -r '.FunctionError')
if [ "$FUNCTION_ERROR" != "null" ]; then
exit 1
fi