#!/bin/bash API_TOKEN="" SECRETS="ON" for role in $(vault list auth/lovelace2/role | tail -n+3) ; do echo "" echo "" echo "--- Role : $role ---" echo "" policies=$(vault read -field=policies auth/lovelace2/role/$role | awk '{print substr($0, 2, length($0) - 2)}') sa=$(vault read -field=bound_service_account_names auth/lovelace2/role/$role | awk '{print substr($0, 2, length($0) - 2)}') namespace=$(vault read -field=bound_service_account_namespaces auth/lovelace2/role/$role | awk '{print substr($0, 2, length($0) - 2)}') echo -n "Used by : $namespace/$sa" echo "" for policy in $policies ; do echo "Police : $policy" echo "" if [[ $SECRETS == "ON" ]] ; then echo "Secrets :" echo "" vault policy read $policy | grep ^path | awk '{print $2}' echo "" fi done done for role in $(vault list auth/gitlab/role | tail -n+3) ; do echo "" echo "" echo "--- Role : $role ---" echo "" policies=$(vault read -field=policies auth/gitlab/role/$role | awk '{print substr($0, 2, length($0) - 2)}') claim=$(vault read auth/gitlab/role/$role -format=json | jq -r .data.bound_claims) if [[ $(echo $claim | jq 'has("project_id")') == "true" ]] ; then project_id=$(echo $claim | jq -r .project_id) project_name=$(curl -s -H "Content-Type: application/json" \-H "PRIVATE-TOKEN: $API_TOKEN" https://gitlab.slashroot.fr/api/v4/projects/$project_id | jq -r .path_with_namespace) elif ( echo $claim | jq 'has("project_path")' &> /dev/null ) ; then project_name=$(echo $claim | jq -r .project_path) else project_name="UNKNOWN" fi message="Used by : $project_name" if [[ $(echo $claim | jq 'has("ref_type")') == "true" ]] ; then branche=$(echo $claim | jq -r .ref) message="$message (branch $branche)" fi echo $message echo "" for policy in $policies ; do echo "Police : $policy" echo "" if [[ $SECRETS == "ON" ]] ; then echo "Secrets :" echo "" vault policy read $policy | grep ^path | awk '{print $2}' echo "" fi done done