diff --git a/curl-utils/allas-project b/curl-utils/allas-project index 836f33b..4e16c66 100755 --- a/curl-utils/allas-project +++ b/curl-utils/allas-project @@ -1,9 +1,13 @@ #!/usr/bin/env bash -# Usage: source this_script projectname [username] +# Usage: source this_script {-app-credentials | projectname [username]} # Script to get OS_AUTH_TOKEN and OS_STORAGE_URL from Allas for swift applications like python-swiftclient, rclone or curl -# OS_PROJECT_NAME and OS_USERNAME are also saved +# OS_PROJECT_NAME and OS_USERNAME are also saved, except when using -app-credentials option + +# Application credentials option sources the file $HOME/.allas_ac, so expected format is: +# OS_APPLICATION_CREDENTIAL_ID="your application credential id" +# OS_APPLICATION_CREDENTIAL_SECRET="your application credential secret" # This script requires curl # This script needs to be sourced instead of running it @@ -14,6 +18,7 @@ TOKEN_HEADER_RE='^[0-9:]*X-Subject-Token: ' STORAGE_URL_RE='https://a3s.fi:443/swift' STORAGE_URL_INTERFACE_RE='"interface": "public"' STORAGE_URL_SED='s+.*"\(https://a3s.fi:443/swift/[A-Za-z0-9/_]*\)".*+\1+' +APPLICATION_CREDENTIALS_FILE="$HOME/.allas_ac" if [ "$0" != "bash" -a "$0" != "-bash" ]; then echo "In order to be useful this script needs to be sourced instead of running it" >&2 @@ -21,24 +26,43 @@ if [ "$0" != "bash" -a "$0" != "-bash" ]; then fi if [ ! -e "`/usr/bin/which curl 2>/dev/null`" ]; then - echo "curl command is missing" >&2 + echo "error: curl command is missing" >&2 else if [ -z "$1" ]; then - echo "Usage: source $BASH_SOURCE projectname [username]" + echo "Usage: source $BASH_SOURCE {-app-credentials | projectname [username]}" else - export OS_PROJECT_NAME="$1" - export OS_USERNAME="$USER" - if [ -n "$2" ]; then - export OS_USERNAME="$2" - fi + if [ "$1" == '-app-credentials' ]; then + if [ -e "$APPLICATION_CREDENTIALS_FILE" ]; then + os_type="$(uname -s)" + if [ "$os_type" == "Darwin" ]; then + file_perm=$(stat -f "%A" "$APPLICATION_CREDENTIALS_FILE") + else + file_perm=$(stat -c "%a" "$APPLICATION_CREDENTIALS_FILE") + fi + if [ "$file_perm" != '400' -a "$file_perm" != '600' ]; then + echo "warning: check file permissions of \"$APPLICATION_CREDENTIALS_FILE\"" >&2 + fi + source "$APPLICATION_CREDENTIALS_FILE" + else + echo "error: file not found: \"$APPLICATION_CREDENTIALS_FILE\"" >&2 + fi + + OS_AUTH_DATA='{ "auth": { "identity": { "methods": [ "application_credential" ], "application_credential": { "id": "'$OS_APPLICATION_CREDENTIAL_ID'", "secret": "'$OS_APPLICATION_CREDENTIAL_SECRET'" } } } } ' + else + export OS_PROJECT_NAME="$1" + export OS_USERNAME="$USER" + if [ -n "$2" ]; then + export OS_USERNAME="$2" + fi - # get password - echo "Please enter your CSC password to authenticate to Allas for project $OS_PROJECT_NAME as user $OS_USERNAME: " - read -sr OS_PASSWORD_INPUT - OS_PASSWORD="$OS_PASSWORD_INPUT" + # get password + echo "Please enter your CSC password to authenticate to Allas for project $OS_PROJECT_NAME as user $OS_USERNAME: " + read -sr OS_PASSWORD_INPUT + OS_PASSWORD="$OS_PASSWORD_INPUT" - OS_AUTH_DATA='{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "id": "'$OS_USERNAME'", - "password": "'$OS_PASSWORD'" } } }, "scope": { "project": { "domain": { "id": "default" }, "name": "'$OS_PROJECT_NAME'" } } } } ' + OS_AUTH_DATA='{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "id": "'$OS_USERNAME'", + "password": "'$OS_PASSWORD'" } } }, "scope": { "project": { "domain": { "id": "default" }, "name": "'$OS_PROJECT_NAME'" } } } } ' + fi # authenticate and get return values OUT=`curl -sS -X POST -D - -d '@-' -H 'Content-Type: application/json' "$OS_AUTH_URL" 2>&1 <<< "$OS_AUTH_DATA"` diff --git a/swift2s3/allas-swift2s3 b/swift2s3/allas-swift2s3 index 731685d..7be65c3 100755 --- a/swift2s3/allas-swift2s3 +++ b/swift2s3/allas-swift2s3 @@ -39,6 +39,11 @@ DEST_BUCKET="$2" LIST_DIR=$(echo "$3" | sed 's/\/$//') TMP_FILE_DIR=$(echo "$4" | sed 's/\/$//') +if [ "$BUCKET" == "$DEST_BUCKET" ]; then + echo "error: source-bucket and destination-bucket must be different" >&2 + exit 1 +fi + if [ ! -d "$LIST_DIR" ]; then echo "error: directory \"$LIST_DIR\" not found" >&2 exit 1